Legal

Privacy Policy

Last updated: 2026. Effective for all use of Vacario from this date.

Template notice: this page is a standard SaaS privacy-policy draft aligned with GDPR concepts, not legal advice. Have it reviewed by a lawyer (or a GDPR/DPO specialist if you serve EU/UK users at scale) before relying on it commercially.

1. Who controls your data

Asim Aliiev, an individual based in Poznań, Poland, is the data controller for personal data processed through Vacario. Contact us about privacy matters at asim.aliew1967@gmail.com.

2. What we collect

  • Account data: email address and a securely hashed password.
  • CV and career data: the content of CVs you import or paste (name, contact details, work history, education, skills), cover letters, and any notes you add to jobs or applications.
  • Job search activity: saved searches, tracked jobs, application statuses, and interview-prep sessions you create.
  • Payment data: handled directly by Stripe. We store only the resulting transaction record (amount, date, product, status) — never your full card number.
  • Telegram data (optional): if you connect Telegram notifications, we store your Telegram user ID to deliver messages; we do not access your other Telegram activity.
  • Technical data: IP address, request logs, and a request identifier, kept for security, abuse prevention, and debugging.

3. How we use it

We use your data to:

  • Provide the Service: store your CVs, run job searches, track applications, and generate AI-assisted suggestions you request.
  • Process payments and maintain your AI credit balance, including refund/chargeback adjustments.
  • Send Service-related notifications (in-app, and via Telegram if you connect it).
  • Maintain security, prevent abuse, and debug issues (request logs, error tracking).
  • Comply with legal obligations, such as tax and accounting record-keeping for payments.

We do not sell your personal data, and we do not use your CV content to train third-party AI models beyond what is strictly necessary to generate the specific output you requested in that session.

4. Legal basis (GDPR)

If you are in the EU/EEA or UK, we process your data on these bases:

  • Contract: processing your CV, job, and application data to provide the Service you signed up for.
  • Consent: optional integrations you explicitly enable, such as Telegram notifications.
  • Legitimate interest: security logging, fraud/abuse prevention, and service improvement.
  • Legal obligation: retaining payment records as required by tax law.

5. Who we share data with

We share limited data with the following processors, solely to operate the Service:

  • Stripe (payment processing) — receives what's needed to process a purchase.
  • OpenAI (or another configured AI provider) — receives the specific CV/job text you submit for an AI action, solely to generate that response. It is not used to train OpenAI's models under standard API terms at the time of writing; confirm current terms with your provider.
  • Telegram (optional) — receives your Telegram user ID and message content only if you connect notifications.
  • Hosting/infrastructure providers — process data as needed to run the servers and database that host Vacario.

We do not sell personal data to third parties or share it for their independent marketing purposes.

6. International transfers

Some of our processors (including our AI provider and payment processor) may process data outside your country of residence, including in the United States. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.

7. How long we keep your data

We keep your account and CV data for as long as your account is active. If you delete your account, we delete your CV content, job data, and uploaded files within 30 days, except for payment records we are legally required to retain for accounting/tax purposes (typically 5–10 years depending on jurisdiction) and security logs kept for a limited period for abuse prevention.

8. Your rights

Subject to applicable law (including GDPR if you're in the EU/EEA/UK), you can ask us to:

  • Give you a copy of the personal data we hold about you (access).
  • Correct inaccurate data (rectification).
  • Delete your account and associated data (erasure).
  • Provide your data in a portable format (portability).
  • Object to or restrict certain processing.
  • Withdraw consent for optional features (e.g., disconnect Telegram) at any time.

To exercise any of these rights, contact asim.aliew1967@gmail.com. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies and sessions

Vacario uses a single, essential session cookie to keep you signed in and to protect against cross-site request forgery. We do not use third-party advertising or tracking cookies.

10. Security

Passwords are stored using salted PBKDF2 hashing, never in plain text. Traffic to Vacario is encrypted in transit (HTTPS) in production. Access to production data is restricted to what's needed to operate the Service. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Children's privacy

Vacario is not directed at children under 16. We do not knowingly collect personal data from children under that age. If you believe a child has provided us data, contact us and we will remove it.

12. Changes to this policy

We may update this policy from time to time. Material changes will be reflected in the "Last updated" date above, and where required by law, we will notify you directly.

13. Contact

Questions about this policy or your data? Contact us at asim.aliew1967@gmail.com.