Skip to main content
pliqa

Privacy Policy

Last updated: July 2025

1. Data Controller

The data controller for pliqa is Swift Impact Ventures, Vienna, Austria. For any data protection inquiries, contact us at privacy@pliqa.app.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: Name, email address, profile picture (provided during registration or via social login)
  • Resume data: Work history, education, skills, and other information contained in uploaded resumes
  • Preference data: Job preferences, location preferences, salary expectations
  • Usage data: Pages visited, features used, session duration (collected via analytics)
  • Device data: Browser type, operating system, IP address (for security and fraud prevention)

3. Legal Basis for Processing (GDPR Art. 6)

We process your data based on:

  • Contract performance (Art. 6(1)(b)): To provide the Service you signed up for
  • Consent (Art. 6(1)(a)): For optional features like marketing emails and analytics cookies
  • Legitimate interest (Art. 6(1)(f)): For security, fraud prevention, and service improvement
  • Legal obligation (Art. 6(1)(c)): For tax and accounting records related to payments

4. How We Use Your Data

  • AI-powered job matching and resume analysis
  • Providing and improving our Service
  • Sending transactional emails (account, billing)
  • Marketing communications (only with consent)
  • Analytics to improve user experience
  • Security monitoring and fraud prevention

5. AI Processing

pliqa uses artificial intelligence to analyze resumes and match candidates with job opportunities. Your resume data is processed by Google Gemini AI models. We do not use your data to train AI models. AI-generated results are suggestions only — no automated decisions are made that produce legal effects concerning you (GDPR Art. 22).

6. Data Sharing

We share data only with:

  • Firebase (Google): Authentication services (EU/US data processing)
  • Stripe: Payment processing (PCI DSS compliant)
  • Cloudflare: Application hosting, database (D1), and edge network (global, EU-inclusive regions)
  • Google Cloud: AI processing (Gemini API)
  • Resend: Transactional email delivery (EU-US DPF certified)

All processors are bound by data processing agreements (DPAs). For US-based processors, transfers are governed by Standard Contractual Clauses (SCCs) and/or the EU-US Data Privacy Framework.

7. Your Rights (GDPR Art. 15–22)

You have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data ("right to be forgotten", Art. 17)
  • Restrict processing (Art. 18)
  • Data portability — receive your data in a machine-readable format (Art. 20)
  • Object to processing based on legitimate interest (Art. 21)
  • Withdraw consent at any time without affecting lawfulness of prior processing (Art. 7(3))

To exercise these rights, email . We will respond within 30 days. privacy@pliqa.app.

8. Data Retention

We retain your data for as long as your account is active. After account deletion, personal data is erased within the following timeframes:

  • Account data: Deleted within 30 days of account deletion
  • Resume data: Deleted within 30 days of account deletion
  • Usage/analytics data: Anonymized within 90 days of account deletion
  • Billing records: Retained for 7 years per Austrian BAO §132 (tax retention obligation)
  • Consent records: Retained for 3 years after consent withdrawal (GDPR accountability, Art. 5(2))
  • Security logs: Retained for 6 months, then automatically purged

9. Cookies

We use strictly necessary cookies for authentication and session management. Optional cookies (analytics, marketing) are only set with your explicit consent, in compliance with TKG 2021 §165 and the ePrivacy Directive. You can manage preferences via our cookie banner.

10. Security

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encrypted storage, access controls, and regular security audits. In the event of a data breach affecting your rights, we will notify the Austrian DPA (dsb.gv.at) within 72 hours and inform affected users without undue delay (GDPR Art. 33–34).

11. Supervisory Authority

You have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde): www.dsb.gv.at

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The current version is always available at this URL.

© 2026 Swift Impact Ventures. All rights reserved.