Cookie Policy

A cookie is a small text file stored by your browser on first visit. We also use closely related technologies that serve similar purposes:

• Local storage and session storage — used to keep you signed in and cache interface state across reloads.
• Service-worker caches — Progressive Web App caches that let pages you've already viewed load offline.
• Secure HTTP cookies — session tokens and CSRF anti-forgery tokens.

This policy covers all of the above. Where it says “cookie”, read it as “cookie or equivalent identifier”.

We group cookies into three categories. Only the first is always on.

2.1 Strictly necessary — always on

These are required for the site to function. Disabling them breaks sign-in, CSRF protection, and basic navigation.

• Session token — JWT stored in browser local storage, sent as Authorization: Bearer header on every API call. Expires in 30 days.
• OTP request ID — short-lived (10 min) reference to a pending one-time-password verification.
• CSRF anti-forgery token — issued on form-based mutations.
• Language and theme preferences — so the site looks and reads the same way next time.
• Install-prompt dismissal — remembers that you dismissed the “Install Master Jobs” banner so we don't re-prompt for 7 days.

2.2 Functional — enabled by default, optional

Improve the experience but aren't required. You can disable these at Consent settings.

• Recently viewed jobs — caches the list locally so it renders instantly.
• Dismissed banner state — remembers that you closed the profile-completion reminder.
• Service-worker page cache — stale-while-revalidate cache of previously visited pages so you can browse offline. Evicted on every deploy.

2.3 Analytics — consent-gated

Aggregate measurement of page views, navigation paths, and feature adoption. Used to prioritise features and diagnose bugs. Off by default in regions where opt-in consent is required (EEA, India under DPDPA, California). On by default where opt-out consent is permitted.

• Anonymised usage events — hashed subject id, page path, timestamp.
• Error telemetry — stack traces and breadcrumbs from client-side exceptions. PII is stripped before transmission.

You can toggle analytics at Consent settings.

Master Jobs does not set third-party advertising cookies. We do not share cookie identifiers with advertising networks. We do not fingerprint browsers or devices for ad targeting.

If you see a cookie on masterjobs.com that isn't described in §2, report it to hello@masterjobs.com and we'll investigate.

• In-product controls. Category-level toggles at Consent settings.
• Browser controls. All major browsers let you delete existing cookies, block third-party cookies, or clear all site data. Check your browser's privacy or cookies settings.
• Do Not Track / Global Privacy Control. We honour GPC signals — when your browser sends GPC, we treat analytics as off unless you override it in-product.

Disabling strictly-necessary cookies will break sign-in and core site features.

• Session token — 30 days (from last renewal) or until you sign out.
• OTP references — 10 minutes.
• Recently-viewed caches — 30 days local.
• Install-prompt dismissal — 7 days.
• Service-worker page cache — invalidated on each deploy.
• Analytics events — per your consent; aggregated records kept per our retention table at Privacy settings.

Material changes to this policy are announced by in-product notice at least 14 days before they take effect. The date at the top of this page reflects the most recent revision.

Questions about this policy: hello@masterjobs.com. Full privacy terms live in the Privacy Policy.