Privacy Policy

This policy describes how Vikkla("we", "the service") processes your personal data when you use the service. Prouder AB, a Swedish company, is the data controller.

1. Data we collect

• Account data: email address (for login via magic link).
• Profile data: name, job title, experience, skills — only what you enter yourself.
• Saved jobs and applications: links, titles, employers, deadlines, your notes and kanban board status.
• Generated documents: CV and cover letter drafts created by the AI. These are stored linked to your account.
• Activity report data (optional, Swedish users only): If you use the AF (Arbetsförmedlingen) reporting feature, we may process data related to activity reporting to the Swedish Public Employment Service, such as dates, activity types and descriptions. No personal identity numbers (personnummer) are collected or stored.
• Payment data: handled by Stripe. We never store card numbers — only a Stripe customer ID.
• Technical logs: anonymised error reporting for operations and security. No tracking cookies.

2. Purposes and legal basis

We process your data to:

• Deliver the service under our contract with you (Art. 6.1.b GDPR) — account, saved jobs, AI-generated documents, reminders.
• Comply with legal obligations such as accounting requirements (Art. 6.1.c) — invoices retained for 7 years under Swedish law.
• Send service-related messages such as deadline reminders and follow-up nudges — part of the service agreement.
• Marketing — only with your explicit consent (Art. 6.1.a). You may withdraw consent at any time.

3. Where your data is stored

All data is stored in the EU:

• Database and authentication: Supabase (Frankfurt, Germany).
• Hosting: Vercel (EU regions).
• AI processing: Anthropic (Claude API) under their DPA with EU Standard Contractual Clauses (SCC). Your documents are never shared outside the service.
• Payments: Stripe (EU infrastructure).
• Email: Resend (transactional email) with EU-SCC.

No personal data is transferred to a third country without adequate safeguards.

4. How long we keep your data

• Active accounts: for as long as the subscription is active.
• Cancelled accounts: 30-day grace period for reactivation, followed by permanent deletion via CASCADE DELETE (all saved jobs, CVs, letters, AF data and logs are erased).
• Accounting records (invoices): 7 years under Swedish bookkeeping law.
• LinkedIn data (if you connect your profile): maximum 48 hours, then automatically deleted.
• AF report data: deleted when the account is closed or when you manually remove the data.

5. Your rights

Under GDPR you have the right to:

• Access — obtain a copy of all your data (data export available in app settings).
• Rectification — correct inaccurate data. Most corrections can be made directly in the app.
• Erasure — delete your account. Deletion uses CASCADE so all saved jobs, CVs, letters, AF data and logs are permanently removed.
• Restriction — restrict processing under certain conditions.
• Objection — object to processing.
• Data portability — receive your data in a machine-readable format.
• Complaint — lodge a complaint with the Swedish Data Protection Authority (IMY), imy.se, or your local supervisory authority.

Contact privacy@vikkla.com to exercise your rights. We respond within 30 days.

6. Sub-processors

7. Cookies

We use essential cookies only for login and session management. No tracking, analytics or marketing cookies.

8. Security measures

• All data encrypted in transit (TLS) and at rest.
• Row-Level Security (RLS) in the database — your data is isolated from other users.
• Regular security reviews.
• Automated GDPR purge via scheduled process.

9. Children

The service is not directed at persons under 18. We do not knowingly collect data from children.

10. Changes

We may update this policy. Material changes will be notified by email at least 14 days before they take effect.

11. Contact

Questions about privacy? Email privacy@vikkla.com.