RRizzume

Privacy Policy

This is the plain English version of our privacy policy. It says the same things a legalese version would say, in fewer words. If you spot a difference between what this page promises and what Rizzume actually does, we'll have done something wrong. Email privacy@rizzume.co.uk and we'll fix it within 30 days.

Last reviewed: 2026-05-09 · Next review: 2026-08-09 · Version 2.2

Last updated 2026-04-25 · Effective 2026-04-25. Every claim below is backed by documents in our compliance register.

1. Who we are

Rizzume is a trading name of Augustova Limited, a UK company registered in England and Wales. Augustova is the data controller for the personal data you give us when you use Rizzume directly.

If you reach Rizzume through your university or another institution, your institution and Augustova are joint controllers under Article 26 of the UK GDPR. The split of responsibilities sits in your institution's agreement with us. You have the same rights against either of us, exercised through the single contact below.

  • Registered address: England and Wales (available on the Companies House register under Augustova Limited's company number).
  • ICO registration number: (to be inserted on receipt; registration pending)
  • Privacy contact: privacy@rizzume.co.uk
  • Data Protection Lead: Zain Masroor, Director

2. What we collect

We collect only what each feature needs. Here is the full list, no catch-alls.

  • Account data: name, email, hashed password, optional avatar URL.
  • Profile data: university, degree, graduation year, nationality, visa type, right-to-work status, target roles and industries, location.
  • CV data: everything you put in your CV.
  • Interview data: the text of your mock interview Q&A. Auto-deleted after 12 months.
  • ATS scan results: job descriptions you pasted and AI scores.
  • Job tracker entries: companies, roles, salary, deadlines, notes.
  • Payment data: Stripe customer ID and subscription status. We never see your card.
  • Usage counters: numbers of interviews, scans, and CVs this month.
  • Consent log: timestamped record of cookie decisions, plus IP and browser at the moment of consent.
  • Analytics events: only with your opt-in; pseudonymised.
  • CV embedding: a 1536-dimension numerical vector derived from your CV, used to match jobs to your profile. Stored in our EU database; not human-readable. Generated only if you have AI matching enabled (default: on; opt out in Settings Privacy).

2.1 Special categories and free text

We don't ask for special-category data (health, religion, ethnicity, sexual orientation, etc). You can still type it into your own CV or interview answers, and we can't (and won't) block that. When it appears, we process it under UK GDPR Article 9(2)(e) ("manifestly made public by the data subject") together with your account-level consent. You can edit or remove it at any time. Detail in our Appropriate Policy Document.

2.2 Age

Rizzume isn't built for children under 13. We confirm your age at signup. If you're under 16, analytics are off by default and can't be turned on without an explicit action by you.

3. Why we process it, and our lawful basis

PurposeLawful basis
Provide the service you signed up forContract, Art 6(1)(b)
Process your paymentsContract
Keep financial records (7 years)Legal obligation, Art 6(1)(c)
Prevent abuse and rate-limitLegitimate interests
Send you transactional emailsContract
Product analyticsConsent, Art 6(1)(a)
Marketing emailConsent
Admin audit trailLegitimate interests (accountability)
Error trackingLegitimate interests

4. Who processes your data on our behalf

We don't sell your data. Some companies do, and bury that disclosure in section 12 of a 40-page policy. Here's our full list of processors, what each one touches, and where they sit:

  • Supabase (Ireland / EU): database, auth, storage.
  • Anthropic (United States): Claude AI. Contractually does not train on your data. UK IDTA + SCCs filed.
  • OpenAI (United States): embeddings for AI job matching. Contractually does not train on API data. UK IDTA + SCCs filed. Used only when AI matching is enabled (default: on; opt out in Settings Privacy).
  • Stripe (Ireland + US): payments. PCI-DSS Level 1.
  • Resend (US): transactional email. SCCs filed.
  • Posthog (Germany / EU): analytics, only with your consent.
  • Upstash (EU): rate limiting.
  • Sentry (Germany endpoint): error tracking with PII scrubbing.
  • Vercel (UK primary region): hosting.

Each processor has a signed Data Processing Agreement. The full register and Transfer Risk Assessments are public in our compliance register.

5. International transfers

Your primary data lives on Supabase EU (Dublin). Some of it crosses to the US for specific tasks: Anthropic AI inference, parts of Stripe, Resend email, and Vercel operational infrastructure.

Each transfer is covered by the UK International Data Transfer Agreement or by SCCs with the UK Addendum, plus technical safeguards: TLS 1.3 in transit, PII scrubbing on logs and error reports, and short retention windows. We file a Transfer Risk Assessment per processor; available on request.

6. How long we keep it

CategoryRetention
Account + profile + CVs + trackerLife of account (delete any time)
Interview transcripts12 months then auto-deleted
Voice recordings (Premium)24 hours
Billing records7 years (UK tax law)
Analytics events12 months rolling
Consent logRetained for audit; user ID nullified on account deletion
Error tracking logs90 days
GDPR export files24 hours then deleted
CV embeddings (AI matching)Life of CV; deleted within 24h on opt-out or CV deletion

7. Your rights (Data Subject Rights under UK GDPR)

  • Access a copy of your data: request in-app. Delivered within 30 days, usually within minutes.
  • Rectify wrong data: edit it in your profile, CV, or tracker, or email us.
  • Erase your account: delete in-app. Billing records and an anonymised audit row are retained (UK tax law and our own accountability obligations).
  • Restrict or object: email us.
  • Data portability: export delivered as JSON.
  • Withdraw consent: cookie settings in Data & Privacy; unsubscribe link on every marketing email.
  • Not be subject to a solely automated decision with legal or significant effect. We don't make any. Our AI is advisory only.
  • Complain to the ICO: ico.org.uk/make-a-complaint or 0303 123 1113. Try us first; we'd rather hear from you and fix it than read about it from the regulator.

8. Security

Specifically: TLS 1.3 in transit, AES-256 at rest, row-level security policies on every Supabase table, two-factor authentication required on admin accounts, signed Stripe and Supabase webhooks, and continuous error monitoring through Sentry with PII scrubbing.

Cyber Essentials Plus certification is in progress (we'll update this line when it lands). Our breach response runbook is public; if something goes wrong, you can read the same playbook we follow.

9. Cookies

Essential cookies are on by default (you can't log in without them). Analytics and marketing cookies are off by default and require your opt-in. Full list in our cookie policy.

10. AI matching and CV embeddings

When AI matching is enabled, we send the text of your CV to OpenAI once each time you save a meaningful change. OpenAI returns a 1536-number "embedding": a mathematical fingerprint of your skills, experience, and history. The embedding is stored in our EU database and used to rank jobs from Adzuna and Reed by similarity to your profile.

Job descriptions are also embedded once, on first ingestion. Job descriptions are public data, so embedding them carries no personal-data risk.

  • OpenAI does not retain your CV text beyond a 30-day abuse-monitoring window and does not train on it (contractual).
  • The embedding cannot be reversed back to your CV.
  • For our top-20 ranked results we send a short summary to Anthropic Claude to generate a one-sentence "why this job fits" rationale that quotes specific phrases from the job description.
  • Both calls are subject to our usage caps (100 re-ranks per user per day) and logged for cost monitoring.

You can opt out of AI matching at any time in Settings Privacy. Opting out:

  • Stops new CV embeddings from being generated.
  • Deletes any existing CV embedding within 24 hours.
  • Falls the search back to recency-sorted results: no AI ranking, no rationales.

AI matching is advisory only. Match scores are recommendations, not decisions. We never reject, hide, or block jobs from you based on the score without your explicit filter. Your right under UK GDPR Art. 22 (not to be subject to a solely automated decision with legal or significant effect) is preserved, because we don't make any such decisions.

11. Outcome predictions

Once enough users have tracked applications through to interview, offer, rejection, or "no reply", Rizzume can show a predicted interview rate next to each job: "~{n}% interview rate based on {m} applications by users with similar CVs."

That number comes from a small logistic-regression model we retrain weekly on engineered, non-PII features:

  • Match score between CV and job description (the cosine similarity from §10).
  • Whether the role's stated visa stance matches your needs.
  • Whether the employer is on the Home Office sponsor register.
  • Approximate years of experience derived from your CV.
  • Job seniority level derived from the title.
  • Day-of-week and hour you applied (one signal of how busy the recruiter inbox is).
  • Job age (days since first cached).
  • Whether your tracker notes mention a referral.

We train on engineered features only. Never on free CV text, names, email addresses, or salary numbers. The model lives entirely in our EU database; no inference call leaves the platform.

Predictions are advisory. We never hide or block jobs based on a prediction; the badge sits next to results to inform your prioritisation, nothing more. Your right under UK GDPR Art. 22 not to be subject to a solely automated decision with legal or significant effect is preserved, because we don't make any.

Confidence gating. A prediction badge only appears when:

  • We've trained on at least 50 applications across all users; AND
  • The held-out AUC of the latest weekly retrain meets a floor (currently 0.6).

Below either bar, the badge is hidden. We'd rather show nothing than mislead you.

You can opt out in Settings Data & privacy. Opting out removes your existing applications from the training set within 24 hours, prevents future ones from being added, and hides prediction badges in your search results.

12. Changes to this policy

Material changes are announced in-app 30 days before they take effect. Minor clarifications can happen any time and are logged here and in our public git history (every change ever).

13. Contact

Questions, or to exercise any right above: privacy@rizzume.co.uk. We reply within one working day. Rights requests are fulfilled within 30 calendar days, usually within minutes if it's an export or deletion.

This privacy policy is the canonical English version. Translations are available in हिन्दी, 中文, العربية, Español, and Français. Translations are intended for readability; the English version controls in case of any discrepancy.