Ai-Vitae

Privacy PolicyYour Data, Your Rights

How we collect, use, and protect your personal information

Last Updated: 25 February 2026

Data Controller: Ai-Vitae, Ireland — orders@ai-vitae.store

1. Who We Are

Ai-Vitae (“we”, “us”, “our”) is an AI-powered CV and career document service based in Ireland. We operate the website at ai-vitae.store. For the purposes of the General Data Protection Regulation (GDPR), we are the Data Controller of the personal data you submit to us.

Contact us at any time regarding your data: orders@ai-vitae.store

2. What Data We Collect

When you place an order, we collect:

  • Identity data: Your full name
  • Contact data: Your email address
  • CV / career document: The file you upload (PDF, DOCX, or plain text), which contains your employment history, qualifications, and any other personal information you choose to include
  • Job description: The role or position you are targeting
  • Payment data: Transaction reference, order amount, and currency (we do not store card numbers — these are handled exclusively by Stripe)
  • Order metadata: Package tier, selected add-ons, order ID, timestamp

We collect only what is strictly necessary to deliver your service. We do not collect phone numbers, postal addresses, or social media profiles unless you choose to include them in your CV.

3. Why We Process Your Data and Our Lawful Basis

Service Delivery — Contract Performance (Article 6(1)(b) GDPR)

We process your name, email, CV, and job description to rewrite your documents using AI and deliver the completed files to you. This is the core purpose of the contract you enter when placing an order.

Payment Processing — Contract Performance (Article 6(1)(b) GDPR)

We process transaction metadata to confirm payment and fulfill your order. Card data is processed by Stripe under their own data controller obligations.

Legal and Accounting Records — Legal Obligation (Article 6(1)(c) GDPR)

We retain order records (order ID, email, amount, date) for 7 years to comply with Irish tax and accounting law.

We do not use your data for marketing, profiling, or advertising purposes.

4. AI Processing — How Your Data Is Used

Important: Your CV and job description are processed by third-party AI systems to generate your rewritten documents. By placing an order, you consent to this processing.

Our AI models are instructed to work only from the information you provide. They do not add qualifications, employment history, achievements, or metrics that are not present in your original CV.

Depending on the package you select, your CV and job description are sent to one or more of the following AI providers:

  • Anthropic, Inc. (Claude Sonnet / Claude Opus) — used for Premium and Executive tier processing
  • OpenAI, LLC (GPT-4o-mini) — used for Starter and Standard tier processing

Both providers are US-based. Data transfers are covered by Standard Contractual Clauses (SCCs) under GDPR Article 46. Neither provider uses your submitted data to train their models without explicit opt-in (which we do not enable). For their data handling policies, see Anthropic Privacy Policy and OpenAI Privacy Policy.

5. Third-Party Sub-Processors

We use the following third-party services to operate our platform. Each has a data processing agreement in place with us or operates under GDPR-adequate safeguards:

ProviderPurposeData SharedLocation
Stripe, Inc.Payment processingEmail, order amountUS / EU (SCC)
Supabase, Inc.Secure file and order data storageCV file, order metadataEU (Frankfurt)
Anthropic, Inc.AI document rewriting (Premium/Executive)CV content, job descriptionUS (SCC)
OpenAI, LLCAI document rewriting (Starter/Standard)CV content, job descriptionUS (SCC)
Google LLCDocument formatting (Editable Word add-on) and email deliveryCV content (formatting only), email addressEU / US (SCC)
Hetzner Online GmbHServer infrastructure (workflow automation)All order data (in transit)EU (Germany)
Vercel, Inc.Website hostingIP address, usage dataUS / EU (SCC)

6. Data Retention

  • Your CV file and job description: Stored securely for 90 days after your order is completed, then permanently deleted from our systems.
  • Completed document files (rewritten CV, cover letter, LinkedIn text, editable DOCX): Stored for 90 days after delivery, then permanently deleted.
  • Order records (order ID, email, package, amount, date): Retained for 7 years to comply with Irish tax and accounting obligations, then deleted.
  • Email correspondence: Retained for up to 2 years for support and dispute resolution purposes.

You may request early deletion of your data at any time — see Section 8 below.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • All data transmitted over HTTPS/TLS encryption
  • CV files stored in private, access-controlled cloud storage (not publicly accessible)
  • Row-level security on our database
  • API keys and credentials stored as encrypted environment variables, never in source code
  • Server infrastructure hosted within the EU (Hetzner, Frankfurt)

No method of electronic transmission or storage is 100% secure. In the event of a data breach affecting your rights and freedoms, we will notify you and the Data Protection Commission within 72 hours as required by GDPR Article 33.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights. To exercise any of them, email us at orders@ai-vitae.store with your order ID and we will respond within 30 days.

Right of Access (Article 15)

Request a copy of all personal data we hold about you.

Right to Rectification (Article 16)

Ask us to correct inaccurate data we hold about you.

Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your personal data. We will comply unless we are required to retain it for legal obligations (e.g. accounting records).

Right to Restrict Processing (Article 18)

Ask us to pause processing your data in certain circumstances.

Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format.

Right to Object (Article 21)

Object to processing based on legitimate interests.

Rights Related to Automated Decision-Making (Article 22)

Our service involves automated processing of your CV by AI. You have the right to request human review of AI-generated output. Contact us and we will manually review your documents.

Right to Lodge a Complaint

You have the right to complain to the Irish Data Protection Commission (DPC) at dataprotection.ie if you believe we have handled your data unlawfully.

9. Cookies

We use only essential cookies required for the site to function (e.g. your cookie consent preference and cart state). We do not use advertising or behavioural tracking cookies. For full details, see our Cookie Policy.

10. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the “Last Updated” date at the top and, where appropriate, notify customers by email. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For any questions or requests regarding your personal data:

Supervisory Authority: Data Protection Commission (DPC), Ireland — dataprotection.ie