Privacy policy.

Your CV, LinkedIn import, Buddy chat messages, application drafts and connected-email parsing are analysed by Mistral AI, processed on servers in the European Union (France). We use Mistral’s paid API tier, under which (per Mistral’s terms) your content is not used to train models.

If you want to try uptayn without exposing real data, use mock mode (sample analysis, your data is not sent to any AI) and join the waitlist. Running a real analysis is opt-in and you confirm this notice before your data is sent.

The controller responsible for this processing is:

Troels Enigk
Email: troelsenigk@mail.de

An account requires an email address (and a password, or a Google sign-in). If you upload a CV or import a LinkedIn profile, that content is stored so roles can be graded against it. We also store the applications you choose to track, the chat messages you send to the assistant, and basic first-party product-usage events needed to operate the service. If you join the waitlist we store the email and optional role note you submit.

Account and tracking data: performance of our service to you (Art. 6 (1)(b) GDPR). AI analysis of your CV / LinkedIn / chat: your consent (Art. 6 (1)(a)), given when you opt in to a real analysis, and you can withdraw it at any time. Usage events and security logs: our legitimate interest in operating and securing the service (Art. 6 (1)(f)). Waitlist email: your consent (Art. 6 (1)(a)). Product-update emails: your consent (Art. 6 (1)(a)), given by the optional box at onboarding, withdrawable at any time. During the beta we may occasionally email you to ask for feedback on the product; this is based on our legitimate interest in improving an early-stage service (Art. 6 (1)(f)). You can object to these emails at any time (Art. 21), most simply via the unsubscribe link included in every such email.

We use the following processors (Art. 28 GDPR):

• Supabase: database and authentication hosting (EU region).
• Cloudflare: website hosting, content delivery and security.
• Mistral AI (France, EU): analysis of your CV / LinkedIn import, Buddy chat messages, application drafting, and parsing of connected-email content. Paid API tier; per Mistral’s terms, not used to train models.
• Google Cloud Vertex AI (EU, europe-west4): generates the numerical embedding of your profile used to match you to roles; processed in the EU.
• Google (Gemini AI) (US): generates embeddings of public job listings (no personal data).

We do not sell personal data or use advertising trackers.

Our database (Supabase), all AI analysis of your content (CV, LinkedIn, Buddy chat, drafts, email) by Mistral and your profile embedding (Google Vertex AI) are processed in the European Union. Some processing happens outside the EU/EEA, in the United States: our content-delivery / security provider (Cloudflare) and the embedding of public job listings. Those transfers rely on the EU Standard Contractual Clauses and/or an adequacy decision such as the EU–US Data Privacy Framework.

We use only essential storage required to deliver the site and to keep you signed in. We do not set marketing or tracking cookies.

The job listings shown on the site are aggregated from public careers pages and their applicant-tracking systems. They are factual postings published by the hiring companies.

In line with the storage-limitation principle (GDPR Art. 5(1)(e)), product usage-analytics events are kept for at most 180 days and then automatically deleted. Aggregate, non-identifying statistics derived from them may be retained longer. Your account profile and tracked applications are kept until you delete them or erase your account; limited security, audit and AI-provider logs may be retained where required for security or legal compliance.

Under the GDPR you have the right to access, rectify, erase or restrict processing of your personal data, the right to data portability, and the right to object to processing based on our legitimate interest. Where processing relies on consent you may withdraw it at any time. You can delete your tracked applications in the app, and to erase your account and personal data you can email us; we action GDPR Art. 17 erasure requests within one month. Limited security, audit and AI-provider logs may be retained where required for security or legal compliance. AI analysis of your content runs on Mistral’s paid EU tier, which per its terms is not used to train models, so there is no training-eligible copy held by the AI provider. To exercise any right, email troelsenigk@mail.de.

You have the right to lodge a complaint with a data-protection supervisory authority. Given our establishment in Berlin, Germany, the competent authority is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

This policy will be updated as the product matures and as we formalise our processor agreements (data-processing agreement and full sub-processor list).