Privacy Notice ResidencyAI
Last updated: July 6, 2026
1. What is this Privacy Notice about?
This Privacy Notice explains how we process personal data, primarily in connection with our website and our business, which consists in offering AI-powered application preparation services. These may include interview practice, feedback on application documents such as resumes, CVs, personal statements, essays, or similar materials, headshot generation, and related feedback or assessment features (collectively, the "Services"). If you would like more information about our data processing, please feel free to contact us (sec. 2).
2. Who is responsible for processing your data?
For the data processing, the following company is the “controller”, i.e., the party that is primarily responsible to ensure compliance with data protection laws (also “we”): Stefanos Charalambous Hürststrasse 68 8046 Zürich
If you have any questions regarding data protection, please feel free to contact us at the following address: [email protected]
3. How do we process data in relation with our products and services?
When you use our Services, we process various types of personal data for the purposes outlined below. The legal bases for our processing, where required by applicable data protection laws like GDPR, primarily include contractual necessity (to provide the Services you request), our legitimate interests (for improving and securing our Services, and for internal analytics), and your consent (for certain optional processing activities like marketing, where applicable).
a. Account and Service Management Data:
- Data Collected: Your preferred name, email address, application type, field of interest or target program where relevant, school or institution, referral source, details of services requested, date of agreement, information on the purchase of services, payment transaction records (excluding sensitive payment card data, which is processed by our payment provider), contacts with customer service, claims, complaints, access data and logins, and data on the termination of the agreement. This also includes your IP address for security.
- Purpose: To manage your user account, authenticate your access, personalize your experience, perform and manage our service agreements with you, process payments, provide customer support, and handle any related proceedings or disputes.
- Legal Basis: Contractual necessity; Legal obligation (for financial record-keeping); Legitimate interests (for dispute resolution and service security).
b. Interview Content and Feedback Data:
- Data Collected: Information you provide during interview training, including your background, experience, motivation, plans, and similar typical application interview questions. This may include audio or video you provide during mock interviews and single-question practice, transcriptions of that audio, or text you directly type. We also collect AI-generated assessments and feedback, including overall session scores, individual question scores, comprehensive overall feedback, detailed strengths, and areas for improvement for each of your responses.
- Purpose: To conduct mock interview simulations, process your responses, generate AI-powered feedback, and allow you to review your performance and track your progress over time. These data are essential for the delivery of the Services.
- Storage: We save your interview transcripts, text responses, and AI-generated feedback in our database so you can review your activity history and track improvement. We do not store raw audio or video recordings as separate files after transcription or processing.
- PDF Exports: If you export feedback as a PDF, the PDF file is generated transiently for download and is not stored by us as a separate file.
- Legal Basis: Contractual necessity (to provide the interview practice and feedback features); Legitimate interests (for maintaining, securing, troubleshooting, and improving the Services); Consent where required (for AI model training or similar model-improvement purposes).
Please do not include Protected Health Information (PHI), patient data, or other sensitive, confidential, or personally identifiable information about third parties in the content you submit to the Services. ResidencyAI is not designed or intended to receive, store, or process such information.
c. Application Document Data:
- Data Collected: If you use document feedback features, we process the documents or text you submit, such as resumes, CVs, personal statements, essays, or similar application materials, as well as feedback, suggestions, revisions, or other output generated from those materials.
- Purpose: To provide AI-powered feedback, suggestions, revisions, summaries, or other application-preparation support, and to personalize related Services such as interview practice and practice questions.
- Storage: We save your submitted application documents and related generated feedback, suggestions, revisions, or other output so you can review them and use them with related Services.
- Legal Basis: Contractual necessity (to provide the document feedback feature); Legitimate interests (for maintaining, securing, troubleshooting, and improving the Services); Consent where required.
d. Image Generation Data:
- Data Collected: If you use image-generation features, we process the photos you submit and the generated images.
- Purpose: To provide the requested image-generation feature, including generating, formatting, and making the resulting image available to you.
- Storage: We do not store submitted photos or generated images after the image-generation process is complete.
- Legal Basis: Contractual necessity (to provide the image-generation feature); Legitimate interests (for maintaining, securing, troubleshooting, and improving the Services).
e. Technical and Usage Data:
- Data Collected: Data on your use of our Services, such as IP address, device information, connection quality, interaction patterns and error logs.
- Purpose: For statistical purposes (e.g., number of users, use of different features, service popularity, regional and time-based usage patterns) to support the improvement and development of products and business strategy generally. This data also helps us ensure the security, functionality, and continuous improvement of our Services, and to troubleshoot technical issues.
- Legal Basis: Legitimate interests (for ensuring the security, functionality, and continuous improvement of our Services).
f. Marketing Communications:
- Data Collected: Your email address and potentially usage patterns.
- Purpose: To advertise our services, e.g., through newsletters (email or other electronic communication). We may also use aggregated and anonymized data for statistical purposes. Identifiable data is only used for marketing with your consent, where required by law. See Section 4.
- Legal Basis: Consent (for direct marketing emails, where required); Legitimate interests (for non-direct marketing activities and analytics).
g. Corporate Partner Data:
- Data Collected: For individuals representing our corporate partners, we process business contact details such as name, email address, phone number, professional title, and details from communications, as well as details about management persons, etc., as part of the general information about companies with which we cooperate.
- Purpose: To manage our business relationships, communicate, and fulfill contractual obligations with corporate entities.
- Legal Basis: Legitimate interests (for B2B relationship management); Contractual necessity (for fulfilling agreements with the corporate partner).
4. How do we process data in relation with advertising?
We also process personal data in order to advertise our services:
- Newsletter: We send out electronic information and newsletters, which may include advertising for our services. We will ask for your consent before sending out electronic marketing, except for certain offers to existing customers.
- Online advertising: where applicable, information on personalized presentation of own website and personalized display of advertising on third-party sites and platforms.
- Market research: We also process data to improve and develop new services, e.g., information about purchases made or reactions to newsletters or information from customer surveys and polls or from social media, media monitoring services and public sources.
5. How do we work with service providers?
We use services from various third parties, especially IT services in connection with the Services. In particular, we use the services of LiveKit (4285 Payne Avenue, Suite 9154, San Jose, United States) and OpenAI Ireland Ltd (registered office at 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland, company number 737350). OpenAI provides AI models used for certain features, whereas LiveKit provides real-time communication functionality, additional features and AI models. These service providers are engaged as data processors, which means that they follow our instructions regarding how your personal data is processed.
Other examples are providers of payment services (in particular: Stripe), hosting, authentication, security, error monitoring, image generation, data analysis services, consultants, etc. We select service providers that are appropriate for the relevant processing activity and, where required, enter into data processing agreements or apply other safeguards. In relation with service providers for our website, please see sec. 7.
6. Can we disclose data abroad?
The recipients of data are not all located in Switzerland, in particular certain service providers (especially in IT; for example, LiveKit is located in the USA and OpenAI in Ireland). These providers may have locations within the EU or the EEA, but potentially also in any country worldwide. We may also share data with authorities abroad if we are legally compelled to do so or, for example in relation with a sale of assets or with legal proceedings (see sec. 8). Not all these countries have adequate data protection. We therefore use appropriate safeguards, in particular the EU standard contractual clauses, which can be found here. In certain cases, we may share data abroad without such safeguards, as permitted under applicable data protection law, e.g., with your consent or where the disclosure is necessary for the performance of the contract, for the establishment, exercise, or enforcement of legal claims or for overriding public interests.
7. How do we process data in relation with our website?
For technical reasons, every time you use our website, some data is collected that is temporarily stored in log files (log data), in particular the IP address of the device, information about the internet service provider and the operating system of your device, information about the referring URL, information about the browser used, date and time of access, and content accessed when visiting the website. We use this data to provide our website, to ensure security and stability, to optimize our website and for statistical purposes.
Our website also uses cookies. These are small files that your browser saves on your device. This allows us to separate individual visitors from others, but usually without identifying visitors. Cookies may also include information about content accessed and the duration of the visit. Certain cookies (“session cookies”) are deleted when the browser is closed. Others (“persistent cookies”) are stored for a certain period of time so that we can recognize recurring visitors.
You can configure your browser in the settings so that it blocks certain cookies or deletes cookies and other stored data. You can find out more about this in the help pages of your browser (usually under the keyword “privacy”).
Cookies and other technologies may also be used by third parties that provide services to us. These may be located outside of Switzerland and the EEA (for more information, see sec. 6). For example, we use analytics services so that we can optimize our website. Cookies and similar technologies from third-party providers also enable them to target you with individualized advertising on our websites or on other websites as well as on social networks that also work with this third party and to measure how effective advertisements are (e.g., whether you arrived at our website via an advertisement and what actions you then take on our website). The relevant third-party vendors may record website usage for this purpose and combine their records with other information from other websites. They can record user behavior across multiple websites and devices to provide us with statistical data. The providers may also use this information for their own purposes, e.g. for personalized advertising on their own website or other websites. If a user is registered with the provider, the provider can assign the usage data to the relevant person.
Our main third party provider in this context is Google. You can find more information about Google below. Other third parties generally process personal and other data in a similar way.
We use Google Analytics on our website, an analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd (Google Building Gordon House, Barrow St, Dublin 4, Ireland). Google collects certain information about the behavior of users on the website and about the terminal device used. The IP addresses of visitors are shortened in Europe before being forwarded to the USA. Google provides us with evaluations based on the recorded data, but also processes certain data for its own purposes. Information on the data protection of Google Analytics can be found here, and if you have a Google account yourself, you can find further details here.
8. Are there other processing purposes?
Yes. Typical (though not necessarily frequent) cases are as follows:
- Communication: When we are in contact with you (e.g. when you contact customer service, we process the content as well as information about the nature, time, and location of the communication. For your identification, we may also process information about proof of identity.
- Compliance with legal requirements: We may disclose information to authorities as required by law or to comply with internal regulations.
- Prevention: We process data to prevent crime and other misuse, for example fraud prevention or for internal investigations.
- Legal proceedings: Where we are involved in legal proceedings (e.g. court or administrative proceedings), we process data such as information about other parties to the proceedings and individuals involved such as witnesses and disclose data to such parties, courts, and authorities, possibly also abroad.
- IT security: We also process data for monitoring, controlling, analyzing, securing and assessing our IT infrastructure, as well as for backups and archives.
- Competition: We process data about our competitors and the market environment in general (e.g. the political situation, the association landscape, etc.). We may also process data about key persons, such as their name, contact details, role or function and public statements.
- Transactions: If we sell or acquire assets, business units or companies, we process data to prepare and execute transactions, e.g. information about customers or their contact persons or employees, and we may also disclose such information to potential buyers or sellers.
- AI Model Improvement and Training: With your explicit consent, we may process content you submit to the Services and AI-generated output to train and improve our AI models and enhance the quality and accuracy of our Services. This is separate from the data processing required to provide the requested features.
- Other purposes: We process data to the extent necessary for other purposes such as training, administration (e.g. contract management, accounting, enforcement and defense of claims, evaluation and improvement of internal processes, preparation of anonymous statistics and evaluations; acquisition or disposal of receivables, businesses, parts of businesses or companies and safeguarding other legitimate interests.
9. How long do we process personal data?
We retain personal data only for as long as needed to provide the Services, for the duration of the relevant contractual relationship where applicable, for the purposes described in this Privacy Notice, or for other legitimate purposes such as security, archiving, dispute resolution, fraud prevention, accounting, compliance with legal obligations, or enforcing our rights.
How long we retain personal data depends on the type of data and how we use it. In particular:
- Account and profile data are retained while your account remains active and for a reasonable period afterward where needed for legal, security, accounting, or dispute-resolution purposes.
- Interview transcripts, text responses, application documents, and related AI-generated feedback, suggestions, or revisions are retained while your account remains active so you can review your history and use them with related Services, unless your account is deleted.
- Raw audio or video recordings are not stored as separate files after transcription or processing.
- Submitted photos and generated images for image-generation features are not stored after the image-generation process is complete.
- Payment and transaction records are retained as long as required for accounting, tax, legal, and fraud-prevention purposes.
- Technical, usage, and security records are retained for as long as reasonably necessary to operate, secure, debug, and improve the Services.
In some cases, we may retain personal data for longer where this is required or permitted by law, for example to comply with statutory retention obligations, respond to lawful requests, prevent fraud or misuse, resolve disputes, enforce agreements, or establish, exercise, or defend legal claims. For certain data, a ten-year retention period may apply.
When personal data is no longer needed for these purposes, we delete or anonymize it.
10. Anything else to consider?
Depending on the applicable law, data may only be processed based on legal grounds. This does not apply under the Swiss Data Protection Act, but it does under the European General Data Protection Regulation (GDPR), to the extent it is applicable. In this case, our processing is based on a necessity to negotiate, conclude, and perform agreements (sec. 3), to safeguard legitimate interests of us or third parties, e.g. statistical evaluations (sec. 3) or for marketing purposes (sec. 4), that it is required or permitted by law, or that you have provided separate consent. The relevant provisions are articles 6 and 9 GDPR.
You are not obliged to provide data to us, except in some cases such as when it is required to comply with a contractual obligation. However, we must process data for legal and other reasons when we conclude and execute contracts. The use of our website would also not be possible without some data processing (see sec. 7).
11. What are your rights?
You have certain rights, subject to conditions and restrictions under applicable law:
- You can request a copy of your personal data and further information about our data processing.
- You can object to our data processing, especially in relation with direct marketing.
- You can have incorrect or incomplete personal data corrected or completed or supplemented by a note of dispute.
- You also have the right to receive the personal data that you have provided to us in a structured, common, and machine-readable format, insofar as the corresponding data processing is based on your consent or is necessary for the performance of the contract.
- To the extent that we process data based on your consent, you can withdraw your consent at any time. The withdrawal is only valid for the future, and we reserve the right to continue to process data based on another basis in the event of a withdrawal.
If you wish to exercise such a right, please feel free to contact us (sec. 2). We will usually have to verify your identity (e.g. by means of a copy of your ID card). You are also free to file a complaint against our processing of your data with the competent supervisory authority, in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).
12. Changes to the privacy policy
We may update this policy from time to time. When we do, we will publish an updated version and effective date on this page, unless another type of notice is required by applicable law.