Privacy · Effective 16 July 2026

Privacy policy

This policy explains what little kairos stores, why it needs the data, which providers process it for us, and how you can exercise your rights. Last updated 16 July 2026.

Data controller

Little Kairos
Brooke Whatnall
Babelsberger Str. 49
10715 Berlin
Germany
brookewhatnall@icloud.com

What we store, and why

Who processes it for us

The following providers process data only as needed to provide their part of the service. Supabase stores the application data in the EU region eu-west-1 (Ireland).

Little kairos processors and the data they handle
ProviderPurposeData
AnthropicDrafting, extraction, voice analysis, and other Claude API calls.CV text, confirmed profile facts, writing samples, job details, and drafts.
SupabaseDatabase, authentication, and private file storage in the EU.Account, profile, application, job-score, and stored-file data.
VercelWeb hosting, request handling, and aggregate site analytics.Request and operational logs, plus aggregate page-use measurements.
Trigger.devRunning background processing tasks.User IDs, task inputs, and references or diffs needed for background work.
ResendMagic-link and other transactional email delivery.Email addresses and the content of transactional messages.
ApifyCollecting public job postings from configured sources.Public job postings, plus search terms derived from active users' job lanes. The terms are sent without any account identifier and are combined when multiple profiles contribute to the same search. No name, contact detail, or document ever goes to Apify.

These providers offer standard data-processing terms. Where data is transferred outside the European Economic Area, including to Anthropic in the United States, the transfer relies on the provider’s standard data-processing terms and the EU Standard Contractual Clauses incorporated into them, where applicable. We do not describe that arrangement as an individually negotiated agreement with each provider.

Anthropic API inputs are not used to train its models under the applicable API terms.

What we never do

Retention and deletion

You can close your account in Settings. Sign-in stops immediately, and ninety days later the profile, CV, drafts, application dossiers, voice rules, usage records, and stored files are permanently erased. The ninety-day window exists so an accidental closure can be recovered. Contact us within that window if you need access restored.

One exception is anonymized quality telemetry: document-gate scores and derived edit metrics such as edit distance and length changes. It contains no user identifier and no document text, so it cannot be linked back to you, and it is retained to improve the writing engine.

Your rights

You can export the data we hold about you from Settings and correct profile facts in the app. You can also contact us for any of the following rights under the GDPR:

Send requests to brookewhatnall@icloud.com. We may need to verify your identity before fulfilling a request.

Supervisory authority

You may complain to the supervisory authority in your place of residence or work. For the Berlin operator, the competent authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI). We encourage you to contact us first so we can try to resolve the issue directly.

Contact and updates

For privacy questions, contact Brooke Whatnall at brookewhatnall@icloud.com. The controller details are also available in the Impressum. This policy may be updated when the service or its processing changes; the effective date at the top records the current version.

A note on legal review

This policy is the accurate beta version based on the processing currently wired into the product. The outstanding provider-record filing and the final lawyer review remain operational launch work.