1. What Are Cookies?
Cookies are small text files placed on your device
(computer, tablet, or mobile phone) by websites you
visit. They are widely used to make websites work,
to remember your preferences, and to provide website
owners with information about how their site is used.
In addition to traditional cookies, we also use
related technologies such as web storage (localStorage
and sessionStorage), session tokens, and server-side
logs. This policy covers all of these technologies.
2. Why We Use Cookies
We use cookies and similar technologies to:
- Keep you signed in to your account during a browsing session
- Remember your preferences and settings
- Protect you from cross-site request forgery (CSRF) attacks
- Understand how the Platform is used so we can improve it
- Detect and prevent fraudulent or abusive activity
- Maintain the security and integrity of your session
We do not use cookies for advertising,
behavioural profiling, or cross-site tracking.
3. Types of Cookies We Use
Essential
Yes — cannot be disabled
Authentication, session, CSRF protection
Functional
Optional
Preferences, theme, display settings
Analytics
Optional
Anonymous usage statistics
Security
Yes — cannot be disabled
Fraud detection, risk scoring
4. Essential Cookies
These cookies are strictly necessary for the Platform
to function. Without them, you cannot log in, navigate
between pages securely, or use core features. They
cannot be disabled.
| Cookie / Token |
Purpose |
Duration |
Type |
.AspNetCore.Identity.Application |
Authentication session — keeps you logged in during your browsing session or across sessions if you select "Remember me" |
Session or 14 days |
HTTP cookie (HttpOnly, Secure) |
.AspNetCore.Antiforgery.* |
Anti-CSRF token — protects against cross-site request forgery attacks by validating that form submissions originate from our Platform |
Session |
HTTP cookie (HttpOnly, Secure) |
.AspNetCore.Session |
Session identifier — links your browser to your server-side session data (temporary data needed during your visit) |
Session (30 minutes idle) |
HTTP cookie (HttpOnly, Secure) |
.AspNetCore.TempData.* |
Temporary data — carries success/error messages between page redirects so confirmations display correctly |
Single request cycle |
Server-side session (via session cookie above) |
.AspNetCore.Correlation.* |
OAuth state correlation — used during Microsoft or Google login to prevent CSRF during the external authentication flow |
15 minutes |
HTTP cookie (HttpOnly, Secure, SameSite=None) |
.AspNetCore.OpenIdConnect.Nonce.* |
OpenID Connect nonce — prevents replay attacks during external login flows (Microsoft/Google) |
15 minutes |
HTTP cookie (HttpOnly, Secure) |
5. Functional Cookies
These cookies remember your preferences and settings
to personalise your experience. They are optional
but enhance usability. Disabling them means your
preferences won't be remembered between visits.
| Cookie / Key |
Purpose |
Duration |
Type |
js-theme |
Stores your light/dark/system theme preference so it is applied consistently on each visit |
1 year |
localStorage |
js-sidebar-collapsed |
Remembers whether you prefer the navigation sidebar collapsed or expanded |
1 year |
localStorage |
js-calendar-view |
Remembers whether you prefer the calendar in list or month view |
1 year |
localStorage |
savedJobs |
Stores the list of jobs you have saved as a guest (before logging in) so they persist across page loads |
Until cleared |
localStorage |
6. Analytics Cookies
We use privacy-respecting analytics to understand how
the Platform is used and to identify areas for
improvement. Our analytics do not:
- Track you across other websites
- build a profile of your browsing behaviour outside JobSeek
- Share data with advertising networks
- Store personally identifiable information
| Source |
Purpose |
Duration |
Type |
| Server-side logs |
We log page views, feature usage, and error events server-side using anonymised identifiers. No additional cookie is placed for this purpose |
2 years |
Server log (no cookie) |
| Internal analytics |
Aggregated, anonymised usage statistics (most visited pages, feature adoption rates, common search terms) stored in our own database. Data is not shared with third parties |
2 years |
Server-side, no additional cookie |
We do not currently use Google Analytics, Meta Pixel,
or other third-party analytics scripts.
7. Security and Risk Cookies
These technologies are used to detect fraud, prevent
unauthorised access, and maintain platform security.
They cannot be disabled as they are fundamental to
the integrity of the Platform.
| Technology |
Purpose |
Duration |
| IP address logging |
Every login and significant platform action is logged with IP address, timestamp, browser, and device for security audit purposes and fraud detection. Retained for 2 years |
2 years |
| GeoIP resolution |
Your IP address is resolved to a country, region, and city using MaxMind GeoIP data at registration and login. This is used to detect suspicious login locations and for candidate risk scoring. VPN and proxy detection is also performed. This data is stored in our database, not as a cookie |
Per record retention policy |
| Login history |
A record of every login attempt (successful and failed) is stored including IP, device, browser, and timestamp. You can view your login history in your account security settings |
2 years |
| Device fingerprinting (digital signatures) |
When you digitally sign a document on the Platform, your browser's user-agent string and IP address are captured as part of the legally required audit trail for the signature. This is stored permanently against the signed document record |
Permanent (legal hold) |
8. What We Don't Do
We believe in straightforward, honest data practices.
To be explicit:
✗
No advertising cookies —
We do not place advertising cookies, retargeting
pixels, or any technology that tracks you for
the purpose of showing you ads on other websites.
✗
No social media tracking pixels —
We do not use Facebook Pixel, LinkedIn Insight Tag,
TikTok Pixel, or any equivalent tracking scripts.
✗
No cross-site tracking —
We do not track your activity on other websites
and we do not share your browsing behaviour with
advertising networks or data brokers.
✗
No data selling —
We do not sell any information about your
browsing behaviour or cookie data to any
third party.
✗
No Google Analytics —
We do not load Google Analytics, Google Tag
Manager, or similar third-party analytics
scripts on the Platform.
9. Third-Party Cookies
The Platform integrates with a small number of
third-party services that may set their own cookies:
| Third Party |
When Active |
Cookies Set |
More Info |
| Microsoft |
When you log in with a Microsoft account |
Microsoft sets authentication cookies during the login flow on their own domain (login.microsoftonline.com). These are deleted after the login is complete |
Microsoft Privacy |
| Google |
When you log in with a Google account |
Google sets authentication cookies during the login flow on their own domain (accounts.google.com). These are deleted after the login is complete |
Google Privacy |
| Payment processor |
When you make a payment on the Platform |
Our payment processor may set cookies to secure the payment session. These are governed by their own privacy policy |
Available at checkout |
We regularly audit our third-party integrations to
ensure no additional tracking scripts are introduced
without updating this policy.
10. Local Storage and Session Storage
In addition to cookies, we use browser local storage
and session storage to store small amounts of data
on your device:
-
localStorage — persists until cleared by you or us. Used for preferences like theme and sidebar state. You can clear this through your browser settings (see section 12).
-
sessionStorage — exists only for the duration of your browser tab. Used to store temporary application state during multi-step processes like job applications. Deleted automatically when you close the tab.
Unlike cookies, local storage data is not sent to our
servers with every request — it remains on your device
until you clear it or we update it.
11. Your Choices
You have control over non-essential cookies and
storage:
-
Essential and security cookies cannot be disabled without breaking the Platform's core functionality. You can stop us placing them by not using the Platform.
-
Functional cookies (preferences) can be cleared through your browser settings. Your preferences will simply reset to defaults.
-
Analytics — since we conduct analytics server-side without additional cookies, standard browser opt-outs do not apply. If you wish to opt out of our internal analytics, please contact us at privacy@jobseek.nz.
12. Browser Controls
All major browsers allow you to manage cookies and
local storage. Here is how to access these settings:
Google Chrome
Settings → Privacy and security → Cookies and other site data
Mozilla Firefox
Settings → Privacy & Security → Cookies and Site Data
Microsoft Edge
Settings → Cookies and site permissions → Cookies and site data
Safari (macOS)
Preferences → Privacy → Manage Website Data
Safari (iOS)
Settings → Safari → Advanced → Website Data
You can also delete all cookies and local storage
for the Platform by opening your browser's developer
tools (F12), going to Application → Storage, and
clicking "Clear site data".
13. Impact of Disabling Cookies
If you disable or clear cookies for jobseek.nz:
Disable essential cookies
You will not be able to log in or use the Platform
Disable functional cookies / clear localStorage
Your theme, sidebar, and other preferences will reset to defaults on each visit
Clear sessionStorage
In-progress multi-step forms (e.g. job application wizard) may lose unsaved data
Block third-party cookies
Microsoft and Google login may not function. All other features will work normally
14. Changes to This Policy
We may update this Cookie Policy when we add new
features, integrate new third-party services, or
when regulations change. We will update the effective
date at the top of this page and notify you of
material changes via email and an in-platform notice.
The current version of this policy will always be
available at
jobseek.nz/cookies.
