Legal

Privacy Policy

Last updated: March 31, 2026

At , a company incorporated and registered in the Republic of Cyprus ("we," "our," "us," or the "Company"), we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains in detail how we collect, use, disclose, and safeguard your information when you visit our website(s), use our products and services, or interact with us in any way.

This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU General Data Protection Regulation (EU GDPR) where applicable, and other relevant data protection laws. We also comply with Google's requirements for websites using Google Analytics, Google Ads, and other Google services.

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Data Controller Information

For the purposes of applicable data protection laws, the data controller of your personal data is:

Company Registration Number:

Registered Address:

Data Protection Contact:

Email:
Phone:

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise any of your rights regarding your personal data, please contact us using the details provided above.

2. Information We Collect

We collect various types of information to provide and improve our Services. The types of personal data we collect depend on how you interact with us and which Services you use.

2.1 Information You Provide Directly

When you interact with our Services, you may provide us with the following information:

Account Information

Full name (first name and surname)
Email address
Password (stored in encrypted form)
Username or display name
Profile photograph (optional)
Phone number (optional)
Date of birth (for age verification where required)

Payment and Billing Information

Credit/debit card details (processed securely by our payment processors)
Billing name and address
Bank account details (for refunds where applicable)
VAT number (for business customers)
Transaction history

Content and Documents

CVs, resumes, and cover letters uploaded to our services
Job descriptions and career information
Professional experience and education history
Skills, certifications, and qualifications
Any other content you submit through our AI-powered tools

Communication Data

Messages sent through our contact forms
Customer support tickets and correspondence
Feedback and survey responses
Newsletter subscription preferences
Marketing communication preferences

2.2 Information Collected Automatically

When you access our Services, we automatically collect certain information through cookies and similar technologies:

Device and Browser Information

Device type (desktop, mobile, tablet)
Operating system and version
Browser type and version
Browser language settings
Screen resolution and display settings
Device identifiers (including mobile advertising IDs)
Hardware model and manufacturer

Network and Connection Information

IP address
Internet Service Provider (ISP)
Approximate geographic location (city, region, country) based on IP
Connection type (WiFi, cellular, broadband)
Time zone settings

Usage and Interaction Data

Pages visited and navigation paths
Time and date of visits
Time spent on each page
Click patterns and interactions
Scroll depth and engagement metrics
Features used and frequency of use
Search queries entered on our site
Referring website or source
Exit pages
Error logs and crash reports

Cookies and Tracking Technologies

Session cookies and persistent cookies
Local storage and session storage data
Web beacons and pixel tags
Unique cookie identifiers

For detailed information about the cookies we use, please see our Cookies Policy.

2.3 Information from Third Parties

We may receive information about you from various third-party sources, including:

Authentication Providers

Google (if you sign in with Google)
LinkedIn (if you sign in with LinkedIn)
Other OAuth providers

When you use these services to log in, we receive information from them including your name, email address, and profile picture, subject to your privacy settings on those platforms.

Analytics and Advertising Partners

Google Analytics (website usage data)
Google Ads (advertising performance data)
Social media platforms (demographic and interest data)
Marketing automation tools

Business Partners

Payment processors (transaction verification)
Fraud prevention services
Identity verification services
Customer relationship management platforms

2.4 Special Categories of Personal Data

We generally do not request or intentionally collect special categories of personal data (sensitive data), such as:

Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic or biometric data
Health information
Sexual orientation

However, if you choose to include such information in documents you upload (such as CVs), we process this data solely for the purpose of providing our Services to you, with your explicit consent. We recommend that you do not include sensitive information in documents unless absolutely necessary.

3. How We Collect Your Information

We collect information through the following methods:

3.1 Direct Collection

Account Registration: When you create an account on our platform
Service Usage: When you use our AI-powered tools and services
Purchases: When you make a purchase or subscription
Communications: When you contact us via email, phone, or contact forms
Surveys and Feedback: When you participate in surveys or provide feedback
Events: When you register for webinars or events

3.2 Automated Collection

Cookies: Small data files stored on your device
Web Beacons: Electronic images that count visitors and track usage
Log Files: Server logs that record website activity
Analytics Tools: Third-party tools that track usage patterns

3.3 Third-Party Collection

Social Logins: When you authenticate using third-party accounts
Partners: When our business partners share information with us
Public Sources: Publicly available information

4. Legal Basis for Processing (GDPR)

Under the UK GDPR and EU GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:

4.1 Contractual Necessity (Article 6(1)(b) GDPR)

Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This includes:

Processing your registration and account creation
Providing our AI-powered services
Processing payments and transactions
Delivering customer support
Managing your subscription

4.2 Legitimate Interests (Article 6(1)(f) GDPR)

Processing is necessary for our legitimate interests, provided these are not overridden by your rights and interests. Our legitimate interests include:

Improving and optimizing our Services
Analyzing website usage and trends
Preventing fraud and ensuring security
Marketing our Services to existing customers
Conducting business analytics
Protecting our legal rights

We conduct a balancing test for each processing activity to ensure our interests do not override your fundamental rights and freedoms.

4.3 Consent (Article 6(1)(a) GDPR)

Where we rely on your consent, you have the right to withdraw it at any time. We obtain consent for:

Sending marketing communications to non-customers
Using non-essential cookies
Processing special categories of data (where applicable)
Sharing data with certain third parties

4.4 Legal Obligation (Article 6(1)(c) GDPR)

Processing is necessary to comply with our legal obligations, such as:

Tax and accounting requirements
Responding to lawful requests from authorities
Fraud prevention and detection
Employment law requirements

4.5 Vital Interests (Article 6(1)(d) GDPR)

In exceptional circumstances, processing may be necessary to protect someone's life.

5. How We Use Your Information

We use your personal data for the following purposes:

5.1 Service Delivery and Operations

Creating and managing your user account
Providing access to our AI-powered tools (including AliPrep (AI Interview Buddy) and other services)
Processing and analyzing documents you upload
Generating AI-powered content, suggestions, and optimizations
Processing payments and managing subscriptions
Sending transactional emails (confirmations, receipts, service updates)
Providing customer support and responding to inquiries

5.2 Service Improvement and Development

Analyzing usage patterns to improve user experience
Training and improving our AI models (using anonymized data)
Developing new features and services
Conducting research and analysis
Testing and quality assurance
A/B testing and optimization

5.3 Personalization

Customizing your experience based on preferences
Providing personalized recommendations
Remembering your settings and preferences
Tailoring content to your interests

5.4 Marketing and Communications

Sending newsletters and promotional materials (with consent)
Informing you about new features, products, and services
Conducting surveys and gathering feedback
Delivering targeted advertising (with consent)
Managing competitions and promotions

5.5 Security and Protection

Detecting and preventing fraud and abuse
Monitoring for security threats
Verifying user identities
Enforcing our Terms of Service
Protecting our rights, property, and safety

5.6 Legal and Compliance

Complying with applicable laws and regulations
Responding to legal requests and court orders
Establishing, exercising, or defending legal claims
Maintaining records as required by law

We do not sell your personal information. We may share your information in the following circumstances:

6.1 Service Providers and Processors

We engage trusted third-party companies and individuals to perform services on our behalf, including:

Category	Purpose	Data Shared
Cloud Hosting Providers	Hosting our infrastructure and data	All data stored on our platform
Payment Processors	Processing transactions securely	Payment details, billing address
Email Service Providers	Sending transactional and marketing emails	Email address, name, preferences
Analytics Providers	Understanding usage patterns	Anonymized usage data
Customer Support Tools	Managing support tickets	Contact details, support history
Security Services	Fraud prevention and security	IP address, device info, transaction data

All service providers are contractually obligated to protect your data and use it only for the specified purposes.

6.2 Legal Requirements

We may disclose your information when required by law, including:

In response to valid legal processes (subpoenas, court orders)
To law enforcement agencies upon lawful request
To regulatory authorities as required
To protect our rights, property, or safety
To prevent fraud or illegal activities

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such transfer and any choices you may have regarding your information.

6.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6.5 Aggregated and Anonymized Data

We may share aggregated or anonymized data that cannot reasonably be used to identify you for research, analysis, or other business purposes.

7. Third-Party Services and Technologies

We use various third-party services to operate our platform effectively:

7.1 Infrastructure and Hosting

Amazon Web Services (AWS) — Cloud infrastructure
Cloudflare — Content delivery and security

7.2 Payment Processing

Stripe — Payment processing (refer to Stripe’s Privacy Policy)
PayPal — Alternative payment option (refer to PayPal’s Privacy Policy)

7.3 Analytics and Marketing

Google Analytics — Website analytics
Google Ads — Advertising
Facebook/Meta Pixel — Advertising and analytics
LinkedIn Insight Tag — B2B marketing

7.4 Communication

SendGrid/Mailchimp — Email delivery
Intercom/Zendesk — Customer support

8. Google Services Disclosure

We use various Google services on our website. This section provides detailed information about these services as required by Google's policies.

8.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies to help us analyze how visitors use our website.

Information Collected

Pages visited and navigation paths
Time spent on pages
Referring sources (how you found us)
Geographic location (country/city level)
Browser and device information
Demographic information (age, gender, interests — if enabled)

How Google Uses This Data

Google may use this data to contextualize and personalize ads in its advertising network. For more information, please see Google’s Privacy Policy and “How Google uses data when you use our partners’ sites or apps.”

Opt-Out Options

You can opt out of Google Analytics by:

Installing the Google Analytics Opt-out Browser Add-on
Adjusting your ad personalization settings at Google Ads Settings
Using the cookie consent manager on our website

8.2 Google Analytics 4 (GA4)

We may use Google Analytics 4, which provides enhanced measurement and machine learning capabilities. GA4 is designed with privacy at its core and includes:

IP anonymization by default
Cookieless measurement options
Data retention controls
User-level and event-level data deletion on request

8.3 Google Ads and Remarketing

We may use Google Ads to display advertisements to you on other websites based on your visit to our site. This is known as remarketing or retargeting.

How Remarketing Works

When you visit our website, cookies may be placed on your browser
These cookies allow Google to show you relevant ads on other websites
No personal information is shared with advertisers

Opt-Out Options

Visit Google Ads Settings to manage your preferences
Use the Network Advertising Initiative opt-out page
Install the Google Ads opt-out extension

8.4 Google Fonts

We may use Google Fonts to display fonts on our website. When you access pages using Google Fonts, your browser establishes a direct connection to Google servers, and Google may collect your IP address, the page you visited, and browser information.

8.5 Google reCAPTCHA

We may use Google reCAPTCHA to protect our forms from spam and abuse. reCAPTCHA collects hardware and software information, such as device and application data, and sends it to Google for analysis. Use of reCAPTCHA is subject to Google’s Privacy Policy and Terms of Service.

9. International Data Transfers

As a Cyprus-based company, we primarily process data within the European Economic Area (EEA) and the United Kingdom where our activities relate to UK individuals. However, some of our service providers are located outside these regions.

9.1 Transfers Outside the UK/EEA

When we transfer your personal data outside the UK or EEA, we ensure appropriate safeguards are in place:

Adequacy Decisions

Where possible, we transfer data to countries that have been deemed to provide adequate data protection by the UK or EU Commission.

Standard Contractual Clauses (SCCs)

We use UK or EU-approved Standard Contractual Clauses with service providers in countries without adequacy decisions.

Data Privacy Framework

For transfers to the United States, we work with service providers certified under the EU-U.S. Data Privacy Framework where applicable.

9.2 Additional Safeguards

In addition to legal mechanisms, we implement:

Technical measures such as encryption
Organizational measures including access controls
Contractual obligations for data protection
Regular audits of service providers

9.3 Your Rights

You have the right to request information about the safeguards in place for any specific transfer. Contact us at for more details.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

10.1 Retention Periods

Data Type	Retention Period	Reason
Account Information	Duration of account + 3 years	Service provision and legal claims
Transaction Records	7 years from transaction	Tax and accounting requirements
Support Tickets	3 years from resolution	Quality assurance and disputes
Marketing Preferences	Until consent withdrawn	Compliance with preferences
Analytics Data	26 months (Google Analytics default)	Business analysis
Uploaded Documents	90 days after deletion request or account closure	Service provision and backup recovery
Log Files	12 months	Security and troubleshooting
Cookie Data	Varies (see Cookies Policy)	Website functionality

10.2 Data Deletion

When data is no longer required, we will:

Securely delete the data
Anonymize it so it can no longer identify you
Ensure deletion from backups within a reasonable timeframe

10.3 Exceptions

We may retain data longer if:

Required by law or regulation
Needed for ongoing legal proceedings
Necessary to resolve disputes
Required to enforce our agreements

11. Data Security

We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

11.1 Technical Measures

Encryption: All data in transit is encrypted using TLS 1.2 or higher; data at rest is encrypted using AES-256
Firewalls: Network and web application firewalls to prevent unauthorized access
Intrusion Detection: Systems to detect and respond to security threats
Access Controls: Role-based access control (RBAC) limiting data access to authorized personnel
Multi-Factor Authentication: Required for administrative access
Regular Updates: Timely patching of software and systems
Backups: Regular encrypted backups with secure storage
Password Security: Passwords stored using industry-standard hashing algorithms (e.g., bcrypt)

11.2 Organizational Measures

Employee Training: Regular training on data protection and security
Confidentiality Agreements: All employees sign confidentiality agreements
Access Limitation: Data access on a need-to-know basis
Vendor Assessment: Security assessments of third-party providers
Incident Response: Documented procedures for handling security incidents
Regular Audits: Periodic security assessments and penetration testing

11.3 Your Responsibilities

You can help protect your data by:

Using strong, unique passwords
Enabling two-factor authentication when available
Keeping your login credentials confidential
Logging out of shared devices
Notifying us immediately of any suspected unauthorized access

11.4 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours
Notify affected individuals without undue delay where required
Document the breach and our response
Take steps to mitigate any damage

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

13.1 Right to Know

You have the right to request information about:

Categories of personal information collected
Specific pieces of personal information collected
Categories of sources of personal information
Business or commercial purposes for collection
Categories of third parties with whom we share personal information

13.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

13.3 Right to Correct

You have the right to request correction of inaccurate personal information.

13.4 Right to Opt-Out of Sale/Sharing

We do not sell your personal information. We also do not share personal information for cross-context behavioral advertising as defined by CPRA.

13.5 Right to Limit Use of Sensitive Personal Information

You have the right to limit our use of sensitive personal information to what is necessary to provide our services.

13.6 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

13.7 Exercising Your Rights

To exercise your California privacy rights, please contact us at or call .

13.8 Authorized Agent

You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authority.

13.9 "Do Not Sell or Share My Personal Information"

Although we do not sell personal information, you may still submit a "Do Not Sell or Share" request for record-keeping purposes.

14. Automated Decision-Making and Profiling

Our AI-powered services use automated processing to analyze and optimize content you submit (such as CVs, resumes, and interview preparation materials). Here's what you need to know:

14.1 How We Use Automated Processing

Document analysis: Our AI analyzes content, structure, and formatting you submit
Optimization suggestions: Automated recommendations for improvements
Scoring: Algorithmic assessment of compatibility or quality where applicable
Content generation: AI-generated content suggestions

14.2 Human Oversight

Our automated processing:

Does not make decisions that have legal or similarly significant effects without human review
Provides suggestions and recommendations rather than final decisions
Can be overridden by your own choices

14.3 Your Rights

You have the right to:

Request human intervention in automated decisions
Express your point of view
Contest decisions made through automated processing
Obtain an explanation of the logic involved

14.4 Safeguards

We implement safeguards including:

Regular testing for bias and accuracy
Transparency about how our AI works
Human review processes
Easy mechanisms to challenge outcomes

15. Children's Privacy

Our Services are not directed to individuals under the age of 16 (or 13 in some jurisdictions). We do not knowingly collect personal information from children.

15.1 Age Requirements

You must be at least 16 years old to use our Services
If you are under 18, you must have parental/guardian consent
We may verify age where required

15.2 Parental Rights

If you believe we have collected information from a child under 16:

Contact us immediately at
We will promptly delete such information
Parents/guardians may request deletion of a child's data

16. Third-Party Links and Services

Our website may contain links to third-party websites, services, or applications that are not operated by us.

16.1 Not Our Responsibility

We are not responsible for:

The privacy practices of third-party sites
The content of third-party sites
Any data collected by third parties

16.2 Recommendation

We encourage you to read the privacy policies of every website you visit and service you use. Click on third-party links at your own risk.

16.3 Social Media

If you interact with social media features on our site (like share buttons), those interactions are governed by the privacy policies of the respective social media platforms.

17. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked.

17.1 Our Response to DNT

Currently, there is no universal standard for responding to DNT signals. Our website does not currently respond to DNT signals. However, you can:

Use our cookie consent manager to control tracking
Opt out of Google Analytics as described above
Use browser extensions to block tracking
Adjust your browser privacy settings

17.2 Global Privacy Control

We honor Global Privacy Control (GPC) signals where required by law (such as under CCPA/CPRA for California residents).

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

18.1 Notification of Changes

When we make changes:

We will update the "Last updated" date at the top of this policy
For material changes, we will provide prominent notice (e.g., email notification or website banner)
We may ask for your consent where required by law

18.2 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

18.3 Continued Use

Your continued use of our Services after changes to this Privacy Policy constitutes your acceptance of the updated policy, unless we are required to obtain your explicit consent.

19. Complaints

If you have concerns about how we handle your personal data, we encourage you to contact us first so we can try to resolve your concerns.

19.1 Contact Us First

Please reach out to us at . We will investigate and respond to your complaint.

20. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: