VetvioBack to Home

GDPR Compliance

Your data protection rights under EU regulations

Who We Are

Vetvio is operated by Zanforge LTD, a company registered in Cyprus (EU). As an EU-based company, we fully comply with the General Data Protection Regulation (GDPR) and take your privacy seriously.

What Data We Collect

We collect and process only the data necessary to provide our AI-powered recruitment services:

  • Account Information: Name, email, password (encrypted)
  • Profile Data: Company details, job requirements, preferences
  • Resume Files: Candidate resumes you upload for processing
  • Usage Data: Service usage, billing information, activity logs
  • Technical Data: IP address, browser type, device information

We do not sell your data to third parties.

Why We Process Your Data

We process your data based on these legal grounds:

  1. Contract Performance: To provide our resume screening services
  2. Legitimate Interests: To improve our service, prevent fraud, ensure security
  3. Your Consent: For optional features like marketing communications
  4. Legal Obligations: To comply with tax, accounting, and other legal requirements

Your Rights Under GDPR

You have the following rights regarding your personal data:

1. Right to Access

Request a complete copy of all personal data we hold about you, including resume analysis results and usage history.

2. Right to Rectification

Ask us to correct any inaccurate or incomplete information in your account or profile.

3. Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data. Note: We may need to retain certain information for legal or accounting purposes (e.g., billing records).

4. Right to Data Portability

Receive your data in a structured, commonly-used, machine-readable format (JSON/CSV) that you can transfer to another service.

5. Right to Restrict Processing

Request that we limit how we use your data in certain circumstances (e.g., while verifying data accuracy).

6. Right to Object

Object to our processing of your data based on legitimate interests, including for direct marketing purposes.

7. Right to Withdraw Consent

Withdraw your consent at any time for processing based on consent (this won't affect the lawfulness of processing before withdrawal).

8. Right to Lodge a Complaint

File a complaint with the Cyprus Commissioner for Personal Data Protection or your local EU supervisory authority if you believe we've violated your rights.

How We Protect Your Data

  • Encryption: All data is encrypted in transit (TLS) and at rest
  • Access Controls: Strict role-based access to customer data
  • Infrastructure: We use SOC 2 compliant cloud providers (Vercel, Supabase, AWS)
  • Regular Audits: Security reviews and vulnerability assessments
  • Incident Response: 72-hour breach notification procedures as required by GDPR

Data Retention

  • Resume Files: Automatically deleted 30 days after job completion
  • Job Results: Retained for 90 days unless you delete them earlier
  • Account Data: Retained while your account is active and for 2 years after closure (for legal/accounting purposes)
  • Billing Records: Retained for 7 years as required by law

You can request earlier deletion of your data at any time, subject to legal retention requirements.

International Data Transfers

While Zanforge LTD is based in the EU (Cyprus), we use service providers that may process data outside the EU/EEA:

  • Vercel (US): Application hosting and edge network - EU-US Data Privacy Framework
  • AWS (US): Cloud infrastructure and AI processing - covered by EU-US Data Privacy Framework
  • Supabase (US): Database services - Standard Contractual Clauses in place
  • Stripe (US): Payment processing - EU-US Data Privacy Framework
  • Mailgun (US): Email delivery services - Standard Contractual Clauses in place

We ensure all transfers comply with GDPR through adequate safeguards.

Subprocessors

We use the following third-party processors:

  • Vercel: Application hosting, edge network, and content delivery
  • Supabase: Database and authentication
  • AWS: Cloud infrastructure and AI processing
  • Stripe: Payment processing
  • Mailgun: Transactional and marketing emails

All subprocessors are contractually bound to GDPR compliance standards.

How to Exercise Your Rights

To exercise any of the above rights, contact us at:

Email: privacy@vetvio.com

Subject Line: Include "GDPR Request" for faster processing

Response Time: We will respond within 30 days (or 60 days for complex requests, with notification).

Verification: We may ask for ID verification to protect against unauthorized access.

Supervisory Authority

If you're not satisfied with our response, you have the right to lodge a complaint with:

Cyprus Commissioner for Personal Data Protection
Website: http://www.dataprotection.gov.cy

Or contact your local EU data protection authority.

Data Protection Contact

For data protection inquiries, contact:

Privacy Team
Zanforge LTD
Email: privacy@vetvio.com

This page was last updated on January 14, 2026. We may update this information as our practices evolve or regulations change. Material changes will be communicated via email.