Privacy Policy

How FirstPost.io collects, uses, and protects your personal data.

Last updated: April 2026  ·  Effective date: April 2026  ·  Questions? privacy@firstpost.io

FirstPost.io ("FirstPost", "we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under UK GDPR and the UK Data Protection Act 2018.

Please read this policy carefully before using our website or subscribing to our service. By using FirstPost.io, you confirm that you have read and understood this policy.

1. Who we are

FirstPost.io is operated by a sole trader registered in the United Kingdom, trading as FirstPost. We are a data controller for the personal data you provide when creating an account or using our service. For data enquiries, contact us at privacy@firstpost.io.

2. Data we collect

2.1 Account and identity data

  • Your first and last name
  • Your email address
  • Your password (stored as an irreversible cryptographic hash — we never store plain-text passwords)
  • Account creation date and last login timestamp

2.2 CV / résumé data

Uploading a CV is optional but recommended. If you upload one, we store the file securely on encrypted AWS S3 infrastructure. Your CV is used solely to configure your job alert keyword filters and is never shared with any third party, including the companies whose career pages we monitor.

2.3 Preferences and configuration data

  • Target job titles, industries, and seniority levels
  • Work arrangement preferences (remote, hybrid, on-site)
  • Location preferences
  • Exclusion keywords and alert schedule settings
  • Company lists and preference change history

2.4 Payment data

Payments are processed exclusively by Stripe, Inc. We do not store your card number, expiry date, or CVV. We receive from Stripe only: your Stripe Customer ID, subscription status, plan name, billing cycle, and next billing date. See Stripe's Privacy Policy at stripe.com/privacy.

2.5 Communications data

  • Messages sent via the contact form
  • Email correspondence with our support team
  • Consent to receive marketing communications (if provided)

2.6 Technical and usage data

  • IP address and approximate geolocation
  • Browser type and version
  • Pages visited and features used on firstpost.io
  • Date and time of access
  • Referring URL

2.7 Cookies

We use the following types of cookies on firstpost.io:

  • Strictly necessary: Session cookies required to keep you logged in and maintain security. These cannot be disabled.
  • Analytics: We use Google Analytics to understand how visitors interact with our site (pages viewed, traffic sources). Analytics cookies are only placed with your consent, obtained via our cookie consent banner.
  • Advertising: We may display third-party advertisements on firstpost.io. Advertising partners may place cookies to serve relevant ads and measure campaign performance. These are only placed with your consent. You can withdraw consent at any time via the cookie settings in our footer.

For a full list of cookies we use, visit our cookie settings page. You can also manage cookies via your browser settings.

3. Why we collect your data (legal basis)

  • Contract performance (Article 6(1)(b) UK GDPR): We process your account data, preferences, and payment data to provide the personalised job alert service you've subscribed to.
  • Legitimate interests (Article 6(1)(f) UK GDPR): We process technical and usage data to improve our service, maintain security, and detect fraud. We have assessed that our legitimate interests are not overridden by your rights.
  • Consent (Article 6(1)(a) UK GDPR): We process your data for marketing communications and non-essential cookies only with your explicit consent. You can withdraw consent at any time.
  • Legal obligation (Article 6(1)(c) UK GDPR): We may process data where required by law, including tax obligations relating to subscription payments.

4. How we use your data

  • To create and manage your account
  • To configure and run your personalised job alert feed
  • To send your daily job alert email digests
  • To process subscription payments and manage billing
  • To respond to support enquiries
  • To send service-related communications (subscription confirmations, payment receipts, preference update confirmations)
  • To send marketing communications, where you have consented
  • To improve our service through aggregated, anonymised usage analysis
  • To display advertising on firstpost.io (with your consent where required)
  • To comply with legal and regulatory obligations

5. Who we share your data with

We do not sell your personal data. We share data only with the following trusted service providers, under contractual data processing agreements:

  • Stripe, Inc. — payment processing and subscription management
  • Amazon Web Services (AWS) — cloud infrastructure, database storage, and file storage (CV uploads). Data is stored in EU/UK AWS regions.
  • Google Analytics — anonymised website analytics (with your consent)
  • Advertising partners — where you have consented to advertising cookies, our advertising partners may process data in accordance with their own privacy policies

We may also disclose data to law enforcement or regulatory authorities where required by law.

6. International data transfers

Some of our service providers (including Stripe and AWS) may process data outside the UK or EEA. Where this occurs, we ensure adequate safeguards are in place under UK GDPR, including the use of the UK's International Data Transfer Agreement (IDTA) or Standard Contractual Clauses.

7. How long we keep your data

  • Account and preferences data: Retained for the duration of your subscription and for 2 years thereafter, to allow account reactivation and comply with financial record-keeping obligations.
  • CV data: Retained until you delete it, cancel your subscription, or request deletion. Automatically deleted 90 days after account closure.
  • Payment records: Retained for 7 years as required by UK tax law.
  • Support communications: Retained for 3 years.
  • Analytics data: Anonymised/aggregated data may be retained indefinitely. Individual session data is retained per Google Analytics' standard retention settings (26 months by default).
  • Cookies: Session cookies expire when you close your browser. Persistent cookies expire per their individual expiry dates, typically 12–24 months.

8. Your rights under UK GDPR

You have the following rights regarding your personal data. To exercise any of these rights, email privacy@firstpost.io. We will respond within 30 days.

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data. You can update most data directly in your account dashboard.
  • Right to erasure ("right to be forgotten"): Request deletion of your data. Note that some data may be retained to comply with legal obligations.
  • Right to restriction: Request that we restrict processing of your data in certain circumstances.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

9. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration. These include: TLS encryption in transit, AES-256 encryption at rest for all stored data including CVs, access controls and authentication on all systems, and regular security reviews. However, no method of transmission over the internet is completely secure. We will notify affected users and the ICO without undue delay in the event of a data breach that poses a risk to your rights.

10. Children

FirstPost.io is intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with data, please contact us immediately at privacy@firstpost.io.

11. Third-party links

FirstPost.io may contain links to third-party websites, including the company career pages we monitor and advertising links. We are not responsible for the privacy practices of those websites and recommend you review their individual privacy policies.

12. Advertising

FirstPost.io displays third-party advertisements. Advertising is served by our advertising partners, who may use cookies and similar tracking technologies to display relevant ads based on your interests. Advertising data is processed under your consent and in accordance with our cookie policy. Advertising revenue is used to fund the development and maintenance of this service. We do not allow advertisers to access your job preferences, CV, or subscription data.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on firstpost.io at least 14 days before the changes take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

14. Contact

For any questions, concerns, or requests relating to this Privacy Policy or your personal data: