Thank you for using the Workforce Intelligence Platform, a service provided by Everday B.V. ("Workforce Intelligence Platform," "we," "us," or "our"). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

By accessing or using the Workforce Intelligence Platform, you agree to the practices described in this Privacy Policy.

1. Information we collect

1.1 Information you provide

We collect personal information that you voluntarily provide, such as when you:

• Register for an account.
• Interact with our customer support.
• Participate in promotions, surveys, or feedback sessions.
• Engage with skill assessments or profile-building activities.

This data may include:

• Identifying information: Full name, email address, job title, and company name.
• Skill-related information: Assessments, feedback, and proficiency levels.
• Work Experience, Education, and Certifications: Details about past and current roles, academic history, professional qualifications, or other credentials.
• User-generated content: Messages, feedback, or other inputs provided on our platform.
• LinkedIn profile details: Names, job titles, and skills (only if you choose to integrate LinkedIn with the Workforce Intelligence Platform).

1.2 Information collected automatically

When you use the Workforce Intelligence Platform, we automatically collect certain information:

• Usage Data: Interactions with our services (e.g., features used, pages visited, insights generated).
• Device and Browser Information: IP addresses, device type, browser version, and operating system.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to remember your preferences and enhance your experience.

1.3 Information from third parties

If you integrate external services (e.g., LinkedIn), we may collect data from those platforms based on your granted permissions. This may include:

• Public profile information from LinkedIn.
• Job-related data for skill gap and proficiency analyses.

2. Legal bases for processing

We process your personal data under one or more of the following legal bases:

1. Contractual Necessity: When processing is necessary to provide the services you request.
2. Legitimate Interests: For purposes such as improving our products and user experience, as long as those interests are not overridden by your rights and freedoms.
3. Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications). You may withdraw consent at any time by contacting us at hello@ever.day.
4. Legal Obligations: Where processing is required by law or necessary to respond to legal processes.

‍

3. How we use your information

3.1 Data processing purposes

We use the information we collect to:

• Provide, maintain, and improve our services.
• Facilitate AI-driven conversations about skills and workforce optimisation (using OpenAI as our only AI service).
• Generate personalised skill gap analyses and proficiency insights.
• Respond to inquiries, troubleshoot, and offer customer support.
• Analyse usage patterns to enhance user experience and platform performance.
• Comply with legal obligations.

3.2 Communication

We may use your contact information to:

• Send you important updates, product changes, or new features.
• Provide information about promotional offers or news, which you can opt out of at any time.

3.3 Legal and compliance

We may process your data to:

• Comply with applicable laws, regulations, and legal requests.
• Protect the rights, property, or safety of the Workforce Intelligence Platform, our users, or others.

4. Data sharing and subprocessors

We share data with trusted third-party subprocessors who assist in operating, maintaining, and improving our services. Each subprocessor is contractually obligated to handle your data securely and in compliance with GDPR and other applicable data protection laws.

4.1 Service providers (Sub-processors)

We share data with trusted third-party subprocessors who assist in operating, maintaining, and improving our services. Each subprocessor is contractually obligated to handle your data securely and in compliance with GDPR and other applicable data protection laws.

• Mixpanel, Hotjar, and Sentry: For analytics and performance monitoring.
• Other third-party tools involved in maintaining and improving our services.

All subprocessors are bound by data processing agreements that comply with the GDPR, ensuring they process your data securely and only for the agreed-upon purposes.

4.2 Legal obligations

We may disclose your personal information:

• If required by law, court order, or government regulations.
• In response to valid legal requests, such as subpoenas.

4.3 Business transfers

In the event of a merger, acquisition, or sale of all or part of our assets, your information may be transferred to the new owner. We will notify you of any such transfer and any subsequent changes in privacy practices.

5. Data storage

We store all data securely on Supabase servers located in Frankfurt, Germany. Supabase provides industry-standard security measures, including encryption at rest and in transit. Access to stored data is restricted to authorized personnel only.

6. Data security

We implement technical and organisational measures to protect your personal data against unauthorized access, misuse, loss, or alteration. These measures include:

• Encryption of data in transit (TLS) and at rest (AES-256).
• Multi-factor authentication (MFA) for sensitive systems.
• Regular security audits, including penetration testing and vulnerability scanning.
• Logging and monitoring of access to sensitive data.

7. Data retention

We retain personal data only as long as necessary to provide our services, comply with legal obligations, or fulfill our operational requirements. Retention periods vary based on the data type and purpose:

• Account-related data: Retained while your account remains active; securely deleted within 30 days of account closure, unless required for legal purposes.
• Usage data: Retained for up to 12 months for analytics and improvements, then anonymized or securely deleted.
• Legal obligations: Data such as invoices may be retained for 7 years to comply with tax and financial regulations.

We use secure deletion methods (e.g., cryptographic erasure or overwriting) to ensure data is permanently destroyed. For further details, please refer to our Terms & Conditions.

8. Your rights

Under GDPR and other applicable data protection laws, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request corrections to inaccurate or incomplete data.
• Erasure (Right to be Forgotten): Request deletion of your personal data under certain conditions.
• Restrict Processing: Request limitations on data processing in specific circumstances.
• Data Portability: Receive your data in a structured, commonly used format.
• Object: Object to processing under certain circumstances, including where data is processed on legitimate interests.

To exercise any of these rights, please email hello@ever.day. We may ask you to verify your identity before responding to certain requests.

9. Cookies and tracking technologies

We use cookies, web beacons, and similar technologies to:

• Remember user preferences and settings.
• Track user sessions, analyse platform traffic, and improve functionality.
• Provide a personalised experience (e.g., saving log-in status, language preferences).

9.1 Types of cookies we use

• Essential Cookies: Required for the Workforce Intelligence Platform to function properly (e.g., authentication).
• Analytics Cookies: Help us understand how users interact with our services (e.g., pages visited, actions taken).
• Preference Cookies: Store your preferences (e.g., language, region).

9.2 Managing cookie preferences

You can manage or delete cookies at any time through your browser settings. However, disabling certain cookies may affect functionality or limit certain features of our services.

10. International data transfers

When personal data is transferred outside the European Economic Area (EEA), we implement appropriate safeguards in compliance with GDPR. These may include Standard Contractual Clauses (SCCs) or other mechanisms recognized by the European Commission to ensure adequate data protection.

11. AI use with OpenAI

We use OpenAI exclusively for AI/ML functionalities, such as generating skill insights or assisting in skill assessment conversations. We do not use any other AI or machine-learning service providers.

• Scope of AI Processing: Only the data required to generate relevant outputs (e.g., user inputs or context for the conversation) is shared with OpenAI.
• Data Use: We do not allow OpenAI to use personal data for training its models. Our agreement with OpenAI ensures your data is processed solely to provide the AI functionality requested.
• Note on OpenAI: Because OpenAI’s infrastructure may be global, personal data sent to OpenAI for AI-driven features may be transferred outside the EEA. We rely on appropriate contractual safeguards—such as our Data Processing Agreement (DPA) with OpenAI—to ensure your data is protected in compliance with GDPR.

12. What data is required vs. optional

We collect certain personal data that is essential to provide our core services, as well as additional information that is optional:

• Required Data
• Some data fields—such as your name, email address, and personal information related to your work experience, education, and certifications—are necessary for basic account creation, operation, authentication, and security. Without this information, we cannot create or maintain your account, verify your identity, or deliver core platform functionalities (e.g., generating personalised profiles and skill insights).
• Optional Data
• Other data points—such as skill assessments, feedback submissions, or responses to surveys—are optional. Providing this information can enhance your user experience (for example, by offering more personalised insights), but you are not obligated to share it. Declining to provide optional information may limit certain features or functionalities, but it will not prevent you from using the core aspects of the Workforce Intelligence Platform.

13. Incident notification

We have an incident response process to address security breaches promptly. In the event of a breach affecting your personal data, we will:

• Notify affected users within 24 hours of discovering the breach.
• Provide regular updates about the status and resolution of the incident.
• Take immediate measures to contain the breach and mitigate potential damage.

14. Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. If any significant updates are made, we will notify you by email or through a prominent notice on our platform. We encourage you to review this Privacy Policy periodically.

15. Contact information

If you have any questions, concerns, or requests about this Privacy Policy or your personal data, please contact us at:

Everday B.V.

Stationsplein 45, D3.118

3013 AK Rotterdam

The Netherlands

Email: hello@ever.day

If you believe we are not handling your data in accordance with the law, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) or your local supervisory authority.