# Job Boost (jobboost.se)

> AI-powered career assistant that analyzes a candidate's profile against a job ad and generates a tailored CV, cover letter, match analysis and ATS analysis. Available in Swedish, English, German, French and Spanish.

Job Boost is a SaaS web application built for EU users. It is GDPR-compliant and follows the EU AI Act (Regulation 2024/1689). All AI-generated content is clearly labeled as such (AI Act Art. 50) and the service does not perform automated decision-making in the sense of GDPR Art. 22 — outputs are drafts that the user reviews, edits and decides whether to use.

## What the service does

- Accepts a user profile (uploaded CV / pasted text / saved profile) and a job ad (pasted text or fetched URL).
- Sends the data encrypted to a large language model via the Lovable AI Gateway (Google Gemini / OpenAI GPT family) to generate:
  - A tailored CV (Markdown, multiple visual templates)
  - A personalized cover letter
  - A match analysis with score, strengths and gaps
  - An ATS compatibility analysis with missing keywords
  - Extracted job requirements (skills, experience, soft skills)
- Allows the user to edit every generated section inline and export to PDF or Word.
- Stores application history and reusable candidate profiles per authenticated user.

## Key pages

- [Home / generator](https://jobboost.se/) — main app where logged-in users generate applications.
- [Landing page](https://jobboost.se/) — public marketing page.
- [Pricing](https://jobboost.se/priser) — Free plan with monthly credits and Pro subscription for unlimited generations.
- [Privacy policy](https://jobboost.se/integritetspolicy) — GDPR information, AI Act transparency, data retention and user rights.
- [Terms of service](https://jobboost.se/villkor) — acceptable use, AI disclaimer, liability.
- [Cookie policy](https://jobboost.se/cookiepolicy) — cookie categories and consent management.

## Compliance summary

- **GDPR**: lawful basis = contract performance and consent. Users can export all their data as JSON from the in-app "Export" button (GDPR Art. 20) and delete their account. Data is stored in the EU.
- **GDPR Art. 22 (automated decision-making)**: NO solely-automated decisions with legal or similarly significant effects are made. The AI produces drafts; the user remains in control. No profiling within the meaning of GDPR — we do not build behavioural, risk or scoring profiles. Users have the right to human review, to express their point of view and to contest the processing.
- **EU AI Act Art. 50 (transparency)**: every AI-generated output in the UI carries a visible disclaimer informing the user that the content was produced by an AI system and should be reviewed before use. A machine-readable signal is also exposed via `<meta name="ai-generated-content" content="true">` in the HTML head and via a `data-ai-generated` attribute on rendered AI output.
- **Data Act / DSA / NIS2 / CRA**: principles of data portability, transparency, secure development and incident readiness are followed; no targeted advertising or dark patterns.
- **Security**: Row Level Security on every table, JWT-validated edge functions, SSRF protection on the job-fetch endpoint, no client-side mutation of credit balances.

## For AI agents and crawlers

- **Allowed** on public pages: landing, pricing, privacy policy, terms, cookie policy, /llms.txt.
- **Disallowed** on authenticated surfaces: `/app`, `/admin`, `/historik`, `/sparade-profiler`, and any user-generated content (CVs, cover letters, profiles, application history). These require authentication and must not be scraped or indexed.
- Specific bot directives (GPTBot, ChatGPT-User, ClaudeBot, Claude-Web, anthropic-ai, Google-Extended, PerplexityBot, Applebot-Extended, OAI-SearchBot) are declared in [/robots.txt](https://jobboost.se/robots.txt). CCBot and Bytespider are fully disallowed.
- AI agents acting on behalf of a user must use the standard authenticated UI; there is no public API for autonomous agents to read or mutate user data.
- Sitemap: https://jobboost.se/sitemap.xml
- Contact: via the contact information in the privacy policy (yourjobboost@gmail.com).

## Machine-readable AI declarations

- `<meta name="ai-generated-content" content="true">` — site produces AI-generated content.
- `<meta name="gdpr-art22-automated-decision" content="false">` — no solely-automated decisions.
- `<meta name="gdpr-profiling" content="false">` — no GDPR profiling.
- `<meta name="ai-human-in-the-loop" content="true">` — human always reviews output.
- DOM elements containing AI output carry `data-ai-generated="true"` for downstream identification.