Data Policy

Data Policy (Data Handling, Retention & Security) — vialem.ai

Last updated: 4 February 2026

1. Purpose of this Data Policy

This Data Policy explains—at an operational level—how Vialem Ltd handles user data submitted to vialem.ai,
including uploads (such as resumes) and generated outputs.

2. Data categories handled by the service

User-provided content

  • questionnaire answers, free-text inputs,
  • uploaded files (e.g., CV/resume PDFs),
  • optional links or supporting materials you provide.

Service-generated content

  • report text, summaries, suggested plans, and other outputs created from your inputs.

Operational data

  • logs (e.g., timestamps, IP, error logs),
  • account status, purchase status/tier metadata (if applicable).

3. Processing principles

We aim to:

  • collect the minimum data needed to provide the service,
  • separate operational logs from user content where feasible,
  • restrict access to user content to authorised personnel and systems,
  • avoid using user content for unrelated purposes.

4. AI processing

Where the service uses AI systems:

  • your inputs may be transmitted to an AI processing provider to generate outputs,
  • we instruct providers to process data only to deliver the service,
  • we do not intentionally request special category data.

5. Storage & access controls

We use controls such as:

  • role-based access,
  • least-privilege permissions,
  • encrypted connections (TLS) for data in transit,
  • routine patching/monitoring.

6. Retention (recommended default wording)

Unless stated otherwise in-product:

  • Uploads and generated reports are retained to allow you to access your results and for support purposes.
  • You can request deletion (see section 8).
  • Some records (e.g., invoices, payment confirmations) are retained longer if legally required.

7. Sharing & subprocessors

We may use subprocessors for hosting, analytics, support, payments, and AI processing.
We select providers with appropriate security measures and put contracts in place where required.

8. Deletion requests

To request deletion of your content (inputs, uploads, outputs), contact:
privacy@vialem.ai
We may retain limited records where required for legal compliance (e.g., accounting) or to establish/exercise/defend legal claims.

9. Incident response

If we become aware of a personal data breach that is likely to result in a risk to individuals’ rights and freedoms,
we will assess and take appropriate steps, including notification to regulators and affected users where legally required.