Privacy Policy

1. Responsible Entity

myKaria – Vennit Technologies
Moorburger Elbdeich 206
21079 Hamburg, Germany
Email: privacy@mykaria.com
Phone: +49 176 66985931

Oluwatobi Lukan is responsible for the processing of personal data within the meaning of the GDPR.

2. Types of Processed Data

We process the following personal data:

3. Purpose of Processing

Data processing takes place for the purpose of:

• Contract fulfillment and customer communication (Art. 6 para. 1 lit. b GDPR) - Providing job application services, account management
• Payment processing via Stripe (Art. 6 para. 1 lit. b GDPR) - Handling subscriptions and billing
• AI-powered document generation (Art. 6 para. 1 lit. b GDPR) - Creating tailored CVs and cover letters
• Technical security and service delivery (Art. 6 para. 1 lit. f GDPR) - Protecting our infrastructure and preventing abuse
• Service improvement (Art. 6 para. 1 lit. f GDPR) - Analyzing usage patterns to enhance features
• Legal compliance (Art. 6 para. 1 lit. c GDPR) - Meeting regulatory requirements

4. Sharing with Third Parties

We do not sell your personal information. We share data only as necessary for service provision:

5. Storage and Deletion

Data retention is based on your activity and consent:

• Active accounts: Data is retained as long as your account is active and you continue to use the service
• Consent renewal: Each time you create a new application, you confirm consent to store your data for the next 6 months
• Inactivity reminders: If you don't create new applications for 6 months, we will send reminder emails
• Automatic deletion: After 6 months of inactivity without consent renewal, your account and all associated data will be automatically deleted
• Manual deletion: You can delete your account at any time by going to Account > Security tab. Your data is removed immediately upon deletion - no waiting period, no email required
• Legal retention: Some data (invoices, tax documents) must be retained for legal periods (typically 10 years under German law)

This policy ensures compliance with data minimization principles while maintaining your information when you're actively job searching.

Data Security Measures

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit (HTTPS/TLS) and at rest
• Secure authentication with password hashing
• Access controls and role-based permissions
• Regular security updates and patches
• Secure payment processing exclusively through Stripe (no card data stored by us)
• Database security and backup procedures
• Monitoring and logging of security events

6. Your Rights

Under GDPR, you have the following rights:

• Right to information (Art. 15 GDPR) - Request a copy of all personal data we hold about you
• Right to rectification (Art. 16 GDPR) - Correct inaccurate or incomplete data via your account settings
• Right to erasure (Art. 17 GDPR) - Request deletion of your data ("right to be forgotten"). You can delete your account immediately at any time by going to Account > Security tab - no email required, data removed instantly
• Right to restriction of processing (Art. 18 GDPR) - Limit how we use your data
• Right to data portability (Art. 20 GDPR) - Export your data in a machine-readable format
• Right to object (Art. 21 GDPR) - Object to processing based on legitimate interests
• Right to lodge a complaint (Art. 77 GDPR) - File a complaint with a data protection authority
• Right to withdraw consent - Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at privacy@mykaria.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Hamburg Commissioner for Data Protection and Freedom of Information (Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit).

Data Retention

We retain your information based on your activity and consent:

• Active accounts: Data is retained as long as your account is active
• Inactive accounts: If you don't create new applications for 6 months, we will send reminder emails
• Automatic deletion: After 6 months of inactivity without consent renewal, your account and all associated data will be automatically deleted
• Data consent renewal: Each time you create a new application, you confirm consent to store your data for the next 6 months
• Manual deletion: You can delete your account at any time by going to Account > Security tab. Your data is removed immediately - no waiting period

This policy ensures your data is not stored indefinitely if you stop using the service, while maintaining your information when you're actively job searching.

7. Cookies and Local Storage

Our website uses only technically necessary cookies and local storage methods that are essential for the operation of the website. These are exempt from the consent requirement according to § 25 para. 2 TTDSG.

Which Technically Necessary Cookies Do We Use?

• Session Cookies: Store temporary information necessary for your login and use of protected areas. Deleted when you close your browser.
• Authentication Tokens: Keep you logged in securely across sessions
• Preference Storage: Remember your settings (language, theme, etc.)

Legal Basis

The use of technically necessary cookies is based on our legitimate interest in the technically flawless operation and basic functionality of our website (Art. 6 para. 1 lit. f GDPR) as well as to fulfill the contract concluded with you for the use of our services (Art. 6 para. 1 lit. b GDPR).

8. AI Processing and Data

When you use our AI-powered document generation features, we process your data as follows:

What Data is Sent to AI Providers?

• Job descriptions (PDF, URL, or text you provide)
• Your profile information (work experience, education, skills)
• Improvement instructions you specify

How is AI Data Processed?

The legal basis is Art. 6 para. 1 lit. b GDPR (contract fulfillment). AI providers process data according to their own privacy policies:

• OpenAI and Anthropic may use data to improve their models (check their privacy policies)
• We assign different AI models based on your subscription tier
• Local models (Ollama) keep data on our servers without third-party transmission

Your Control

You control what information is sent by choosing what to include in your profile and job applications. You can configure your own API keys in settings to use your own AI provider accounts.

9. International Data Transfers

Some of our service providers (e.g., OpenAI, Anthropic, Stripe) are located outside the European Economic Area (EEA), including in the USA.

Data transfers to third countries are secured through:

• EU Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Privacy Shield frameworks where applicable
• Appropriate safeguards as required by Art. 44-49 GDPR

10. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of significant changes via email or through a prominent notice on the service. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: