Privacy Policy
1. Introduction
PathExplorer ("PathExplorer," "we," "our," or "us") is a job listing aggregation and discovery service available at https://pathexplorer.app/. We are committed to protecting your privacy, and we have built PathExplorer to collect as little personal data as possible.
This Privacy Policy explains what information is - and is not - processed when you use PathExplorer, the legal basis for that processing under the EU General Data Protection Regulation (GDPR), and the rights available to you.
- There are no user accounts, no logins, no registration, and no email sign-ups on PathExplorer.
- We do not sell data, run advertising, or build user profiles.
- We do not accept or store job applications - clicking "Apply" sends you directly to the original source platform.
- The only data our application writes to its own database about your activity is an anonymous record of search terms, which is not linked to you or to any identifier.
1.1 Data Controller
The data controller responsible for any personal data processed through PathExplorer is:
- Company Name: Selenthir Sp. z o.o.
- Registered Office: Tysiąclecia 35 / 41, 41-303 Dąbrowa Górnicza, Poland
- VAT ID (NIP): PL6292521423
- KRS Number: 0001227518
- Contact: [email protected]
PathExplorer is a product owned and operated by Selenthir Sp. z o.o. All references to "we," "our," or "us" in this Privacy Policy refer to Selenthir Sp. z o.o.
2. What PathExplorer Is
PathExplorer ingests publicly available job listings on a schedule from third-party job APIs, normalises and stores them, and presents them through a searchable web interface together with aggregate market-trend charts. PathExplorer does not employ recruiters, post original listings, accept applications, or act as an intermediary between job seekers and employers.
Because there is no account system and no transaction, the personal-data surface of PathExplorer is intentionally minimal. The sections below describe everything that is processed.
3. Data We Collect
3.1 Anonymous Search Logs
When you run a search (a keyword and/or a location filter), we write the following to our search_queries database table:
| Field | What it contains |
|---|---|
| Search keyword | The free-text term you typed (e.g. "react developer") |
| Location filter | The free-text location you typed (e.g. "Warsaw") |
| Result count | The number of listings returned |
| Timestamp | The server time of the search |
We do not store, alongside these records, your IP address, user agent, session identifier, device ID, browser fingerprint, or any other identifier that could link a search to a specific individual. The records are not joined to any other dataset that would make them identifying.
Purpose: Understanding which job categories and locations are searched most often, to improve the listings we surface and the market-trend data we publish. This is aggregate product analytics - it is not user profiling.
Legal basis: We treat these records as non-personal data, since they cannot reasonably be linked to an identifiable person. To the extent any individual search could be considered personal data, we process it under legitimate interest (Article 6(1)(f) GDPR).
3.2 Apply-Click Redirects
When you click "View role", you are sent through an internal redirect endpoint (/go/[jobId]) that looks up the original listing's apply URL, appends attribution parameters, and issues an HTTP 302 redirect to the external apply URL on the source platform.
We log nothing about this click. No click event is written to our database. Your IP address and browser details are sent directly from your browser to the destination platform. Once you arrive on the destination platform, that platform's own privacy policy governs your data.
3.3 Server and Infrastructure Logs
Like any website, the infrastructure that serves PathExplorer automatically generates technical access logs that may contain your IP address, the time of the request, the path requested, and your browser's user-agent string. These are generated and held at the infrastructure level by our hosting and network providers - PathExplorer does not copy them into its own application database.
- Purpose: Operating the service, ensuring availability, security, abuse prevention, and protection against attacks.
- Legal basis: Legitimate interest (Article 6(1)(f) GDPR) in delivering a secure, available service.
3.4 Cookies and Analytics
PathExplorer's own application sets no first-party tracking or advertising cookies. We do not operate any in-house analytics, retargeting pixels, or fingerprinting.
- Consent management (CookieYes): We use CookieYes to present a cookie-consent banner and to remember your choices. This cookie is strictly necessary to honour your consent decision.
- Analytics (Google Analytics): Set only after you grant consent through the CookieYes banner. Used for aggregate traffic patterns only - not to identify you personally.
- Infrastructure cookies: Our hosting and network providers (Vercel, Cloudflare) may set strictly necessary functional or security cookies.
The authoritative, up-to-date list of cookies actually in use is presented in the cookie-consent banner on the website.
4. Legal Bases - Summary
| Data | Purpose | GDPR Legal Basis |
|---|---|---|
| Anonymous search logs | Product and market-trend analytics | Legitimate interest - Art. 6(1)(f) |
| Infrastructure / server logs (incl. IP) | Service delivery, security, abuse prevention | Legitimate interest - Art. 6(1)(f) |
| Consent & security/functional cookies | Honouring consent; operating the service securely | Legitimate interest - Art. 6(1)(f) (strictly necessary) |
| Analytics cookies (Google Analytics) | Aggregate traffic measurement | Consent - Art. 6(1)(a) |
5. Third-Party Services and Sub-Processors
We rely on the following third parties to operate PathExplorer. Where they process any personal data, they do so as our processors or under their own controller responsibilities as described in their policies.
| Service | Role | Personal data involved | Location |
|---|---|---|---|
| Vercel | Application hosting | Infrastructure access logs (IP, user agent) | EU region (incorporated in USA) |
| Cloudflare | DNS, WAF, network security | Edge request data for security filtering | Global edge (incorporated in USA) |
| Neon | PostgreSQL database hosting | Application data incl. anonymous search logs - no end-user identifiers | EU region (incorporated in USA) |
| Upstash | Redis cache / rate limiting | Caching and rate-limit counters - no end-user identifiers | EU region (incorporated in USA) |
| Google Analytics | Aggregate web analytics (consent-gated) | Analytics cookie data, approximate region | USA |
| CookieYes | Cookie-consent management | Consent preferences | EU |
Upstream job data sources. PathExplorer ingests listings from Adzuna, Jooble, Arbeitnow, Remotive, and Jobicy. This ingestion is server-to-server and does not send any of your personal data to these sources.
6. International Data Transfers
Our database (Neon), cache (Upstash), and application hosting (Vercel) are configured to store and process data on infrastructure located within the European Union (EU/EEA).
However, several providers are companies incorporated in the United States. To the extent that any such provider could access data from outside the EEA, that transfer is governed by the European Commission's Standard Contractual Clauses (SCCs) incorporated into the providers' data processing agreements.
7. Data Retention
| Data | Retention |
|---|---|
| Anonymous search logs | Retained indefinitely (see note below) |
| Infrastructure / server logs | Per the retention windows of our hosting and network providers |
| Consent cookie (CookieYes) | Up to 1 year, or until you clear it / change your choice |
| Analytics cookie data (Google Analytics) | Per Google Analytics' configured retention |
8. Your Rights
Under the GDPR you have the rights listed below. Please note an important practical limitation: because PathExplorer holds no account, email address, or identifier that links data to you, we are generally unable to locate or single out data about a specific individual. Under Article 11(2) GDPR, where we cannot identify you from the data we hold, certain rights may not be exercisable.
- Right of access (Art. 15) - request a copy of any personal data we hold about you.
- Right to rectification (Art. 16) - request correction of inaccurate personal data.
- Right to erasure (Art. 17) - request deletion of your personal data.
- Right to restriction (Art. 18) - request that we limit processing in certain circumstances.
- Right to data portability (Art. 20) - receive your data in a machine-readable format.
- Right to object (Art. 21) - object to processing based on legitimate interest.
- Right to withdraw consent - where processing relies on consent (analytics cookies), withdraw it at any time via the cookie banner.
How to exercise your rights: Contact us at [email protected]. We will respond within 30 days.
Right to lodge a complaint: You may complain to the Polish supervisory authority: Urząd Ochrony Danych Osobowych (UODO) - ul. Stanisława Moniuszki 1A, 00-014 Warszawa, Poland - https://uodo.gov.pl/
9. Data Security
We apply appropriate technical and organisational measures to protect data, including:
- Encryption in transit - all traffic is served over HTTPS (TLS).
- Encryption at rest - our database provider encrypts stored data.
- Network protection - DNS, WAF, and edge security via Cloudflare.
- Minimal data surface - we collect no account data, no payment data, and no end-user identifiers.
- Access controls - administrative access to infrastructure is restricted to authorised personnel.
10. Children
PathExplorer is a general-audience job-discovery service and is not directed at children. We do not knowingly process personal data of children under the age of 16.
11. The Public API (B2B)
PathExplorer exposes a read-only, versioned API (/api/v1/*) consumed server-to-server by our partner product, CareerSeeker, under a pre-shared credential. This API returns only normalised, non-personal job-listing data. No end-user personal data is transmitted through it. This API is not available to general users.
12. Updates to This Policy
We may update this Privacy Policy to reflect changes in our practices, our infrastructure, or legal requirements. Changes are posted on this page with an updated effective date. For material changes affecting how we process personal data, we will provide prominent notice (such as a banner) before they take effect.
13. Contact Us
For any privacy-related question or to exercise your rights, contact us at [email protected].