PRIVACY POLICY
Go Onwards (Owned by Wander Onwards LLC)
We, Go Onwards, operated by Wander Onwards LLC (“our”, “us”, “we”), would like to thank you for visiting our website and for your interest in our services.
When you access or use our website (“Website”) or our platform (“Platform”), or when you initiate, engage in, or show interest in entering into a contractual relationship with us, your personal data may be processed by us in accordance with this Privacy Policy.
Protecting your data is of utmost importance to us. This Privacy Policy, in accordance with Articles 13, 14 of the EU General Data Protection Regulation (“GDPR”), outlines how we handle, protect, and process your personal data (also referred to as “data”) in connection with your use of our Website and Platform.
Last updated: February 22, 2026
A. GENERAL INFORMATION
I. Definitions
Our Privacy Policy should be easy to read and understand for our Platform and Website visitors and users, customers, business partners, and interested parties. To ensure this, we would like to explain the most important terms. We use the following terms, among others, in this Privacy Policy:
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “Data Subject”), e.g. name, address, email addresses, user behaviour.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
II. Controller
Unless otherwise stated in this Privacy Policy, the controller within the meaning of Article 4(7) GDPR is:
Wander Onwards LLC (operating as Go Onwards) 3916 N Potsdam Ave Sioux Falls, SD 57104 United States Email: [email protected]
For specific questions regarding the processing of your personal data and the exercise of your rights under the GDPR, you can contact the above-mentioned contact points at any time.
B. PROCESSING OF PERSONAL DATA
The following overview lists all types of data processed by us, the purposes of their processing, and the legal basis for their processing.
I. Visiting the Website and Platform
If you visit our Website and Platform without transmitting data to us in any other way, we collect the following data on our web server temporarily and anonymised via server log files: IP address; date and time of the enquiry; time zone difference to Greenwich Mean Time (GMT); content of the request (page visited); access status/HTTP status code; amount of data transferred in each case; previously visited page; browser type; operating system used; language and version of the browser software; and host name of the accessing computer.
This processing is technically necessary to display our Website and Platform to you. We also use the data for statistical analyses to ensure the operational security and stability of our Website and Platform. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. f GDPR (our legitimate interest).
We also use the data to fulfil our legal obligations for reasons of data security. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. c GDPR (compliance with legal obligations).
II. Contacting Us
When you contact us (for example, via an online contact form, by email, telephone, or through social media), we process your personal data to the extent necessary to respond to your inquiry and to carry out any measures you request.
Regardless of the communication channel used, we collect the content of your inquiry (for example, the information you provide in an online contact form, such as your name and email address).
We process your data for the following purposes: individual communication with you, management and response to inquiries, provision of our services, and improvement of user experience.
We process your data on the basis of our legitimate interests pursuant to Article 6 para. 1 sentence 1 lit. f GDPR in order to respond appropriately to contact requests. If your inquiry relates to a potential or existing contractual relationship, processing is carried out for the purpose of performing pre-contractual measures in accordance with Article 6 para. 1 sentence 1 lit. b GDPR.
III. Cookies
We use cookies on some areas of our Website and Platform. Cookies are small text files that are stored by the browser on your end device (e.g. computer, tablet or mobile phone) when you visit a website and can be read by us or a third-party provider. They are used to identify your end device for a certain period of time.
Some of the cookies we use are so-called “session cookies”, which are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.
Some cookies are necessary for the use of our Website and Platform. These cookies are not used for analysis, tracking, advertising or other non-essential purposes. Some of them only contain information about specific settings and are not personalised. These cookies are essential for user guidance, security, and the operation of the Website and Platform. We use these essential cookies on the basis of our legitimate interest under Article 6 para. 1 sentence 1 lit. f GDPR and, where applicable, in accordance with applicable electronic communications and privacy laws, to ensure the basic functions of the Website.
You can set your browser so that you are informed about the placement of cookies, which makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note, however, that this may result in our Website or Platform no longer being displayed and some functions may no longer be technically available.
In addition, we also use technically non-essential cookies on the basis of your consent. This processing only takes place with your express consent in accordance with Article 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time by clicking on the consent management icon at the bottom of the Website or Platform and adjusting the desired settings in the cookie consent banner that opens.
For more information on the individual cookies we use on our Website or Platform, please refer to our Cookie Policy or our cookie consent banner, available at https://go-onwards.com/cookie-policy.
IV. Contractual or Business Relationship
If you are already a customer, business partner, or prospective customer of our services, and a contractual, quasi-contractual, or pre-contractual business relationship exists with us, we process personal data where necessary to establish and maintain this relationship.
The data processed may include inventory data such as your first and last name and address; contact details such as your email address and telephone number; and payment data, including bank account information, billing details, and payment history.
Before or at the time of collecting this data, we will inform you transparently about which information is required. We process this data in particular to communicate with you, respond to your inquiries, provide customer support, fulfil our contractual or legal obligations, and safeguard our rights. As far as necessary, we may share your data with third parties, i.e. our professional advisors such as our attorneys, accountants, financial advisors, and business advisors, in their capacity as advisors to us.
The legal bases for this processing are Article 6 para. 1 sentence 1 lit. b GDPR (performance of a contract and pre-contractual measures), Article 6 para. 1 sentence 1 lit. c GDPR (compliance with legal obligations), and Article 6 para. 1 sentence 1 lit. f GDPR (our legitimate interest in managing and maintaining business relationships).
V. Using Our Platform
When you use our Platform, we process various categories of personal data as described below.
Account Creation
When you create an account on our Platform, we process your username, email address, and password as well as any other optional data you provide, e.g. age, country of origin, gender, and profile picture. We may also process metadata such as your IP address and login timestamps to ensure the security of your account.
We process this data to enable you to register for and use our Platform, to verify your identity, and to protect against unauthorized access.
The processing is based on Article 6 para. 1 sentence 1 lit. b GDPR, as it is necessary for the performance of our contract with you, and on Article 6 para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in preventing fraud and ensuring platform security.
CV Creation and Job Matching
Our Platform offers functionalities that help you create, edit, and improve your CV. When you use these functionalities, we process the information you submit through them. Such data typically includes CV data, such as your name, address, date of birth, contact information (telephone number, email address), education, qualifications, and professional experience, as well as any CVs or related documents you upload to the Platform. Some of these functionalities are powered by artificial intelligence (AI). In this context, we process the information you provide as input or prompts, and the text generated by the AI functionalities as output.
We process this data to provide you with automated drafting and editing support and to allow you to save and manage your CVs.
To match you with suitable job opportunities, we process the above-mentioned data, especially your work experience, education, and career preferences, to provide personalized job recommendations and improve your job search experience.
To deliver the AI functionalities of this service, we use the technology of OpenAI Ireland Ltd, Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland, as a data processor under Article 28 GDPR. OpenAI processes the information you submit to the AI functionalities solely on our behalf and in accordance with our instructions. All data processing for this service takes place within the European Economic Area (EEA), as we have chosen the EU data residency option offered by OpenAI. Therefore, no personal data is transferred to countries outside the EEA. Appropriate data processing agreements (DPAs) are in place to ensure that your personal data is handled securely and in full compliance with the GDPR. Neither OpenAI nor any third parties are permitted to use your data for their own purposes, such as model training or analytics. How we may otherwise use your data for the training and improvement of our AI systems is explained in more detail elsewhere in this Privacy Policy.
The processing of personal data to provide these services is necessary for the performance of our contract, in accordance with Article 6 para. 1 sentence 1 lit. b GDPR. If you choose to include special categories of personal data in your CV (for example, information about your health, racial or ethnic origin, political opinions, or trade-union membership), such information will be processed only with your explicit consent, in accordance with Article 6 para. 1 sentence 1 lit. a GDPR and Article 9 para. 2 lit. a GDPR.
VI. AI Training
We use certain data to train and improve the AI functionalities of our Platform. The purpose of this processing is to enhance the accuracy, quality, and relevance of these features, thereby improving the overall user experience and helping to better connect our users with suitable job opportunities.
For this purpose, we may process data from your user profile and the content you submit to our Platform. Data from private messages or confidential user communications is not used for AI training or model improvement.
The processing is carried out on the basis of our legitimate interest in optimizing and continuously developing our AI-driven services in accordance with Article 6 para. 1 sentence 1 lit. f GDPR. We take care to implement appropriate technical and organizational safeguards to ensure that the data used for AI training is pseudonymized or aggregated wherever possible, and that your personal data is not used to make decisions that have legal or similarly significant effects on you.
VII. Newsletter / Email Marketing
You may subscribe to our newsletter to receive updates about our company and our offers. To subscribe, we require your email address. When you register, your email address will be transmitted to us (or our email service provider) and stored. After registration, you will receive a confirmation email (“double opt-in”).
Our newsletter is sent based on your prior explicit consent (Article 6 para. 1 sentence 1 lit. a GDPR). You may unsubscribe at any time, either by contacting us through the options provided in this Privacy Policy or by using the unsubscribe link included in each newsletter. Upon unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Article 6 para. 1 sentence 1 lit. a GDPR, or we are legally entitled to continue using the data as described in this Privacy Policy.
If we obtain your email address in connection with the sale of a product or service and you have not objected, we may also use it to send you regular offers for similar products or services from our portfolio. This serves our legitimate interest in direct marketing (Article 6 para. 1 sentence 1 lit. f GDPR). You may object to this use of your email address at any time, without incurring any costs beyond the basic transmission fees, by contacting us through the options provided in this Privacy Policy or via the unsubscribe link in the marketing email.
VIII. Third-Party Providers
As part of our business operations and to deliver certain functionalities of our Platform and Website, we engage third-party service providers who generally act as our data processors. These include providers in areas such as hosting, payment processing, authentication, IT and security services, AI tools, marketing, and analytics.
We may share your personal data with these service providers to the extent necessary for them to perform their contractual tasks. With each provider, we have concluded a data processing agreement (DPA) in accordance with Article 28 GDPR, ensuring that your personal data is processed exclusively in line with our documented instructions and protected by appropriate technical and organizational measures.
Some of the service providers we use are specifically identified in the relevant sections of this Privacy Policy. For information about service providers that use cookies or similar technologies, please refer to our Cookie Policy at https://go-onwards.com/cookie-policy.
Other service providers we engage include:
Supabase
We use the services of Supabase, operated by Supabase, Inc., 65 Chulia Street #38-02/03, OCBC Centre, Singapore 049513, which provides the technical infrastructure for our backend, database management, and authentication system. Supabase enables us to securely store and manage user data, handle login and registration processes, and ensure the overall operation of our web platform.
When you create or log into your user account, or when you use our services, your data as described above in the section regarding your use of our Platform may be processed through Supabase.
Supabase acts as our data processor within the meaning of Article 28 GDPR. Personal data may be processed and stored on servers located in Singapore and the United States, where Supabase and some of its subprocessors operate. These countries do not currently provide a level of data protection equivalent to that of the European Economic Area (EEA).
To ensure an adequate level of protection for your personal data, we have concluded a data processing agreement (DPA) with Supabase, including the European Commission’s Standard Contractual Clauses (SCCs) as well as additional technical and organizational safeguards. These safeguards are designed to protect your data against unauthorized access and to ensure that it is processed exclusively in accordance with our documented instructions and the requirements of the GDPR.
The use of Supabase is necessary to provide the functionality, security, and performance of our Platform, including account creation, data storage, and authentication. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. b GDPR (performance of a contract) and Article 6 para. 1 sentence 1 lit. f GDPR (our legitimate interest in the secure and efficient technical operation of our services).
Further information on Supabase’s data protection practices can be found at: https://supabase.com/privacy.
AWS
We use Amazon Web Services (AWS), provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg, for hosting, data storage, and infrastructure services.
The personal data processed includes any data stored on our cloud servers, such as user account data. The purpose of this processing is to provide secure cloud hosting and storage. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in maintaining secure, scalable, and reliable infrastructure to improve service delivery, protect data, and prevent unauthorized access. For more information, please refer to AWS’s privacy policy at: https://aws.amazon.com/privacy/.
Stripe
If you choose to purchase or subscribe to our paid services on the Platform, we use the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (“Stripe”) to process payments.
In connection with payment processing, certain personal data is collected and transmitted to Stripe. This may include your name, email address, billing address, IP address, phone number, payment account information (such as credit or debit card details), and any other information that you provide to verify your identity or to prevent fraud. Stripe also processes transaction-related data such as the amount paid, currency, and payment date.
Stripe acts as an independent controller within the meaning of the GDPR when processing personal data for the purpose of payment transactions, fraud prevention, and legal compliance (for example, financial reporting and anti-money-laundering obligations). In certain cases, Stripe may also act as a data processor when handling payment confirmations or integrations on our behalf.
The processing of payment data is necessary for the performance of a contract in accordance with Article 6 para. 1 sentence 1 lit. b GDPR and to comply with Stripe’s legal obligations under Article 6 para. 1 sentence 1 lit. c GDPR.
Stripe may transfer personal data to subprocessors and affiliated entities located in the United Kingdom and the United States. Such transfers are protected by appropriate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs) and additional technical and organizational measures to ensure the security of your personal data.
Further information about Stripe’s data protection practices is available in Stripe’s Privacy Policy at https://stripe.com/privacy and Privacy Center at https://stripe.com/en-de/legal/privacy-center.
Plausible
Our Website uses the privacy-friendly web analytics service Plausible Analytics, provided by Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia, for statistical analysis of website visits. The web analytics are based solely on anonymized data and do not use cookies. It is not possible to identify individual visitors.
When you visit our Website, the following information is collected and processed by Plausible Analytics: the URL of the page or file accessed; the URL of the page that referred you to our Website (referrer); the URL of any outbound links you clicked on our Website; the type and version of your browser; the operating system and device type you are using. Information about your location (country, region, and city) is estimated from your IP address; however, the IP address itself is not stored.
We use Plausible Analytics on the basis of our legitimate interest in obtaining statistical insights into the use of our Website and improving our online presence. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. f GDPR.
Further information about how Plausible Analytics processes data can be found in their Privacy Policy at: https://plausible.io/privacy.
YouTube
We embed videos from the YouTube video platform on our Website and Platform. These videos are not stored on our own servers. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When you access a page that contains an embedded YouTube video, the content is loaded directly from YouTube’s servers. In this process, YouTube receives information that you have visited our website, along with certain technically necessary usage data (such as your IP address and browser information). We have no control over any further data processing carried out by YouTube.
The embedding of YouTube videos is based on Article 6 para. 1 sentence 1 lit. f GDPR, reflecting our legitimate interest in providing an engaging and informative presentation of our online content.
Your personal data may be transferred to countries outside the European Union, in particular to the United States. Google is certified under the EU-U.S. Data Privacy Framework (DPF) and has thereby committed to complying with European data protection principles. In addition, we have concluded the European Commission’s Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.
Further information on data processing by YouTube can be found at: https://policies.google.com/privacy.
IX. Online Presence on Social Media
We have various presences on social media platforms. We operate these sites with the following providers:
LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com/; privacy policy: https://www.linkedin.com/legal/privacy-policy
Instagram, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; website: https://www.instagram.com/; privacy policy: https://help.instagram.com/519522125107875
Facebook, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; website: https://www.facebook.com/; privacy policy: https://www.facebook.com/privacy/explanation
YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; website: https://www.youtube.com/; privacy policy: https://policies.google.com/privacy
TikTok, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; website: https://www.tiktok.com/; privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/
Pinterest, Pinterest Europe Ltd., Waterloo Exchange, 3rd Floor, Waterloo Road, Dublin 4, Ireland; website: https://www.pinterest.com/; privacy policy: https://policy.pinterest.com/en/privacy-policy
We use the technical platform and services of the respective providers for these information services. We would like to point out that you use our presence on social media platforms and their functions at your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, rating, sharing).
When you visit our social media sites, the platform providers collect your IP address and other information that is stored on your device in the form of cookies. This information is used to provide us, as the operator of the accounts, with statistical information about your interactions with our posts. The data collected about you is processed by the platforms and may be transferred to countries outside the EU, in particular to the USA.
All of the above-mentioned providers’ (except TikTok) U.S. entities are certified under the EU-U.S. Data Privacy Framework (DPF) and have undertaken to comply with the European data protection principles. In addition, we have concluded SCCs with these providers, including TikTok, to ensure compliance with the EU level of data protection.
We do not know how the social media platforms use the data from your visit to our account and your interactions with our posts for their own purposes, how long this data is stored, and whether it is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or our account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in, a cookie on your device can be used to track your online behaviour. The platforms can use buttons integrated into websites to record your visits to these websites and assign them to your profile in order to offer you targeted content or advertising. To avoid this, you should log out, deactivate the “stay logged in” function, delete the cookies on your device, and restart your browser.
As the provider of the information service, we also only process the data that you make available to us in the context of using our service and that required interaction. For example, if you ask us a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which are described in this Privacy Policy. The legal basis for the processing of your data on the social media platform is Article 6 para. 1 sentence 1 lit. f GDPR.
In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us at [email protected].
The providers of the social media platforms explain in their privacy policies what information they receive and how it is used. These privacy policies (see links above) also contain information on contact options and the setting options for adverts.
X. International Transfers
When transferring your data to third countries outside of the EU/EEA, we ensure that an appropriate level of protection is guaranteed. This is done either through the recognition of the respective countries as safe by the European Commission (adequacy decision), through specific contracts approved by the European Commission (Standard Contractual Clauses, SCCs), or, where necessary, by obtaining your explicit consent.
XI. Storage and Deletion of Data
The data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other authorisations cease to apply (e.g. if the purpose for processing this data no longer applies or it is not required for the purpose). This means that we only store your personal data for as long as is necessary for the respective processing purpose and limit the storage period to the minimum required. In addition, we only store your data if we are authorised or obliged to do so in accordance with statutory retention periods.
This Privacy Policy may also contain further information on the retention and deletion of data, which applies primarily to the respective processing activities.
C. YOUR RIGHTS AS A DATA SUBJECT
You have the right to access your personal data in accordance with Article 15 GDPR; rectification of inaccurate personal data in accordance with Article 16 GDPR; erasure of your personal data in accordance with Article 17 GDPR; restriction of processing in accordance with Article 18 GDPR; data portability in accordance with Article 20 GDPR; and objection to the processing of your data in accordance with Article 21 GDPR.
You also have the right to withdraw your consent to the processing of your personal data at any time. Please note that the withdrawal of consent is only effective for future processing. Any processing that occurred before the withdrawal remains unaffected.
Right to Object: You have the right to object, at any time and for reasons arising from your particular situation, to the processing of your personal data based on Article 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to profiling based on this provision as defined in Article 4 para. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
To exercise your above rights, you can send an email to [email protected].
You also have the right to complain to a data protection supervisory authority about the processing of your personal data.
D. DATA PROCESSING WHEN ACCESSING LINKED CONTENT
This Privacy Policy only applies to our Website and Platform. However, the Website and Platform may also contain external links or hyperlinks to websites of other providers. These are to be distinguished from our own content. This external content does not originate from us, nor do we have any influence over the content of third-party sites. If you are redirected to other pages via links within the Website or Platform, please inform yourself there about the respective handling of your data.
E. AUTOMATED DECISION-MAKING / PROFILING
No automated decision-making or profiling takes place.
F. CHANGES TO THIS PRIVACY POLICY
Due to the further development of our Website, Platform, and our services, or due to changed legal and official requirements, it may become necessary to amend this Privacy Policy from time to time.
If you have any questions regarding the processing of your data, you can contact us at any time at [email protected].