Privacy Policy & Data Usage

Last updated: February 21, 2026

At Uptyrn, we help job seekers understand hiring communication patterns through transparent, aggregated data. This policy explains what we collect, why, and how we protect it — in plain language, in full compliance with GDPR.

Who We Are

Uptyrn is operated from Sweden and acts as the data controller for all personal data processed through this platform, in full compliance with the EU General Data Protection Regulation (GDPR) and Swedish data protection law.

For data protection inquiries: [email protected]

What Data We Collect

We collect only what is necessary to provide the service.

Account Information

  • Email address — required for login and service communication
  • Username — optional display name, can be set to "Anonymous"
  • Password — hashed and never stored in plain text

Profile Information (Optional)

  • Country — for filtering and organising reviews
  • City, occupation field, role — for categorisation
  • Gender — optional demographic data

Review Data

  • Company name and interview experience
  • Response or no-follow-up outcome
  • Interview date, process stage, and optional comments

Technical Data

  • IP address — for security and abuse prevention
  • Browser and device info, server logs — for system integrity

🔒 What we don't collect: Full name (unless chosen as username), religion, sexual orientation, ethnicity, or other sensitive characteristics beyond optional gender.

Legal Basis for Processing (GDPR)

  • Consent — given when you create an account and submit reviews
  • Contractual necessity — processing required to deliver the service
  • Legitimate interest — aggregated, anonymised review data serves a clear public purpose (hiring transparency) without overriding individual privacy rights
  • Legal obligation — IP logging and security measures required by law

How We Use Your Data

  • Service delivery — account creation and management
  • Data aggregation — reviews are combined into company-level statistics (response rates, rejection rates, trends)
  • AI-generated summaries — aggregated, anonymised statistics are sent to Anthropic's Claude to generate plain-language company summaries. No personal data is included.
  • Security — technical data used to prevent abuse and fraud
  • Platform improvement — understanding usage patterns via anonymous analytics
  • Communication — service updates only. We do not send marketing emails.

Individual reviews are never displayed with personally identifiable information.

Third-Party Processors

We work with a small number of trusted providers under Data Processing Agreements (DPAs). Each processes data only as instructed by us.

  • Supabase — database and authentication. Privacy Policy
  • Vercel — hosting, infrastructure, and cookieless anonymous analytics. Privacy Policy
  • Anthropic — AI model used to generate company summaries from aggregated statistics only. No personal data or individual submissions are ever shared. Privacy Policy
  • Resend — transactional email delivery. Privacy Policy
  • Cloudflare — security and content delivery. Privacy Policy

We do not sell or share personal data for marketing purposes.

Cookies & Tracking

We use only essential cookies required for the platform to function:

  • Authentication cookies — maintain secure login sessions
  • Security cookies — protect against abuse and unauthorised access

These are strictly necessary and do not require consent. We do not use advertising or tracking cookies.

We also use Vercel Analytics for anonymous, cookieless page view data — no personal information is collected. See Vercel's Privacy Policy.

International Data Transfers

Some of our service providers operate outside the EEA, including in the United States. All such transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, and each provider maintains their own GDPR-aligned commitments.

Data Retention & Deletion

  • Account data — retained while your account is active
  • On deletion — your email, username, and profile are permanently removed
  • Review data — permanently dissociated from your identity on deletion; retained only as anonymous, aggregated statistics that cannot be traced back to you
  • Review removal (active users) — you may request removal of specific reviews for valid reasons such as data entry errors
  • Backups — retained briefly for disaster recovery, then deleted

Your Rights Under GDPR

If you are in the EU, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — delete your account and personal data. When you delete your account, your personal identifiers (such as email and username) are permanently removed from our systems. Reviews you have submitted are retained in dissociated form, without direct identifiers, to preserve aggregated statistical integrity. Retained submissions are stored without direct identifiers and are not accessible in a way that allows them to be linked back to your identity..
  • Restriction — limit how we use your data
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — at any time, by deleting your account

To exercise any of these rights, contact us at [email protected]. We respond within 30 days.

Data Security

We apply industry-standard security measures including:

  • HTTPS/TLS encryption in transit
  • Password hashing — never stored in plain text
  • Row Level Security (RLS) in our database
  • Rate limiting, DDoS protection, and IP-based abuse detection
  • Regular security updates and monitoring

No internet transmission is 100% secure. We cannot guarantee absolute security, but we take it seriously.

Children's Privacy

Uptyrn is not intended for anyone under 16. We do not knowingly collect data from children. If you believe we have done so in error, contact us at [email protected] and we will delete it immediately.

Policy Updates

We may update this policy to reflect changes in our practices or legal requirements. When we make material changes, we will update the date above and notify you by email if your rights are affected. Continued use of the platform constitutes acceptance of the updated policy.

Questions, Concerns, or Data Requests?

For any questions about this policy or to exercise your GDPR rights, contact us:

Contact[email protected]

We respond to all requests within 30 days as required by GDPR.