Privacy Policy
Last updated: 19 March 2026 · Version 1.2
1. Data Controller
ENGINUITY BV (VAT BE 1008.136.638), with registered office at Kauwstraat 102A, 9550 Herzele, Belgium, trading as Vitae, is the data controller for personal data collected through the Vitae platform. For candidate CV data that you upload and process through the Service, you (the customer) are the data controller and ENGINUITY BV acts as the data processor.
Contact: privacy@ongroup.be
2. Data We Collect
2.1 Account Data
When you create an account, we collect:
- Name (first name and last name)
- Email address
- Phone number (optional)
- Organisation name
- Password (stored as a bcrypt hash — we never store plaintext passwords)
- Google account identifier (if you sign in with Google)
2.2 Candidate Data
When you use the Service to manage CVs, you may upload personal data about candidates, including but not limited to:
- Name, contact information, date of birth, nationality
- Professional history, education, skills, and languages
- CV documents (PDF, DOCX) and profile photos
- Professional summaries and motivational text
You are the data controller for candidate data. You are responsible for ensuring you have a lawful basis to process this data.
2.3 Usage Data
We automatically collect:
- IP address and browser user-agent (for security and consent tracking)
- Timestamps of account creation, logins, and key actions (audit log)
- CV rendering counts (for usage tracking and billing)
We use Umami, a self-hosted, open-source analytics tool to collect anonymous, aggregated page-view statistics. Umami is hosted on our own infrastructure in Germany (Hetzner), does not use cookies, does not collect personal data (no IP addresses, no fingerprints), and does not track users across websites. We do not use Google Analytics, Mixpanel, tracking pixels, or any third-party analytics service.
3. Legal Basis for Processing
We process your personal data under the following legal bases (GDPR Article 6):
- Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service to you, including account management, CV rendering, and billing.
- Consent (Art. 6(1)(a)): We obtain your explicit consent when you register and accept our Terms of Service and this Privacy Policy. You may withdraw consent at any time.
- Legitimate interest (Art. 6(1)(f)): Security monitoring, fraud prevention, and service improvement.
- Legal obligation (Art. 6(1)(c)): Compliance with applicable laws, such as tax and accounting requirements.
4. Data Processors
We use the following third-party services to operate Vitae. Each processor has been selected for its GDPR compliance:
| Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| OpenAI | CV data extraction, text embeddings, job description parsing, candidate–job matching | CV text content (PII redacted), job description text, structured candidate profiles | USA (with EU DPA) |
| Stripe | Payment processing | Email, name, payment details | USA (with EU DPA) |
| Resend | Transactional email delivery | Email address, name | USA (with EU DPA) |
| OAuth authentication (optional) | Google profile data (if you use Google Sign-In) | USA (with EU DPA) | |
| Hetzner | Server infrastructure hosting | All data (encrypted at rest and in transit) | Germany (EU) |
For processors based outside the EU, we rely on Standard Contractual Clauses (SCCs) and the processor's Data Processing Agreement (DPA) to ensure adequate protection.
5. AI-Assisted Processing
Vitae uses artificial intelligence to assist with CV data processing. This section explains which AI models we use, what data is shared with them, and your rights regarding AI-assisted decisions. This disclosure is provided in accordance with the EU AI Act (Regulation 2024/1689) and GDPR Articles 13–14.
5.1 AI Features
We use the following AI capabilities within the Service:
| Feature | AI Model | Purpose | Data Sent |
|---|---|---|---|
| CV Data Extraction | GPT-5.2 (OpenAI) | Extract structured fields (name, experience, education, skills) from uploaded CV documents | CV text content with PII redacted |
| Text Embeddings | text-embedding-3-small (OpenAI) | Generate numerical representations of candidate profiles for similarity search | Structured candidate profile text |
| Job Description Parsing | GPT-5.2 (OpenAI) | Extract structured requirements from job descriptions for candidate matching | Job description text |
| Candidate–Job Matching | GPT-5.2 (OpenAI) | Score and rank candidates against job requirements with explanatory reasoning | Structured candidate profiles and job requirements |
5.2 PII Safeguards
Before any candidate data is sent to AI models, personal identifiable information (phone numbers, email addresses) is redacted and replaced with placeholders. AI models process professional content only — work history, education, skills, and qualifications. This minimises the personal data shared with our AI processor.
5.3 No Autonomous Decisions
AI outputs — including extracted CV fields, similarity scores, and match rankings — are always presented to a human user for review. Vitae does not make autonomous hiring or rejection decisions. All AI-generated data is advisory; the final decision rests with the human recruiter using the platform. This is consistent with GDPR Article 22 (right not to be subject to solely automated decision-making) and EU AI Act Article 14 (human oversight).
5.4 Data Retention at AI Processor
We use OpenAI's zero-data-retention API configuration. Data sent to OpenAI for processing is not retained by OpenAI after the response is returned and is not used to train OpenAI's models.
5.5 Your Rights Regarding AI Processing
- Right to human review (EU AI Act Art. 14): All AI-extracted CV data passes through a merge review interface where you can accept, modify, or reject individual fields before they are saved. Match results are advisory scores that require human interpretation.
- Right to explanation (GDPR Art. 22(3)): Candidate match results include a textual reasoning field explaining why a candidate received a particular score. AI decision logs — recording which model was used, when, and what output was produced — are included in your GDPR data export (Settings → Export Data).
- Right to contest: If you believe an AI-assisted output is incorrect or unfair, you can override it directly in the platform or contact us at privacy@ongroup.be for further review.
5.6 EU AI Act Classification
Vitae is classified as a limited-risk AI system under the EU AI Act. It is used as a productivity tool for recruitment professionals — not for autonomous recruitment decisions. We comply with the transparency obligations in Title IV of the EU AI Act by providing this disclosure and maintaining AI decision logs.
6. Data Retention
- Active accounts: Data is retained for the duration of your account.
- Deleted accounts: When you delete your account, it is immediately deactivated. All personal data is permanently purged after a 30-day recovery window.
- Consent records: Kept for the duration of your account plus 3 years after deletion, as required for demonstrating GDPR compliance.
- Audit logs: Retained for 2 years for security purposes, then anonymised.
- Billing records: Retained for 7 years as required by Belgian tax law.
- AI decision logs: Retained for 2 years for transparency and EU AI Act compliance, then permanently deleted.
7. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): You can request a copy of all personal data we hold about you. Use the "Export Data" button in Settings, or email us.
- Right to rectification (Art. 16): You can update your personal data at any time through your account Settings page.
- Right to erasure (Art. 17): You can delete your account through Settings. Data is purged after the 30-day recovery window.
- Right to data portability (Art. 20): You can export all your data in a structured, machine-readable JSON format using the "Export Data" feature.
- Right to object (Art. 21): You may object to processing based on legitimate interest by contacting us.
- Right to withdraw consent (Art. 7(3)): You may withdraw consent at any time by deleting your account or contacting us. Withdrawal does not affect the lawfulness of prior processing.
To exercise any of these rights, email us at privacy@ongroup.be. We will respond within 30 days.
8. Data Security
We implement the following security measures to protect your data:
- All data is encrypted in transit using TLS 1.2+
- Database encryption at rest on Hetzner infrastructure
- Passwords are hashed with bcrypt (never stored in plaintext)
- API keys are stored as SHA-256 hashes
- JWT-based authentication with token rotation
- Rate limiting on authentication endpoints
- Security headers (CSP, HSTS, X-Frame-Options, etc.)
- Automated daily backups with offsite storage
- Multi-tenancy with strict org-level data isolation
9. International Transfers
Your data is primarily stored on servers in Germany (EU). Some data is transferred to processors in the United States (see Section 4). All international transfers are protected by Standard Contractual Clauses (SCCs) and Data Processing Agreements.
10. Supervisory Authority
If you believe we are processing your personal data in violation of the GDPR, you have the right to lodge a complaint with a supervisory authority. For Belgium, this is the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit).
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service and request your re-consent where required. The "Last updated" date at the top of this page indicates when the policy was last revised.
12. Contact
For privacy-related questions or to exercise your data rights, contact us at: privacy@ongroup.be
ENGINUITY BV
VAT BE 1008.136.638
Kauwstraat 102A, 9550 Herzele, Belgium