Privacy Policy

This policy describes how Vikkla("we", "the service") processes your personal data when you use the service. Prouder AB, a Swedish company, is the data controller.

1. Data we collect

• Account data: email address (for login via magic link).
• Profile data: name, job title, experience, skills — only what you enter yourself.
• Saved jobs and applications: links, titles, employers, deadlines, your notes and kanban board status.
• Generated documents: CV and cover letter drafts created by the AI. These are stored linked to your account.
• LinkedIn import (optional): If you choose to import your LinkedIn profile, we fetch data (name, summary, experience, skills, education, certifications, languages, saved jobs, job applications, search preferences) via LinkedIn's official Member Data Portability API (EU DMA-regulated data portability). Imported data is treated the same as manually entered data. We never store your LinkedIn login or access token — the token is used for the one-off import and discarded immediately after.
• Activity report data (optional, Swedish users only): If you use the AF (Arbetsförmedlingen) reporting feature, we store data about your activities (date, type, description) — but not your personal identity number (personnummer). When you export the report you paste the personnummer into the AF form yourself. We never receive or store personnummer.
• Payment data: handled by Stripe. We never store card numbers — only a Stripe customer ID.
• Pipeline events (card_events):When you move a saved job between columns (e.g. from "Saved" to "Applied"), we log the event with timestamp, column transition and any response status. These events are pseudonymised with a peppered hash (see §9) and used to give you personal insights and, with your consent, for anonymised aggregation (see §2).
• Tip interactions (profile_tip_events): If the service shows coaching tips, we log whether you saw, acted on or dismissed the tip — to improve the relevance of future tips.
• Match snapshots (match_snapshots): At certain events (e.g. when you save a job or log an application), we save a snapshot of your match score against the job. This lets us show how your profile evolves over time.
• Technical logs: anonymised error reporting for operations and security. No tracking cookies.

2. Purposes and legal basis

We process your data to:

• Deliver the service under our contract with you (Art. 6.1.b GDPR) — account, saved jobs, AI-generated documents, reminders.
• Comply with legal obligations such as accounting requirements (Art. 6.1.c) — invoices retained for 7 years under Swedish law.
• Send service-related messages such as deadline reminders and follow-up nudges — part of the service agreement.
• Anonymised aggregation and collective insights — with your explicit consent (Art. 6.1.a) we may use pseudonymised pipeline events to produce aggregated insights about the labour market (e.g. average time to response per industry). Your data is never included in aggregates without your active consent, and you can withdraw it at any time (see §5). Aggregated data is never published if the group falls below a minimum size (k-anonymity).
• Data products to third parties — with your explicit consent (Art. 6.1.a) anonymised and aggregated insights may be shared with third parties (e.g. recruitment companies, researchers). No individual data leaves the service — only statistical aggregates with differential privacy. You can withdraw this consent separately at any time.
• Marketing — only with your explicit consent (Art. 6.1.a). You may withdraw consent at any time.

Status today: Datamaskinen Phase 1 collects pseudonymised pipeline events and consent. Aggregated insights and data products are not yet produced — k-anonymity gates (≥10 internal, ≥50 external) and differential privacy are activated when aggregation starts. No aggregates are published or shared before that.

3. Where your data is stored

All data is stored in the EU:

• Database and authentication: Supabase (Frankfurt, Germany).
• Hosting: Vercel (EU regions).
• AI processing: Anthropic (Claude API) under their DPA with EU Standard Contractual Clauses (SCC). Your documents are never shared outside the service.
• Payments: Stripe (EU infrastructure).
• Email: Resend (transactional email) with EU-SCC.

No personal data is transferred to a third country without adequate safeguards.

4. How long we keep your data

• Active accounts: for as long as the subscription is active.
• Cancelled accounts: 30-day grace period for reactivation, followed by permanent deletion via CASCADE DELETE (all saved jobs, CVs, letters, AF data and logs are erased).
• Pipeline events (card_events): 0–24 months: full data with pseudonymised identifier (p_hash). 24–36 months: anonymised (user ID removed, p_hash retained for longitudinal analysis). 36–60 months: aggregated snapshots only. After 60 months: permanently deleted. Retention periods may be shortened but never extended.
• Tip interactions and match snapshots: same retention periods as pipeline events.
• Accounting records (invoices): 7 years under Swedish bookkeeping law.
• AF report data: deleted when the account is closed or when you manually remove the data.

Status today: The phased retention steps for pipeline events (anonymisation at 24 months, aggregation at 36 months, deletion at 60 months) take effect technically only once Datamaskinen begins producing aggregates. Until then, events are stored pseudonymised for as long as your account is active — and erased via CASCADE DELETE on account closure.

5. Consent for aggregation and opt-out

Anonymised aggregation and data products require your active consent. You choose at registration or in Settings:

• Collective insights (internal aggregation): Your pseudonymised pipeline events are used to compute aggregated statistics shown to other Vikklausers (e.g. "average response time in your industry"). Groups smaller than 10 people are never displayed.
• Data products (external sharing): Anonymised aggregates may be shared with third parties. Groups smaller than 50 people are never included, and statistical noise (differential privacy) is applied.

You can withdraw either or both consents at any time in Settings. Withdrawal takes effect immediately — your data is excluded from future aggregations. Already-published aggregates (where your data was anonymously included in a group) cannot be retroactively withdrawn, because individual contributions cannot be identified within the aggregate.

All consent changes are logged with timestamp in an event log (consent_events) which serves as legal source of truth in case of audit.

6. Your rights

Under GDPR you have the right to:

• Access — obtain a copy of all your data (data export available in app settings).
• Rectification — correct inaccurate data. Most corrections can be made directly in the app.
• Erasure — delete your account. Deletion uses CASCADE so all saved jobs, CVs, letters, AF data and logs are permanently removed.
• Restriction — restrict processing under certain conditions.
• Objection — object to processing.
• Data portability — receive your data in a machine-readable format.
• Complaint — lodge a complaint with the Swedish Data Protection Authority (IMY), imy.se, or your local supervisory authority.

Contact privacy@vikkla.com to exercise your rights. We respond within 30 days.

7. Sub-processors

8. Cookies

We use two categories of cookies. Essential cookiesare set without consent (they're required for the service to work). Analytics cookiesare only set if you click “Accept” in the cookie banner, and you can revoke at any time by deleting the vikkla_consent cookie in your browser.

We use no third-party advertising cookies, no cross-site tracking, no profiling. Our analytics is first-party and EU-hosted (Supabase).

9. AI usage (EU AI Act)

Vikkla uses AI to help you analyze and improve your job search. AI outputs are suggestions, not decisions — you always choose how to use them.

What AI is used for:

• ATS analysis of CV layout and content
• Job analysis (requirements, fit assessment, keywords)
• Match scoring between your CV and a specific job ad
• Genuineness analysis (flagging text that sounds generic)
• Cover letter drafts
• Structured extraction of job info from URLs

Provider: All AI processing is done via Anthropic (Claude models) under their Data Processing Agreement (DPA). Text is sent to Anthropic for processing but not retained on their side (zero data retention under their enterprise terms). Anthropic does not train its models on your data.

EU AI Act classification: Vikkla is a tool for you as a job seeker, not for employers screening candidates. We therefore do not fall under Annex III(4)(a) (high-risk AI for recruitment). We comply with the Article 50 transparency requirements: AI-generated content is clearly labeled in the user interface, and you always have full control over whether and how you use the output.

No automated decision-making about you: Vikkla does not make any legally binding decisions about you based on AI output (Art. 22 GDPR). Everything is decision support that you review and choose to use or discard.

10. Security measures

• All data encrypted in transit (TLS) and at rest.
• Row-Level Security (RLS) in the database — your data is isolated from other users.
• Pseudonymisation: Pipeline events are tagged with a peppered hash (HMAC-SHA-256) which replaces direct user identification in analytical contexts. The hash key (pepper) is stored separately from the database and is never accessible to the client. As long as the hash key exists, the data is considered pseudonymised (i.e. still personal data under GDPR), not anonymised.
• Regular security reviews.
• Automated GDPR purge via scheduled process.
• Anonymisation process: At the retention threshold (24 months), the user ID is removed from pipeline events. The pseudonymised hash is preserved for longitudinal analysis but cannot be traced back to an individual without access to the separate hash key. Genuinely anonymised data is created only at the 36-month step, when individual rows are replaced by aggregated snapshots that cannot be linked to specific persons — regardless of access to the hash key.

11. Children

The service is not directed at persons under 18. We do not knowingly collect data from children.

12. Changes

We may update this policy. Material changes will be notified by email at least 14 days before they take effect.

13. Contact

Questions about privacy? Email privacy@vikkla.com.