Privacy Policy

1. Introduction

Äri Operasys OÜ ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ÄRI platform (the "Service").

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller for your personal data is:

3. Information We Collect

3.1 Information You Provide

When you register and use our Service, you may provide us with:

• Account Information: Name, email address, password, and profile photo
• Profile Information: Birth date, location (city, country), headline, summary, description, website URL
• Professional Information: Work experience, education, skills, projects, and industry information
• Language Information: Languages spoken, proficiency levels, and language demonstration videos
• Documents: Resume/CV files you upload
• Company Information: Company name, address, phone number, email, industry, logo, and description (for company accounts)
• Service Information: Service titles, descriptions, pricing, and availability (for service providers)
• Payment Information: Billing details processed through Stripe (we do not store full payment card numbers)
• Communications: Messages exchanged with other users through our platform

3.2 Information Collected Automatically

When you use our Service, we may collect:

• Device Information: Device type, operating system, browser type, and unique device identifiers
• Usage Information: Pages visited, features used, and time spent on the platform
• Log Data: IP address, access times, and referring URLs
• Cookies and Similar Technologies: See our Cookie Policy for details

4. Legal Basis for Processing

We process your personal data based on:

• Contract Performance: Processing necessary to provide you with the Service you requested (account management, service transactions)
• Consent: Where you have given explicit consent (marketing communications, optional profile features)
• Legitimate Interests: For improving our Service, ensuring security, and preventing fraud
• Legal Obligation: When required to comply with applicable laws or regulations

5. How We Use Your Information

We use your personal data to:

• Provide, maintain, and improve our Service
• Create and manage your account
• Display your profile to other users and potential employers
• Process transactions and send related information
• Enable communication between users
• Send administrative messages, updates, and security alerts
• Respond to your comments, questions, and customer service requests
• Analyze usage patterns to improve user experience and develop new features
• Detect, prevent, and address fraud and security issues
• Comply with legal obligations

6. Data Sharing and Disclosure

We may share your personal data with:

6.1 Other Users

Your profile information, including name, photo, professional details, and language videos, is visible to other users of the platform. Companies can view candidate profiles for recruitment purposes.

6.2 Service Providers

We work with third-party companies to provide our Service:

• Stripe: Payment processing (Stripe, Inc. - US-based with EU operations)
• Cloudflare R2: File storage for images, videos, and documents (Cloudflare, Inc. - US-based with global network)
• Convex: Database services (Convex, Inc. - US-based)

These providers process data on our behalf and are bound by data processing agreements that ensure GDPR compliance.

6.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the EU Commission
• EU-U.S. Data Privacy Framework certification (where applicable)
• Binding corporate rules of our service providers

8. Data Retention

We retain your personal data for as long as necessary to:

• Provide the Service and maintain your account
• Comply with legal and regulatory requirements
• Resolve disputes and enforce our agreements

Generally, we retain:

• Account data: Until you request deletion
• Transaction records: 7 years for tax and accounting purposes
• Messages: 3 years after last activity, unless deleted earlier
• Log data: 90 days

After the retention period expires, we securely delete or anonymize your data.

9. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain circumstances
• Right to Restriction: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise your rights, please contact us at contact@ari.com.ee. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL)
• Encryption of data at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Employee training on data protection

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us immediately.

12. Cookies

We use cookies and similar tracking technologies to enhance your experience. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy. Cookie Policy

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" above. We encourage you to review this Privacy Policy periodically.

14. Supervisory Authority

If you are in the European Union and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. Our lead supervisory authority is:

15. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us: