Privacy Policy

Privacy Policy

Last updated: 2025-07-28

Your privacy is important to us. This Privacy Policy explains what data we collect from you and why, how we handle and protect that data, and your rights regarding your data. We never sell your personal data – never have, never will. We only use your data in ways that you would reasonably expect in the context of using our Services, as described below.

What we collect and why

Our guiding principle is to collect only what we need to provide and improve the Services for you. Here’s what that means in practice:

Identity & Access Information

  • When you sign up for a Remotly service (for example, when you create an account to post a job, or subscribe to our job update emails), we ask for basic identifying information such as your name and email address. We might also ask for a company name if you are registering on behalf of an organization (e.g., posting a job listing as an employer). This information is used so that you can personalize your account and so we can communicate with you (for instance, sending confirmation emails, important updates, or invoices/receipts for any paid services). In some cases, we may allow you to add a profile picture to your account, but that is completely optional and for your convenience (we don’t typically access or use profile pictures internally).
  • If you subscribe to our job update newsletter on Remotly, we will collect your email address (and perhaps your name, if provided) to send you regular job alerts or updates. Similarly, if you subscribe to our Remotly Blog (which is hosted on Substack), you will provide your email to Substack’s system. In the latter case, Substack shares your email with us so that we know our subscriber list, but the data is primarily stored and managed by the Substack platform on our behalf. (See “Third-Party Providers” and “Website Interactions” below for more on Substack.) We will not use your email from either subscription for any purpose other than sending you the updates you requested. You can unsubscribe at any time, and we’ll honor all unsubscribe requests promptly.
  • We’ll never sell your personal info to third parties, and we won’t use your name or company in marketing materials without your permission. The only instance where we might disclose you as a user is, for example, listing your company as a customer (which we would only do with consent, if at all). Internally, we may reference your name or company to provide you support or improve service, but externally your privacy is respected.

Billing Information

  • If you pay for a Remotly service (for example, if we introduce premium job listings or other paid features), we will collect billing details necessary to process that transaction. This includes your credit card information and billing address. However, we do not directly handle or store full credit card numbers on our servers. Your credit card details are passed securely to our payment processor (e.g., Stripe or a similar trusted payment gateway) and never touch our servers in plain text. We only store a record of the transaction (e.g., the last 4 digits of your card, card type, and the billing address you provided) for reference, receipts, and to handle billing inquiries or refunds.
  • We use your billing address to calculate any relevant taxes (for instance, sales tax in the US or VAT in the EU, if applicable) and to include the correct details on your invoices. We might also use it to detect suspicious or fraudulent card use (for example, if the address appears to not match the card’s issuing country, we might ask for verification).
  • All invoices or billing emails we send you will contain only the necessary information and our contact details. If auditors (e.g., tax authorities) require information for legitimate audits, we share only the minimum billing info needed to comply (such as invoice records).

Geolocation Data and Access Logs

  • Like most online services, we automatically log access to our applications by recording the IP address used for each login or significant account action. We do this to help secure your account and verify that no unauthorized access has occurred. For example, if we detect logins from an unusual IP or location, we may alert you or temporarily block access pending verification. We keep login IP logs for as long as your account is active, as they form an important part of our security audit trail.
  • When a new account is created, we also log the full IP address used during sign-up. We retain sign-up IP addresses indefinitely for security purposes (such as combating spam or fake accounts). This helps us detect and block sign-ups from known malicious IP ranges or to investigate breaches.
  • Location Information: Aside from IP addresses, we do not specifically collect your GPS or precise location. However, IP addresses can indicate a rough geographical region. We use this only for security and analytics as described (e.g., to understand where our users are generally located city/country-wise, which helps with decisions like server placement or support hours). If we ever introduced features that use precise location (highly unlikely for a job board), we would ask your permission explicitly.

Website Interactions & Analytics

  • When you browse our website (including our marketing pages, job listings, and web application pages), your browser automatically shares certain information with us. This includes the type of browser you’re using, your device operating system, your screen size, the page you requested, and the page that referred you (if any) to our site. We collect this information for analytics and to improve our Services. For example, knowing which pages are most visited or how users navigate our site helps us optimize the user experience.
  • We track how our pages perform (page load times, errors) and which pages are visited in a session. Sometimes we track link clicks or button clicks to see what features users find most useful (for instance, tracking how many people click “Apply” on job listings). These web analytics data may be temporarily tied to things like IP address or a unique user ID in cookies, especially if you are logged in, but generally analytics are looked at in aggregate (e.g., total page views, conversion rates) rather than at an individual user level.
  • Google Analytics and Other Analytics Tools: We use third-party analytics tools, primarily Google Analytics, to understand our audience and improve the site. Google Analytics uses cookies and similar technologies to collect information about usage of our website. This includes data such as your IP address (which Google may truncate or anonymize in EU regions), browser type, pages visited, time spent, and other usage statistics. We use these analytics to see things like which job categories are most popular or which marketing campaigns bring users to Remotly. Because Google Analytics may collect personal data (like online identifiers), we obtain user consent for analytics cookies where required by law (for example, for users in the EU/EEA, see “Cookies” below). We do not send Google any directly identifying personal info (like your name or email). Google Analytics also provides us only aggregated reports; we do not get individual profiles of users from it. (Nonetheless, because analytics cookies track individuals over time, consent is needed in many jurisdictions). If you prefer not to be tracked by Google Analytics at all, you can use Google’s opt-out browser add-on.
  • In addition to Google Analytics, we may use other analytics or SEO tools like Ahrefs to gauge our website’s performance (for example, monitoring inbound traffic or SEO rankings). These tools primarily use data collected from web crawlers or aggregated sources, not personal data from our users. In cases where we use any tool that might set a cookie or track user behavior, we will include it in our Cookies consent management. Our goal is to know how our site is doing without compromising your privacy.
  • Blog (Substack) Interactions: Our blog is hosted on Substack (accessible at blog.remotlyjobs.com). If you visit the blog, Substack may collect analytics data on those interactions (similar to any website, e.g., page views, referrals, etc.). Substack might also place its own cookies for analytics or functional purposes. These would be covered under Substack’s own privacy policy. We receive aggregate information from Substack about our blog traffic (like number of subscribers, views), but we do not get every detail of your blog reading habits beyond what Substack provides. If you subscribe to the blog, as noted, we will know your email/address as a subscriber, but we do not track your activity beyond standard email open/click rates that any newsletter provides.

Anti-bot and Spam Measures

  • We use CAPTCHA and similar technologies on certain forms (like sign-ups, logins, or job submission forms) to prevent bots and spam. For example, we might use Google reCAPTCHA or a similar service. These services analyze your interactions (e.g., mouse movements, typing patterns) and other data (like IP address) to determine if you are likely a humanr. This data is used by the CAPTCHA provider (Google, in the case of reCAPTCHA) to provide us a risk score or challenge. We implement CAPTCHA under our legitimate interest to protect our platform from abuse, and also to protect the broader community from credential-stuffing attacks. The information collected by CAPTCHA providers is not used by Remotly for any other purpose; however, such third-party providers may have their own privacy policies (for Google reCAPTCHA, Google’s Privacy Policy and Terms apply). We retain CAPTCHA-related data (like the fact that a certain account passed/failed a CAPTCHA at a given time) indefinitely in our logs, as part of our security and anti-spam records. This helps us in case we need to investigate a wave of spam sign-ups or attacks.

Cookies and Do Not Track

Cookies are small text files stored on your browser by websites. We use cookies for a few reasons:

  • Essential Cookies: We use some first-party cookies to remember your preferences and settings. For instance, if you log into an account, a session cookie keeps you logged in as you navigate. If you set preferences (like filtering jobs by category or dismissing a notification banner), a cookie might remember that so you don’t have to repeat actions. These cookies are required for basic functionality and user experience.
  • Analytics Cookies: As noted under “Website Interactions,” we use analytics tools that set cookies. For example, Google Analytics sets cookies (_ga, _gid, etc.) to distinguish users and throttle requests. These cookies help us count unique visitors and understand usage patterns. They do not store personally identifiable information like names or emails, but they do assign an anonymous ID to your browser. We treat these as non-essential cookies in regions where that distinction is legally relevant. That means if you’re in the EU/UK (or another jurisdiction with similar laws), we will request your consent before enabling these analytics cookies. If you opt out or decline, we will do our best to ensure Google Analytics is not activated and no such cookies are placed. (Our cookie consent tool will handle this logic.)
  • Marketing and Referral Cookies: We partner with Google and possibly other platforms for marketing analytics. For example, if you come to Remotly via a Google advertisement, Google might drop a cookie to help us see that our ad led you to our site. This helps us measure ad effectiveness (e.g., did our Google Ads result in sign-ups). These advertising-related cookies (often from Google Ads or similar) would also fall under non-essential cookies that require consent in jurisdictions like the EU. We currently do not show third-party banner ads on our site, so we don’t use ad tracking cookies for serving ads; our use is limited to tracking referrals/attributions for our own advertising campaigns.
  • Third-Party Cookies on our Site: Aside from Google, if we embed content or integrate services, those might set cookies. For example, if we embedded a YouTube video or a social media share button, those services might set cookies. In general, our site is simple and primarily text, so this is minimal. Our blog (Substack) is on a subdomain and run by Substack – if you visit the blog, Substack’s platform will handle cookies on that subdomain under their policies (for instance, Substack may use cookies for login if you have a Substack account, or to remember your subscription status).

You can adjust your browser settings to refuse cookies or delete them. However, be aware that some features of our Services might not function properly without cookies (for instance, you might not be able to stay logged in). To learn more about cookies and how to manage or delete them, you can visit AllAboutCookies.org. We also honor cookie consent choices: if you decline optional cookies on our site’s consent banner, we will not set or will disable those cookies.

Do Not Track: “Do Not Track” (DNT) is a setting in some web browsers that requests that a web application disable its tracking of an individual user. At this time, our sites and applications do not respond to DNT signals. This is because there is no standard, regulated way to interpret DNT signals in a manner that is consistent across all users and third parties. We instead provide you with direct control over tracking by offering cookie consent choices. If a unified DNT standard emerges, we will consider supporting it.

Voluntary Correspondence

  • If you contact us via email, support form, or other channels (for example, emailing our support team or filling out a contact form on the site), we keep that communication. This includes your email address and any other info you provide in your message. We retain correspondence history so we can refer to it if you reach out again, ensuring continuity in our support. It also helps us improve; for instance, if multiple people ask the same question, we might create an FAQ. We keep these communications secure and only accessible to our team.
  • If you fill out optional surveys or participate in user research with us, we will collect whatever information you provide (feedback, ratings, etc.). Sometimes we might ask for your permission to record an interview or call (for example, a feedback Zoom session), but we will only do so with your explicit consent and for the purposes you agree to. Any recordings would be used internally to capture feedback accurately, and deleted when no longer needed.

Information We Do Not Collect

  • We do not collect sensitive personal characteristics like your race, ethnicity, sexual orientation, religious beliefs, or health information, unless you volunteer it. For example, we will never require you to specify your gender or any demographic attribute to use our job board. If you choose to volunteer such information (perhaps in a support email or in a profile bio), that’s up to you, but we have no use for that data in our system. It’s not part of our analytics or any processing. Similarly, we do not collect information about your political opinions or union memberships.
  • We do not collect biometric data. There is no feature on Remotly that would ask for something like fingerprints, facial recognition, or voice prints. If you upload a profile picture or a company logo, we store the image file but do not extract any biometric identifiers from it. Profile pictures are simply stored and displayed; they are not analyzed by us.
  • We do not intentionally collect information from children. Our Services are not directed to children under 16 (or under 13, in jurisdictions like the U.S.) and we do not knowingly collect personal data from anyone under the age of 16. If we discover we have inadvertently collected personal information from a child, we will delete it. (For example, if a 14-year-old tries to subscribe to our job updates, we would remove that email from our list and not send further emails.)
  • We avoid collecting any data that isn’t necessary. For instance, we don’t ask for your social security number, national ID, or driver’s license number, because we have no reason for such data in a job listing service. Please do not provide us any sensitive personal identifiers or financial info beyond what’s required for payment through our secure form. If someone posing as Remotly ever asks you for such information, assume it’s a scam and inform us.

How we handle & share your information (and when we don’t)

Our default practice is not to access or share your personal information, except in the limited circumstances described below. We do not monetize your personal data, no selling, no sharing for advertising purposes, etc. We use your information to serve you and that’s it. Here are the cases where we might access or share data:

  • Providing the Service: We will access and use your information as needed to deliver the Services you’ve signed up for. For example, if you create a job post, our system will use the details you provided to publish it on the site and send notifications to subscribers. If you subscribe to emails, we will use your email address to send the newsletters or alerts. In technical terms, our processors (servers) will process your data, but no human is specifically reading your information unless necessary for support or legal reasons as outlined.
  • Third-Party Subprocessors: We use some third-party companies to run our application and services. These include hosting providers, cloud services, email delivery services, analytics providers, etc. In doing so, we entrust some of your data to these subprocessors, but strictly for the purposes of providing the service. For example: our web servers and databases are hosted by Job Boardly’s infrastructure in the U.S., so technically your data resides on their cloud servers. We have agreements in place to ensure they only process data under our instructions and in compliance with privacy laws. Other examples: if we use SendGrid or another SMTP service to send bulk emails, your email address and the content of the email will pass through that service. If we use a payment processor, your billing info passes through them. We list some key third-party services below:
    • Job Boardly (Infrastructure): Hosts our platform and database. They act as a data processor for all the data in our system.
    • Payment Processor: (e.g., Stripe) Processes payments securely. They will handle your credit card and payment transactions. We share with them the charge amount, your card info, name, and billing details as needed to process payment. They in turn provide us confirmations and partial info (like last4 of card) for our records.
    • Email Service: We may use a service to send out emails (transactional emails like confirmation messages or marketing emails like job alerts). That means your email address and the email content is sent to that service to execute the mailing. We ensure any such provider is reputable and secures your data.
    • Analytics Providers: As noted, we use Google Analytics on our main site. Google acts as a data processor in that sense, collecting usage data on our behalf. Google’s role is governed by their Analytics terms which include data protection commitments. We have configured Analytics to respect certain privacy safeguards (and you can opt out via cookie settings). We may use Ahrefs or similar SEO tools, which might involve giving them access to our Google Analytics or our site’s public data for analysis purposes.
    • Substack (Blog platform): When you interact with our blog, Substack is essentially processing that data. If you subscribe to the blog, your email is stored in Substack’s system. Substack provides us with subscriber management and email delivery for the blog newsletter. In this sense, Substack is a data processor for the blog subscriber data. They have their own privacy commitments, and we trust them as a well-known provider. We can access our subscriber list and analytics on Substack’s admin interface, but again, we treat that data with care and use it only for sending the blog updates or analyzing engagement.
    • Support Tools: If we use any customer support software (for instance, a helpdesk or chat widget), that tool might process your communications with us. We would choose a provider with strong security and privacy standards, and any data in such a system would only be used to handle support interactions.
    In all cases with subprocessors, no Remotly human looks at your data unless it’s necessary for the scenarios described previously (support, troubleshooting, etc.). Technology and automation handle the vast majority of data processing.
  • With Your Permission: If there is ever a reason we need to access or share your information for any purpose outside of operating the Service as described, we will ask for your explicit permission. For example, if we wanted to use a testimonial you gave us that includes your name or photo, we’d ask you first. Or if a partner company wanted to offer you a discount and we thought it was beneficial, we would ask before sharing your email with them (this is a hypothetical; we currently have no such arrangements).
  • Support & Debugging: As mentioned under Account Terms, on rare occasions we might need to directly access your account data to assist you (with your consent) or to fix a technical issue. For instance, if you report that a job listing you edited isn’t displaying correctly, we might look at the data in our database for that listing to identify the problem. Our team is trained to limit the scope of what they access and to avoid viewing personal data unless absolutely necessary. We log administrator access to accounts for security.
  • Restricted Uses – Prevention/Investigation: If we have a strong reason to believe you are using Remotly for a restricted or prohibited purpose (such as posting spam jobs, conducting scams, harassment, or other abuses), we reserve the right to investigate. That may involve accessing certain data in your account to gather facts (for example, checking what job posts were made, reviewing messages sent via our platform if any, etc.). This would be done to protect our users and stop harmful activity. If appropriate, we may suspend or terminate accounts engaged in abuse and, if necessary, report the misconduct to relevant authorities. We do not take this lightly – we value privacy and will only intrude upon user data in extreme cases where the harm or legal violation is clear. We have an obligation to protect both our customers and those who might be affected by misuse of our platform. If we do find evidence of abuse, we will take action which could include removing content, banning the user, and in some cases, reporting to law enforcement (for example, if we find postings related to human trafficking or fraud).
  • Legal Requirements: We may disclose your information if required to comply with law or a legally binding order. “Required by law” typically means we’ve received a valid subpoena, warrant, court order, or similar legal mandate. Before we comply, we will ensure the request is legitimate and not overreaching. As described in the Terms of Service, since our data is stored in the United States via Job Boardly, a request from U.S. authorities must follow U.S. legal procedures (e.g. a warrant for content). If a request comes from outside the U.S., we will generally insist it goes through proper international legal channels (such as a Mutual Legal Assistance Treaty) to be honored. One exception: as a Singapore company, if we receive a lawful directive under Singapore law (such as a notice from the PDPC or a court order), we may have to comply – in practice, since data is abroad, this might involve coordinating with our U.S. hosting provider via those channels anyway. In any case, our stance is to protect user privacy and resist unlawful or broad data demands. We have never received any national security letters or foreign surveillance orders as of this policy update. If we ever do, and are allowed to disclose it, we will include it in a transparency report.
    • If we are asked to preserve data (e.g., a law enforcement agency asks us to preserve records while they get a court order), we will do so only if the request is properly issued under the relevant law (in the U.S., this would be under 18 U.S.C. Section 2703(f)). We’ll preserve the specified data temporarily, and if no follow-up legal order is provided in time, we will release the preserved data back to its normal state (or delete the preserved copy). We won’t hand it over unless the proper order arrives. And we will not keep preserved data beyond the legal requirement.
    • We will notify affected users about legal demands unless we are legally barred from doing so. For example, some subpoenas come with a gag order preventing notification. Barring that, if your data is sought by a third party, we’ll let you know so you can object if you want.
    • If we ever receive an informal request for information (say, a government official asking without proper paperwork, or even a private litigant with just a letter), we do not cooperate. We require formal due process.
    • In the event of an audit by a tax authority or similar, if we have to share billing information (for instance to validate our finances), we’ll share the bare minimum (likely just invoice records, which contain your company name, billing address, and transaction amounts).
  • Business Transfers: If Remotly (the company) is involved in a merger, acquisition, or asset sale, or in the unlikely event of bankruptcy, your data could be transferred to another entity as part of that transaction. If that happens, we will ensure the successor honors the commitments we’ve made in this policy or we will notify you and give you an opportunity to delete your data or opt out of the transfer if applicable. Our intention is to never “sell” user data as a standalone asset; any transfer would only occur as part of you continuing to receive the Services under a new owner/operator, and the same privacy protections would continue to apply.

International Data Use and Transfers

Remotly is based in Singapore, but our platform is powered by servers located in the United States (via Job Boardly). When you use Remotly from outside of the U.S., your personal data is therefore transmitted to and stored in the U.S. jurisdictions. The U.S. may not have the same data protection laws as your home country, but we take steps to ensure appropriate safeguards. For example, our contract with Job Boardly includes standard data protection clauses. By using our Services, you understand that your information will be transferred to the U.S. and processed there. We also comply with Singapore’s Personal Data Protection Act (PDPA) requirements for overseas transfers – essentially, we will ensure that any overseas recipient (like Job Boardly) is legally bound to provide a standard of protection comparable to the PDPA. If you are in the European Union or UK, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to lawfully transfer your data to the U.S., and we commit to protecting your data to EU GDPR standards. Should you have any questions about international data handling, please contact us.

Your Rights to Your Data

At Remotly, we apply the same data rights to all users, regardless of their location. We recognize that privacy regulations around the world (such as the EU’s GDPR, UK’s Data Protection Act, Singapore’s PDPA, and California’s CCPA/CPRA) grant individuals various rights over their personal data. We honor all of the core rights those laws envision (except where an applicable law might limit them). These rights include:

  • Right to Know/Access: You have the right to know what personal information we collect about you, how we use it, and to request access to that information. This Privacy Policy outlines the categories of data we collect and how we use them. You can also request a copy of the specific personal data we have about you. For example, you can ask us, “What information do you have associated with my account or email?” and we will provide you a summary of data in our systems tied to you.
  • Right to Correction: If the information we have about you is incorrect or incomplete, you have the right to request that we correct or update it. For instance, if you notice your name is misspelled in our records or you changed your email, you can ask us to fix it. (Many changes you can also do yourself by logging into your account, if applicable.)
  • Right to Erasure (“Right to be Forgotten”): You have the right to request that we delete your personal data. There are some limitations – we may not be able to delete data that is required for us to comply with legal obligations or that is necessary for the service as long as you have an active account. But we will honor deletion requests to the fullest extent possible. If you request deletion of your account, we will erase all personal information we have that is not legally required to retain. Note that deleting your data will likely mean we have to close your account and you will lose access to the Services (since, for example, we can’t run an account without an email to log in). We’ll inform you if any requested deletion is not feasible for specific reasons and work with you to perhaps anonymize or restrict access to data if complete deletion can’t be done.
  • Right to Data Portability: You have the right to obtain a copy of your personal data in a common format and to transfer it to another service. For example, if you want a copy of all the job posts you created or all your account details, we can export those for you in a machine-readable format (like JSON or CSV). Currently, Remotly’s usage might be simple enough that this overlaps with the Right of Access. We’ll strive to accommodate reasonable data export requests.
  • Right to Object or Restrict Processing: You have the right to object to certain processing of your data, or ask us to limit how we use it. For instance, you can object to us using your data for marketing – and indeed, we don’t do much marketing, but if you had previously consented to something like receiving promotional emails, you can always opt out. If you just want to pause use of your data (say, you want to deactivate your account temporarily but not delete everything), we can accommodate that by restricting processing rather than full deletion.
  • Right to Withdraw Consent: If we are processing any personal data based on your consent, you have the right to withdraw that consent at any time. The most common example is cookies: if you consented to analytics cookies and then change your mind, you can withdraw consent through our cookie settings or by clearing cookies. Another example: if you consented to receive our newsletter, you can always unsubscribe (which is withdrawing consent for that use). Withdrawing consent will not affect the lawfulness of any processing we did before your withdrawal.
  • Right to Non-Discrimination: If you exercise any of the privacy rights, we will not treat you differently. For example, we won’t deny you the Services or charge you a different price just because you made a privacy request (aside from the natural consequence that if you ask us to delete your account, you can’t use the service – but we consider that a choice you make, not a retaliatory action on our part). This principle mainly comes from the CCPA, which prohibits businesses from penalizing consumers for exercising their rights. We fully support that.
  • Right to Lodge a Complaint: If you have concerns about how we are handling your data, you have the right to lodge a complaint with the relevant data protection authority. For EU users, that might be your country’s supervisory authority (you can find the list here via the European Data Protection Board). For Singapore, you can contact the Personal Data Protection Commission (PDPC). For UK, it’s the ICO. For Canada, the OPC, etc. Of course, we hope you would contact us first so we can address your concern directly, but you are absolutely free to go to an authority if you feel we’re not living up to our obligations.

To exercise any of these rights, you can contact us at the email provided in the “Questions” section below. We may need to verify your identity before fulfilling certain requests (to ensure that, for example, we don’t give your data to an imposter). Verification might be done by confirming control of your email or other information. We will respond to requests within a reasonable timeframe and in accordance with applicable law (GDPR requires within 30 days for most requests, for example). Some requests (like extensive access requests) we may ask for clarification to make sure we provide exactly what you want.

Please note that while we extend these rights to all users, rights like data deletion are not absolute. For instance, we might retain certain minimal information if required (e.g., keeping an invoice record with your name if that transaction must be kept for financial auditing). But we will inform you about such exceptions in our response.

How we secure your data

We are serious about security. We have implemented administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, loss, misuse, or alteration. Some of the key security practices we follow include:

  • Encryption: All data transmitted from your browser to our servers is encrypted via SSL/TLS. You’ll notice the padlock in your browser indicating HTTPS whenever you use Remotly. This means that eavesdroppers on the network cannot easily intercept your data in transit. Our databases are also encrypted at rest or on disk-level, adding an extra layer of protection in case of physical theft of drives. Backup data is encrypted as well.
  • Access Controls: Within our organization, access to personal data is limited to those who need it to do their job (principle of least privilege). Our staff accounts are protected with strong passwords and 2-factor authentication where possible. Administrative access to systems is logged. Job Boardly, as our hosting provider, also maintains strict access control on the infrastructure side.
  • Testing & Monitoring: We keep our software and dependencies up to date to protect against security vulnerabilities. We periodically review our practices and may employ third-party security scans or audits. We also have monitoring in place to detect suspicious activities (like multiple failed logins, unusual API calls, etc.).
  • Backups and Redundancy: We perform regular backups of critical data so that we can recover in case of a disaster or accidental deletion. These backups are encrypted and stored securely. We have redundancy in our systems to avoid single points of failure – for instance, servers are in secure data centers with backup power, etc.
  • Training: Our team is trained on data security and privacy principles. We treat personal data with care and our internal policies guide employees on how to handle user data safely and respectfully.

While we do our best to protect your information, no system can be 100% secure. We therefore also have an incident response plan. If a security breach were to occur that affects your personal data, we will notify you and the appropriate authorities as required by law (for instance, PDPA or GDPR breach notification requirements). We appreciate any users who report vulnerabilities or concerns to us (you can email us if you suspect any security issues).

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it (as described in this policy) or as required by law. For example:

  • If you have an account with us, we retain your account information while your account is active. If you choose to close your account, we will initiate deletion of personal data associated with your account. Some data, like logs of access or backup copies, might persist for a short time until they are overwritten, but we will not actively use that data.
  • If you subscribed to our newsletter, we retain your email on our mailing list until you unsubscribe. Once you unsubscribe, we will remove your email from the active list immediately and ensure it is deleted from any backups within a reasonable period.
  • Server logs (which may include IP addresses) are generally retained to monitor security and performance, but we periodically purge old logs as they become less useful.
  • If we have billing records for you, we may retain those for the duration required by financial regulations (for example, in the US and Singapore, accounting records might be required for X number of years). Those records would contain minimal personal data (like name, company, transaction amount).
  • Job listings that you post may remain on our site until they expire or you remove them. If a job listing is deleted, we might keep a record of the posting in our database (as inactive) for a short period in case it needs to be restored, but eventually it will be fully purged. We may retain non-personal data about job listings (like aggregated statistics) for historical analysis.

If you have any specific question about retention of a certain type of data, please ask us.

Cookies and Tracking Choices

We discussed cookies above; here we summarize your choices: When you first visit Remotly (especially if from the EU), you will see a cookie consent banner if required. You can choose to accept or reject non-essential cookies. You can also manage preferences (for example, allow only certain categories like “analytics” but not “marketing”). If you later change your mind, you can use our site’s “Cookie Settings” link (typically found in the footer or in the banner) to adjust preferences. Additionally, as mentioned, you can control cookies through your browser settings.

For email tracking (like if we send newsletters, we might use a small pixel to know if an email was opened), you can disable images in your email or unsubscribe if you don’t want any tracking.

We do not use any invasive tracking like keyloggers or anything crazy. Just standard cookies and analytics. We do not respond to DNT signals currently, but we give you direct control via the above methods.

Third-Party Links

Our website may contain links to other websites, for example an employer’s website or our social media profiles. If you follow those links, understand that this Privacy Policy does not apply to those third-party sites. We are not responsible for the content or privacy practices of external sites. We recommend you review the privacy policies of any site you visit. For instance, if you click a link to apply on an employer’s site, any data you provide on that site is governed by their terms. Similarly, our blog on Substack or any integrations we may add are subject to their own privacy terms (though we’ve described how they relate to us above).

Children’s Privacy

(As noted earlier, but reiterating) Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you are under 16, please do not use our Services or provide any personal information. If we learn we have collected personal data from a child under 16 (or the applicable age of consent in your region), we will take steps to delete that information promptly. If you are a parent or guardian and discover that your child has provided personal info to us, please contact us so we can remove it.

Changes to This Policy

We may update this Privacy Policy as needed to reflect changes to our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify you either by posting a prominent notice on our site or by sending an email to the address associated with your account or subscription. The “Last updated” date at the top will always indicate when the latest changes were made. We encourage you to review this Policy periodically to stay informed about how we are protecting your information. If you continue to use Remotly after an update, it signifies acceptance of the revised policy (to the extent permitted by law). For any changes that require consent (for example, if we ever decided to start collecting new types of data or using data for a new purpose that required opt-in), we will obtain that consent from you.

Questions or Concerns

If you have any questions, comments, or concerns about this Privacy Policy or about your data in general, please get in touch with us here. We will be happy to answer your questions and address any issues. Your trust is extremely important to us, and we welcome feedback about how we can improve our policies or practices.