Skip to content
LazyHead
  • DE Deutsch
  • EN English
  • UA Українська
LazyHead
I’m looking for work I’m hiring Pricing

Privacy

Privacy Policy

Contents

  1. 1. Controller
  2. 2. Scope
  3. 3. Website data (server logs)
  4. 4. Theme and language preference
  5. 5. Support and contact requests
  6. 6. Registration and sign-in
  7. 7. Candidate profiles
  8. 8. Employer profiles and vacancies
  9. 9. Chat and attachments
  10. 10. Message translation
  11. 11. Maps and location
  12. 12. Interview planner
  13. 13. Notifications
  14. 14. Account deletion
  15. 15. Your rights
  16. 16. Processors
  17. 17. International transfers
  18. 18. Retention
  19. 19. Security
  20. 20. Automated decisions
  21. 21. Minors
  22. 22. Supervisory authority
  23. 23. Version

This privacy policy describes how personal data is processed in connection with the website lazyhead.at, the LazyHead app (web, iOS, Android, desktop) and support. It deliberately distinguishes between the information website and the application.

1. Controller

The controller under the GDPR is [REGISTERED_NAME], sole proprietor Andrii Snikhovskyi, Morizgasse 2/2/14, 1060 Wien, Österreich.

Email for privacy matters: privacy@lazyhead.at.

2. Scope

This policy covers the website lazyhead.at, the web app, the mobile apps (iOS, Android), the desktop app and support requests.

3. Website data (server logs)

When you visit the website, technically necessary data is processed: IP address, timestamp, requested URL, HTTP status code, data volume, user agent and referrer. Security logs are also generated.

The legal basis is our legitimate interest in secure, stable operation (Art. 6(1)(f) GDPR). This data is not analysed for marketing.

4. Theme and language preference

Your theme (light/dark) and language choice may be stored locally in your browser (localStorage) so the site can reuse it on your next visit. This storage serves functionality only and is not used for advertising tracking.

5. Support and contact requests

When you use the contact form or one of our email addresses, we process your email address, optionally your name, subject, category, message text and anti-abuse metadata.

Legal bases: Art. 6(1)(b) (handling your request), (f) (secure operation) and (c) where legal retention applies.

Support requests are retained by default for 6 months after closure.

For an Enterprise request we additionally process the company details you provide: company name, contact person, optionally phone number and website, number of locations, expected number of users and preferred payment method. The purpose is to handle the request, prepare an offer and conduct pre-contractual communication. No bank or payment data (e.g. IBAN, SEPA mandate), invoices or payment history are processed at this stage.

When the contact form is active, we use Cloudflare Turnstile to prevent abuse and Resend (Resend, Inc.) to deliver the request by email. The website is served via Cloudflare Pages, which produces technical server logs. These providers act as processors.

6. Registration and sign-in

For an account we process your email address, the chosen role (candidate or employer), one-time-code (OTP) sign-in metadata, login timestamps and account status.

If sign-in via Apple or Google is enabled, we process the identifier and email address supplied by the provider. There is no phone-number/SMS sign-in.

7. Candidate profiles

As a candidate you may provide name, photo, experience, skills, languages, location, CV, preferences and your own files.

We distinguish between publicly visible fields, fields visible only to employers you engage with, and private fields. You decide what you share.

8. Employer profiles and vacancies

As an employer we process company name, contact person, company details, role content, location, working hours, salary information, requirements and the status (active/archived) of a vacancy.

9. Chat and attachments

For direct communication we process message text, timestamps, sender and recipient, delivery and read metadata, shared files (e.g. CVs) and moderation/security metadata.

We do not claim end-to-end encryption while it is not implemented.

10. Message translation

Message translation is described only once a provider is connected. In that case the text to be translated is transmitted to the translation service; provider, processing region and safeguards will be added here.

Machine translation can be inaccurate and does not replace a verified translation.

11. Maps and location

Map and location features are described only when actually enabled. We distinguish between an approximate job/search location and a precise device location. A precise location is used only with your permission and only when necessary.

12. Interview planner

For scheduling we process date, time, participants, format, status and notification metadata. An external video provider is named only once connected.

13. Notifications

Push tokens and notification preferences are processed only if push notifications are enabled.

14. Account deletion

You can delete your account in the app or by request via the website. Your profile, vacancy and communication data is removed unless a legal retention obligation applies.

Data is removed from backups within the usual backup cycles. See the “Account deletion” page for details.

15. Your rights

You have the right to access, rectification, erasure, restriction, data portability and objection and — where applicable — to withdraw consent and to lodge a complaint with a supervisory authority.

You can make requests via the “Data request” page or at privacy@lazyhead.at.

16. Processors

We use service providers only on instruction under data-processing agreements. Only providers actually in use are published.

No external processors are currently published. The overview is maintained and shown here as soon as a provider is engaged.

17. International transfers

Any transfer outside the EEA happens only with providers actually in use and only with appropriate safeguards (e.g. an adequacy decision or Standard Contractual Clauses).

18. Retention

We store data only as long as necessary for the respective purpose or legal obligations. The overview below states the default periods.

Data Retention Trigger
Security logs 90 days creation
Support requests 6 months closure
Account data until deletion + legal exceptions deletion
Messages per configured policy deletion
Vacancies active + limited archive removal
Interview data 12 months interview
Legal records statutory period transaction

19. Security

We treat security as an ongoing task: considered access controls, transport encryption (HTTPS), data minimisation, backups, logging, patching and an incident-response process.

No one can guarantee absolute security. You can report possible vulnerabilities responsibly to developer@lazyhead.at. We never ask for your password by email.

20. Automated decisions

There is no solely automated decision-making producing legal effects concerning you.

21. Minors

Use requires the necessary legal capacity or the consent of a legal guardian. A fixed minimum age will be added here once defined.

22. Supervisory authority

Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, Austria. Email: dsb@dsb.gv.at.

23. Version

Last updated: 2026-07-03. Version 1.0.

LazyHead
  • About
  • Pricing
  • Support & contact
  • Imprint
  • Privacy
  • Terms of Use

© 2026 LazyHead

· Wien, Österreich

Support & contact

The contact form isn’t live yet. Please email us directly — we’ll reply as soon as we can.

office@lazyhead.at

Please enter a valid email address.

Company details

For Enterprise requests only. Please do not send any bank or payment details.

The subject must be 3–150 characters.

The message must be 10–5000 characters.

* Required field

The message could not be sent. Try again or email office@lazyhead.at.

We use the information you provide only to process your request. More information is available in our . Privacy Policy.

Thank you!

Message sent. We will reply to the email address provided.