In short: We collect only what we need to provide your AI career assessment. Your data is stored on EU servers, encrypted, and never sold or used for advertising. You can request deletion at any time. We comply fully with GDPR.
1. Who We Are
CareerAI Audit is operated by Daily Lab ("we," "us," "our"). We provide AI-powered career exposure assessments for professionals concerned about workplace automation.
Contact: support@dailylab.space
Data Protection Officer: support@dailylab.space
2. What Data We Collect
2.1 Assessment Data
When you complete the career assessment quiz, we collect:
- Job title and role description
- Industry and company size
- Task breakdown and work patterns
- Skills and AI tool familiarity
- Career goals and concerns
2.2 Account Data
If you purchase the full report, we collect:
- Email address (required for report delivery)
- Name (optional, for personalization)
- Country (for VAT compliance)
2.3 Payment Data
Payment processing is handled by Creem, our PCI-DSS compliant payment processor. We do not store your credit card details. Creem collects:
- Payment method information
- Billing address
- Transaction details
See Creem's privacy policy for details on how they handle payment data.
2.4 Technical Data
We automatically collect:
- IP address (anonymized after 30 days)
- Browser type and version
- Device type (desktop, mobile, tablet)
- Approximate location (country-level only)
- Pages visited and time spent
2.5 Cookies
We use strictly necessary cookies for:
- Session management (keeping you logged in)
- Security (CSRF protection)
- Assessment progress (so you can resume if interrupted)
We do NOT use:
- Advertising cookies
- Third-party tracking cookies
- Social media pixels
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Generate your AI career assessment report | Contract performance (you purchased the service) |
| Send report via email | Contract performance |
| Process payment and issue invoices | Contract performance & Legal obligation (VAT) |
| Provide customer support | Contract performance & Legitimate interest |
| Improve assessment accuracy and model | Legitimate interest (anonymized, aggregated data only) |
| Prevent fraud and abuse | Legitimate interest & Legal obligation |
| Send important service updates | Legitimate interest (e.g., policy changes, security issues) |
We do NOT:
- Sell your data to third parties
- Use your data for advertising
- Share your assessment results with employers or recruiters
- Send marketing emails (unless you explicitly opt in)
- Use your data to train public AI models
4. Data Storage and Security
4.1 Where We Store Data
All personal data is stored on servers located in the European Union (Frankfurt, Germany) via Supabase EU hosting.
4.2 How We Protect Data
- Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.3)
- Access control: Only authorized personnel can access personal data
- Regular backups: Encrypted backups stored in EU data centers
- Monitoring: Automated security monitoring and intrusion detection
- Regular audits: Annual security reviews and vulnerability scans
4.3 Data Retention
- Assessment data: Retained for 3 years, then automatically deleted
- Account data: Retained while your account is active, deleted 30 days after account closure
- Purchase records: Retained for 7 years (EU tax law requirement)
- Anonymized analytics: Retained indefinitely (cannot be linked back to you)
- IP addresses: Anonymized after 30 days
5. Data Sharing
We share your data only with these trusted service providers:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database hosting | All account and assessment data | EU (Frankfurt) |
| Creem | Payment processing | Payment details, email, country | EU-compliant |
| Vercel | Website hosting | IP address, browser data (anonymized) | EU region |
| Anthropic | AI report generation | Assessment responses only (no email/name) | US (Standard Contractual Clauses) |
Legal disclosure: We may disclose your data if required by law (e.g., court order, tax authority request) or to protect our legal rights.
6. Your GDPR Rights
Under the General Data Protection Regulation (GDPR), you have these rights:
6.1 Right to Access
Request a copy of all personal data we hold about you. We'll provide this in a machine-readable format (JSON or CSV).
6.2 Right to Rectification
Correct any inaccurate or incomplete data. You can update most data yourself via your account settings.
6.3 Right to Erasure ("Right to be Forgotten")
Request deletion of all your personal data. Note: We must retain purchase records for 7 years due to EU tax laws.
6.4 Right to Restriction
Request that we stop processing your data (but not delete it) while we resolve a dispute.
6.5 Right to Data Portability
Receive your data in a structured, machine-readable format to transfer to another service.
6.6 Right to Object
Object to data processing based on legitimate interest. We'll stop unless we have compelling legitimate grounds.
6.7 Right to Withdraw Consent
Withdraw consent for any data processing that requires it (e.g., marketing emails).
6.8 Right to Lodge a Complaint
File a complaint with your local data protection authority if you believe we've violated GDPR.
To exercise any of these rights:
Email support@dailylab.space with subject line "GDPR Request"
We'll respond within 30 days (as required by GDPR).
7. Children's Privacy
Our service is not intended for users under 16. We do not knowingly collect data from children. If we discover we've collected data from a child under 16, we'll delete it immediately.
If you're a parent and believe your child has provided us with personal data, contact us at support@dailylab.space.
8. International Transfers
Your data is primarily stored in the EU (Frankfurt). When we use US-based services (e.g., Anthropic for AI processing), we ensure GDPR compliance through:
- Standard Contractual Clauses (SCCs): EU-approved contract terms
- Data minimization: We send only necessary data (no personal identifiers)
- Encryption: All data is encrypted in transit
9. Automated Decision-Making
Our AI assessment system involves automated analysis of your responses to generate a risk score and recommendations.
You have the right to:
- Request human review of the assessment
- Contest the assessment results
- Receive an explanation of how the score was calculated
Contact support@dailylab.space to exercise these rights.
10. Marketing Communications
We do NOT send marketing emails by default.
If you opt in to our newsletter:
- You'll receive occasional career advice and AI trends (max 2 emails/month)
- You can unsubscribe anytime via the link in every email
- We'll never sell your email to third parties
11. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements.
If we make material changes:
- We'll email you at least 30 days before changes take effect
- We'll post a notice on our website
- We'll update the "Last updated" date at the top
Continued use of our service after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
For privacy questions, GDPR requests, or data concerns:
- Email: support@dailylab.space
- Subject line: "Privacy Policy" or "GDPR Request"
- Response time: Within 48 hours for urgent matters, 30 days maximum for GDPR requests
13. EU Representative
If you're based in the EU and have concerns about our data practices, you can contact our EU representative:
Daily Lab
Email: support@dailylab.space
14. Supervisory Authority
If you're unsatisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection authority:
- Find your authority: edpb.europa.eu/members
Questions about this policy?
Email support@dailylab.space — we're here to help.