Privacy Policy for Prep with Sofie

    Effective Date: 19-06-2025

    1. Introduction & Who We Are

    Welcome to Prep with Sofie ("Prep with Sofie," "we," "us," "our"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website https://prepwithsofie.vercel.app/ and our services, which include transforming your Curriculum Vitae (CV) data into personalized audio micro-podcasts for interview preparation (collectively, the "Service").

    We adhere to the principles of the EU's General Data Protection Regulation (GDPR) and aim to apply these high standards of data protection to all our users globally.

    2. Data Controller

    For the purposes of the GDPR, the data controller is:

    Company Name: Prep with Sofie

    Privacy Contact Email: juliusz@mandrosz.dev

    3. Information We Collect

    We collect information to provide and improve our Service to you.

    A. Information You Provide Directly:

    Account Information:

    When you create an account, we collect your name and email address.

    Curriculum Vitae (CV) Data:

    You voluntarily provide your CV, which may contain sensitive personal data including, but not limited to:

    • Contact details (name, email, phone number, address, LinkedIn profile).
    • Employment history.
    • Educational background.
    • Skills and qualifications.
    • Personal statements or summaries.
    • Any other information you choose to include in your CV.

    This information is essential for us to generate your personalized service.

    B. Information Collected Automatically:

    Usage Data:

    Information about how you interact with our Service, such as the features you use, pages visited, content generated, and timestamps of your activity.

    Technical Data:

    IP address, browser type and version, operating system, device identifiers, and other diagnostic data related to your access to the Service.

    C. Information from Third-Party Services (if applicable):

    If you choose to log in or create an account using a third-party service (e.g., Google, LinkedIn), we may receive certain profile information about you from that third party, such as your name and email address, as permitted by your privacy settings on that service and the third-party provider.

    4. How and Why We Use Your Information (Purpose and Legal Basis)

    We process your personal data based on the following legal grounds and for the specified purposes:

    Purpose of ProcessingPersonal Data UsedLegal Basis (GDPR)
    To Provide and Maintain the Service: Creating and managing your account, processing your CV data to generate personalized audio micro-podcasts using our AI systems, and delivering these podcasts to you.Account Information, CV Data, Usage Data, Technical DataPerformance of a Contract (Art. 6(1)(b) GDPR). For sensitive CV data, we also rely on your Explicit Consent (Art. 9(2)(a) GDPR) when you upload your CV for this specific purpose.
    To Communicate with You: Sending service-related communications, including account confirmations, technical notices, updates, security alerts, and support messages.Account Information, Usage DataPerformance of a Contract (Art. 6(1)(b) GDPR); Legitimate Interests (Art. 6(1)(f) GDPR) to keep you informed.
    To Improve Our Service: Analyzing usage patterns to understand user behavior, troubleshoot issues, develop new features, and enhance the overall user experience. We use aggregated and anonymized data for these purposes where possible.Usage Data, Technical Data (often aggregated/anonymized)Legitimate Interests (Art. 6(1)(f) GDPR) to improve our offerings.
    For Security and Fraud Prevention: Monitoring for suspicious activity, protecting the security of our Service, and preventing fraud.Account Information, Usage Data, Technical DataLegitimate Interests (Art. 6(1)(f) GDPR) to protect our Service and users.
    To Comply with Legal Obligations: Responding to lawful requests from public authorities, or to comply with applicable laws and regulations.Relevant data as required by the legal obligation.Legal Obligation (Art. 6(1)(c) GDPR).
    With Your Consent (for other purposes): For any other purposes for which we will ask for your specific consent, such as optional marketing communications (if any).Data relevant to the specific consent request.Consent (Art. 6(1)(a) GDPR).

    Important Note on AI Processing:

    Your personal CV data is used by our AI systems solely to generate your personalized reports and micro-podcasts for your use. We do not use your personal CV data to train general AI models or for any purpose other than providing the Service directly to you.

    We do not make decisions based solely on automated processing that produce legal or similarly significant effects on users.

    5. Sharing Your Information

    We do not sell your personal data. We only share your information with trusted third parties under strict confidentiality and data protection agreements, as follows:

    AI Service Providers:

    We use specialized third-party AI service providers to process your CV data and generate the audio micro-podcasts. To use your data solely for this purpose and are prohibited from using it for any other purpose, including training their general AI models.

    Cloud Hosting and Infrastructure Providers:

    We use third-party service providers for cloud hosting, data storage, and other infrastructure necessary to operate our Service (e.g., Vercel, AWS, Google Cloud).

    Analytics Providers:

    We may use third-party analytics services to help us understand Service usage. This data is typically aggregated and/or anonymized.

    Legal Requirements:

    If required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is reasonably necessary to (i) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (ii) enforce our agreements with you; (iii) investigate and defend ourselves against any third-party claims or allegations; (iv) protect the security or integrity of our Service; or (v) exercise or protect the rights and safety of Prep with Sofie, our users, personnel, or others.

    6. Your Data Rights and Choices

    We extend GDPR-level rights to all our users globally. You have the following rights regarding your personal data:

    • Right of Access: You can request a copy of the personal data we hold about you.
    • Right to Rectification: You can request correction of inaccurate or incomplete personal data.
    • Right to Erasure ('Right to be Forgotten'): You can request deletion of your personal data under certain conditions (e.g., it's no longer necessary for the purpose it was collected).
    • Right to Restrict Processing: You can request that we limit the processing of your personal data under certain circumstances.
    • Right to Object to Processing: You can object to our processing of your personal data when it's based on legitimate interests.
    • Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller.
    • Right to Withdraw Consent: Where we rely on your consent for processing, you can withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
    • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

    To exercise any of these rights, please contact us at privacy@prepwithsofie.com. We will respond to your request within one month, as required by GDPR.

    7. Data Retention

    We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing the Service, complying with our legal obligations, resolving disputes, and enforcing our agreements.

    • Account Data: Retained as long as your account is active.
    • CV Data and Generated Podcasts: Retained as long as your account is active. Upon account closure or your specific request for deletion, your CV data and generated podcasts will be actively deleted from our production systems within 30 days.
    • Backup Data: Data may remain in our backup systems for a limited period (e.g., up to an additional 60 days) before being fully expunged, but will not be used for active processing.

    Users may request earlier deletion of their CV and generated content by contacting us.

    8. Data Security

    We are committed to protecting your personal data and have implemented appropriate technical and organizational security measures to prevent unauthorized access, use, disclosure, alteration, or destruction. These measures include:

    • Encryption: Encryption of data in transit (e.g., using HTTPS/TLS) and at rest.
    • Access Controls: Role-based access controls and strong authentication mechanisms to limit access to personal data.
    • Secure Infrastructure: Utilizing reputable cloud providers with robust security practices.
    • Regular Assessments: Conducting regular security reviews and vulnerability assessments.
    • Data Minimization: Collecting only the data necessary for the provision of our Service.
    • Breach Response Protocol: We maintain a protocol to address data breaches and will notify affected users and relevant authorities as required by applicable law.

    While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure.

    9. Children's Privacy

    Our Service is not directed to individuals under the age of 16 (or a higher age if stipulated by local law for data processing consent). We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at juliusz@mandrosz.dev

    10. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically.

    11. Contact Us

    If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

    Prep with Sofie

    Email: juliusz@mandrosz.dev