Privacy & Data Protection

Privacy Policy

We are committed to protecting your personal data. This policy explains what we collect and why.

Effective: June 1, 2025GDPR compliantAPPI compliant (Japan)We never sell your data

1.Data Controller

RemotePool Pte. Ltd., registered in Singapore, is the data controller for personal data processed through the platform. For Japan-resident users, RemotePool acts as the business operator under APPI.

Contact: privacy@remotepool.jp

2.Data We Collect

We collect the following categories of personal data:

Category	Examples	Source
Account data	Name, email, password (hashed), profile photo	You provide at registration
Professional data	Work history, skills, JLPT level, certifications, salary expectations	You provide in your profile
Identity & KYC	Government ID, address, bank account details	You provide for payroll / KYC
Usage data	Pages visited, features used, timestamps, IP address	Collected automatically
Communications	Messages sent through the platform, support emails	Generated during use
Payment data	Billing address, last 4 digits; full card data handled by Stripe	You provide at checkout

3.Legal Basis for Processing (GDPR)

Contract performance

Processing required to deliver the Service

Legitimate interests

Fraud prevention, security, platform improvement

Legal obligation

Tax records, employment law compliance

Consent

Marketing emails, non-essential cookies (withdrawable any time)

4.Third-Party Sharing

We share personal data only with trusted service providers. We never sell your data.

Stripe — Payment processing (PCI-DSS compliant)

AWS / Vercel — Infrastructure and hosting

SendGrid / Resend — Transactional email delivery

OpenAI / Google AI — AI-powered matching (data not used to train models)

GitHub / Google — OAuth login only — no data transferred beyond authentication

Client companies — Only profile data you have explicitly made visible

5.Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account deletion we retain data for up to 7 years to comply with tax and employment law, then delete or anonymise it.

6.Your Rights

Depending on your jurisdiction you have the following rights:

Access

Request a copy of the personal data we hold about you

Correct

Fix inaccurate or incomplete data

Erase

Request deletion of your data (right to be forgotten)

Restrict

Limit how we process your data

Portability

Receive your data in a machine-readable format (GDPR)

Withdraw consent

Opt out of consent-based processing at any time

To exercise any right, email privacy@remotepool.jp. We respond within 30 days.

7.Security

TLS encryption in transit

AES-256 encryption at rest for sensitive fields

Bcrypt hashing for passwords

Role-based access controls (RBAC)

Audit logging of all admin actions

72-hour breach notification to authorities

Privacy enquiries

Email us at privacy@remotepool.jp — we respond within 30 days.