}

Privacy Policy

How we collect, use, and protect your data

Who we are & contact

Memzo Solutions (“we”, “us”, “our”) acts as the data controller under the UK GDPR and the Data Protection Act 2018. For privacy questions or requests, contact admin@memzocopilot.com.

Information we collect

  • Account Data: name, email address, password (hash), subscription tier, preferences.
  • Age Range: self‑declared band (e.g., 16–17, 18–24, 25–34, 35–44, 45+), used to confirm eligibility (16+) and for aggregated reporting.
  • Geographical Location: country/region/city derived from IP address or user input, to support analytics, localisation, and fraud prevention.
  • Uploaded Content: CVs/resumes, job descriptions, and related documents you submit for optimisation. We do not collect interview answers.
  • Usage & Device Data: IP address, browser, OS, time zone, pages visited, app events, diagnostic logs.
  • Transactional Data: payment status and billing confirmations (processed through secure providers).
  • Support Correspondence: emails or messages you send to our team.

We do not intentionally collect special‑category data (e.g., health, political, religious beliefs). Please avoid uploading such data unless strictly necessary.

How we use your data (lawful bases)

Purpose Examples Lawful Basis
Account setup & authentication Create and maintain your account; enable login Contract performance
Provide core features AI‑powered CV analysis and insights Contract performance / Legitimate interests
Security & abuse prevention Fraud prevention, rate‑limiting, audit logs Legitimate interests
Improve and personalise Product analytics and UX improvements Legitimate interests / Consent (analytics cookies)
Communications Service notices; optional marketing if opted‑in Legitimate interests / Consent
Compliance Tax, accounting, regulatory obligations Legal obligation

AI processing & automation

Some features use AI models to analyse or generate content from the data you supply (e.g., highlighting strengths or suggesting wording for a CV). Inputs are processed securely and only for your requested purpose. We do not sell personal data or train public models on your personal information. We do not conduct automated decision‑making that produces legal or similarly significant effects on you without human review.

Cookies & similar technologies

We use essential cookies for login and security. With your consent, we may use analytics or functional cookies to improve performance. See our separate Cookie Policy for details.

Disclosure of data

  • Service providers: hosting, storage, analytics, payment processing, and customer support under written data‑processing agreements.
  • Professional advisers: legal, accounting, and compliance advisers bound by confidentiality.
  • Regulators or law enforcement: when required by law or necessary to protect rights and safety.
  • Business transfers: in a merger, acquisition, or reorganisation, data will remain protected under equivalent terms.

We do not sell personal data.

International transfers

If data is transferred outside the UK/EEA, we implement appropriate safeguards, including the UK IDTA, EU SCCs, or an ICO‑approved mechanism.

Data retention

Data Type Typical Retention Period
Account information While account is active + 12 months for audit
Uploaded content Until deleted by user or 90 days after account closure
Payment records Minimum 6 years (legal requirement)
Support tickets / logs Up to 24 months for quality and security reviews

We may anonymise data for aggregate analytics once retention limits expire.

Security measures

We implement layered safeguards including encryption in transit, least‑privilege access controls, multi‑factor authentication, audit logging, and periodic testing. No method is entirely infallible; we continually evaluate risks and strengthen controls.

Your rights

  • Access — obtain a copy of your personal data.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion where data is no longer needed.
  • Restriction — limit certain processing in specific circumstances.
  • Portability — receive data in a structured, machine‑readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — for optional processing such as marketing or analytics cookies.

To exercise your rights, email admin@memzocopilot.com. We respond within one month, subject to permitted extensions. You may also lodge a complaint with the UK Information Commissioner’s Office (ICO): ico.org.uk or 0303 123 1113.

Children

Our Services are intended for users aged 16 and above. We require age‑range confirmation during signup. If you believe a child under 16 has provided data, contact us for prompt removal.

Data Protection Officer / Contact

Data Protection Officer
Memzo Solutions
admin@memzocopilot.com
United Kingdom

Changes to this policy

We may update this Privacy Policy periodically. The latest version will always be posted on our website. If material changes occur, we will notify users via email or in‑app notice.