Privacy Policy

Effective Date: March 16, 2026
Last updated: March 16, 2026

Tolga Unold Software respects your privacy. This Policy explains how we collect, use, disclose and protect personal data when you use our AI service for generating resumes and cover letters.

1. Data Controller

Tolga A. Unold
Schenkensteinerstr. 18
86609 Donauwörth
GERMANY
VAT ID: DE449768934
Email: mail@tolga-unold.de

2. Data We Collect

We collect only necessary data: • Personal data you upload: name, contact info, work history, education, skills, job descriptions (“User Content”).
• Automatically: IP address, browser type, usage data, timestamps.
• We do not request sensitive data (health, race, etc.); do not upload if present.

3. Purpose & Legal Basis

We process minimal data to provide the Service, generate documents, improve AI (anonymized), and comply with law.
GDPR: contract performance (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), consent where required.
CCPA/CPRA: business purpose (service delivery); we do not sell or share personal data as defined under CCPA.

4. AI Processing

Data is processed by AI models to generate tailored outputs. We apply anonymization/pseudonymization where feasible. No solely automated decisions with legal/significant effect; human review available on request. Opt-out of AI profiling via email.

5. Sharing

Data shared only with subprocessors (cloud/AI providers) as necessary. No sale to third parties.
Current subprocessors: [list actual providers, e.g. AWS, OpenAI – update as needed].

6. International Transfers

Data may transfer outside EU/EEA (e.g. US). Safeguards: EU-U.S. Data Privacy Framework or Standard Contractual Clauses.

7. Retention

User Content kept during account life + 30 days after deletion request, or longer if legally required. Logs retained up to 12 months.

8. Your Rights

GDPR: access, rectification, erasure, restriction, portability, objection, withdraw consent.
CCPA/CPRA: know, delete, opt-out of sale/sharing (we do not sell/share).
Requests: mail@tolga-unold.de. Response within 30/45 days.

9. Security

We use reasonable technical and organizational measures (encryption, access controls). No system is 100% secure.

10. Children

Service not directed to persons under 16. We do not knowingly collect data from children.

11. Changes

We may update this Policy. Check this page for the current version.