Privacy Request Back to vaicat
📅 Effective: December 28, 2025 🇪🇺 GDPR Compliant

Privacy Policy (EU)

This policy explains how vaicat B.V. collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable EU privacy laws.

🔒
Your Data Stays in Europe: We do not transfer personal data to countries outside the European Union. All data processing occurs within the EU/EEA.
Key Points
  • We do not sell your personal data
  • We do not use your data to train AI models without explicit consent
  • You have full GDPR rights including access, deletion, and portability
  • Data is retained only as long as necessary
  • You can file complaints with the Dutch Data Protection Authority
Contents

1. Data Controller

1.1 Controller Identity

vaicat B.V.
A private limited company incorporated under Dutch law
Noordeinde 99B, 2514 GD, The Hague, Netherlands

1.2 Contact Details

For privacy-related inquiries, contact us at privacy@vaicat.com. We aim to respond within 30 days as required by GDPR.

2. Data We Collect

2.1 Information You Provide

Category Data Types Purpose
Account Basics Name, email, hashed password, language preferences Account creation and authentication
Profile Data Photo, headline, location, work history, education, skills Optional profile features
Content Posts, comments, messages, uploads Service functionality
Payment Info Payment details (processed by third-party providers) Subscription and purchase processing
Communications Support tickets, feedback, correspondence Customer support

2.2 Automatically Collected Data

  • IP address and approximate location
  • Device type, browser version, operating system
  • Timestamps and session identifiers
  • Usage patterns (pages visited, features used)
  • Diagnostic and error logs

2.3 Cookies

We use cookies for functionality, preferences, and optional analytics. You can manage cookie preferences through your browser settings or our cookie consent tool. Essential cookies required for service operation cannot be disabled.

3. Processing Purposes

We process your personal data to:

  • Provide Services: Operate accounts, enable messaging, deliver features
  • Ensure Security: Prevent abuse, detect fraud, protect accounts
  • Moderate Content: Enforce community guidelines and legal obligations
  • Improve Services: Debug issues, develop new features, conduct analytics
  • Communicate: Send service notifications, respond to inquiries
  • Process Payments: Handle subscriptions and refunds
  • Legal Compliance: Meet tax, accounting, and regulatory requirements
Legal Basis Purpose
Contract (Art. 6(1)(b)) Account functionality, messaging, paid features, service delivery
Legitimate Interests (Art. 6(1)(f)) Security, fraud prevention, platform reliability, service improvement
Consent (Art. 6(1)(a)) Analytics cookies, AI training on personal data, optional features
Legal Obligation (Art. 6(1)(c)) Tax records, regulatory compliance, court orders, law enforcement requests

5. Data Sharing & Disclosure

5.1 No Data Sales

We do not sell your personal data. We never have and never will sell personal information to third parties.

5.2 Limited Sharing

We may share data with:

  • Service Providers: Payment processors, hosting providers, and support tools, under strict contractual obligations
  • Other Users: Content you choose to make public or share with specific users
  • Legal Requirements: When required by law, court order, or to protect safety
  • Business Transfers: In connection with mergers, acquisitions, or asset sales, with appropriate protections

6. AI Features & Training

6.1 No Default Training

We do not use personal data or user content to train general-purpose AI models by default. Any AI training on user data requires explicit opt-in consent.

6.2 Consent Controls

If you previously consented to AI training, you may withdraw consent at any time through your account settings. Withdrawal is immediate and affects future processing.

6.3 Automated Decision-Making

We do not make solely automated decisions that produce legal effects or similarly significantly affect you without human review. You always have the right to request human intervention for automated decisions.

6.4 EUnify Matching

The EUnify app uses rule-based matching (not machine learning) to recommend institutions based on your stated preferences like academic interests, budget, and location.

6.5 mEUvy CathAI

mEUvy includes CathAI, an AI assistant powered by Apple Foundation Models. Key privacy features:

  • On-device processing: CathAI processes data locally on your device
  • No server uploads: Your personal data is not sent to external AI services
  • Transparent classification: CathAI is classified as "limited risk" under the EU AI Act
  • Can be disabled: You can turn off CathAI in Settings → Privacy & Consent

7. Data Retention

Data Type Retention Period
Account data Active account period + 30 days after deletion
Deleted content Removed from active systems promptly
Security logs Limited period based on security needs
Payment records As required by tax and accounting law (typically 7 years)
EUnify analytics 12 months, then aggregated/anonymized
EUnify audit logs 24 months
mEUvy account data Active account period + 30 days after deletion
mEUvy salary data Device-only (never uploaded to servers)
mEUvy Talent Bank profile Until you leave or delete account
mEUvy analytics (with consent) Session-scoped, not linked across sessions

8. Your Rights (GDPR Articles 15-22)

Under GDPR, you have the right to:

Right Description
Access (Art. 15) Request a copy of your personal data
Rectification (Art. 16) Correct inaccurate or incomplete data
Erasure (Art. 17) Request deletion of your personal data
Restriction (Art. 18) Limit how we process your data
Portability (Art. 20) Receive your data in a portable format
Objection (Art. 21) Object to processing based on legitimate interests
Withdraw Consent Remove consent at any time for consent-based processing

8.1 Exercising Your Rights

To exercise any of these rights:

We respond to requests within 30 days. Complex requests may take up to 60 days with notification.

8.2 Supervisory Authority

You have the right to file a complaint with a supervisory authority. Our lead authority is:

Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
www.autoriteitpersoonsgegevens.nl

9. Security & Children

9.1 Security Measures

We implement appropriate technical and organizational measures including:

  • Encryption in transit (TLS/HTTPS)
  • Access controls and authentication
  • Regular security assessments
  • Employee training and confidentiality obligations

9.2 Your Responsibility

You are responsible for keeping your login credentials secure. Use strong, unique passwords and enable two-factor authentication where available.

9.3 Children's Privacy

Our Services are not intended for users under 16 years of age. If we learn that we have collected personal data from a child under 16, we will delete it promptly.

10. EUnify-Specific Privacy Controls

🎓
EUnify Privacy Features
Additional privacy controls for EUnify app users

10.1 Data Collection

  • Apple User Identifier: From Sign in with Apple (anonymized relay)
  • Device Identifier: For App Attest security verification
  • Session Analytics: Session-level only (no persistent cross-session tracking)
  • Local Data: Bookmarks, comparisons, and preferences stored on device

10.2 Privacy Controls

In the EUnify app, you can:

  • Disable personalized recommendations (Settings → Privacy)
  • Revoke analytics consent at any time
  • Export bookmarks and preferences locally
  • Delete all local data by uninstalling the app
  • Request server-side deletion via our Privacy Request Portal

11. mEUvy-Specific Privacy Controls

🌍
mEUvy Privacy Features
Additional privacy controls for mEUvy app users

11.1 Data Collection

Data Type Storage Location Purpose
Apple User ID Our servers Account authentication
Screen name, preferences Our servers Profile and recommendations
Salary information Device only Cost of living comparison
Saved cities, comparisons Our servers Sync across devices
Analytics (if consented) Session-scoped App improvement

11.2 Talent Bank Privacy

If you opt into the Talent Bank, verified recruiters can see:

  • Your screen name and professional headline
  • Skills and experience level
  • Preferred cities and relocation willingness
  • Work eligibility status

Recruiters cannot see:

  • Your real name (unless you choose to share)
  • Your email address (unless you choose to share)
  • Your salary information (device-only)
  • Personal moving reasons

11.3 CathAI On-Device Processing

CathAI uses Apple Foundation Models which run entirely on your device. Your personal information is never sent to external AI services for processing. You can disable CathAI in Settings without losing access to other features.

11.4 Privacy Controls

In the mEUvy app, you can:

  • Manage consent settings (Settings → Privacy & Consent)
  • Leave the Talent Bank at any time
  • Export your data in portable format
  • Delete your account and all associated data
  • Disable CathAI while keeping other features
  • Control what recruiters can see in your profile

11.5 Job Listings & Advertising

Job listings marked as "Sponsored" or "Promoted" are paid placements. Per DSA Article 26, we disclose when content is advertising. Sponsored status does not affect job matching algorithms.

12. Policy Updates

We may update this Privacy Policy periodically. Material changes will be communicated through the Services or via email. Continued use after the effective date indicates acceptance of updates.

We recommend reviewing this policy regularly. The "Effective" date at the top indicates the last update.

Privacy Contact Information
Data Protection privacy@vaicat.com
Privacy Request Portal Submit a Request
Dutch DPA autoriteitpersoonsgegevens.nl
Address Noordeinde 99B, 2514 GD
The Hague, Netherlands