Privacy Policy

1. Controller Identity and Contact Information

The Controller of Personal Data processed through the Services is:

• Company name: SIKER (trade name; entity in the process of incorporation)
• Jurisdiction: To be confirmed upon completion of the constitution of the legal entity
• Registered Agent: To be appointed upon completion of the formation of the legal entity
• Email: privacy@siker.info
• Website: https://siker.info/privacy

2. Scope of Application and Products

This Privacy Policy applies to all users of the Services, including:

• Individual users: students, recent graduates, job seekers, professionals in career transition, and active workers who directly access Seek and TalentOS.
• Families and Guardians: Parents or legal guardians who create or supervise accounts on behalf of minors.
• Enterprise Customers: Businesses, employers, and human resources departments that access TalentOS and PathMaker through an enterprise subscription or corporate agreement.
• Educational institutions: universities, colleges, secondary schools and vocational training programs that implement SIKER products as part of their student services or curriculum.
• Visitors: people who browse our website or marketing pages without creating an account.

Product-specific data

Each product collects and processes personal data as follows:

• Seek – Collects career interests, academic history, skills, assessments, and job preference data to deliver AI-powered career discovery, occupational matching, and personalized path recommendations.
• TalentOS – Collects talent profiles, competency assessments, institutional enrollment data, learning outcomes, and performance indicators to provide talent intelligence dashboards to educators and employers.
• PathMaker: Collects content preferences, business goals, and usage patterns to autonomously generate, schedule, and distribute business content on behalf of subscribed users or enterprise accounts.

3. Personal Data We Collect

3.1 Data You Provide Directly

• Account registration data: full name, email address, encrypted password, date of birth, country of residence and preferred language.
• Profile Data: Academic history, degrees, certifications, work experience, skills inventory, career interests, goals, and uploaded documents (résumés, portfolios, transcripts).
• Assessment Responses: Responses to aptitude tests, personality questionnaires, career preference surveys, and competency assessments administered within the Services.
• Communications: messages, comments, support tickets and survey responses sent to SIKER.
• Payment details: billing name, address and payment method details. We use PCI-DSS certified payment processors and do not store full card numbers.
• Business account data: Company name, industry, size, title, and authorized user data submitted during business onboarding.

3.2 Automatically Collected Data

• Device and technical data: IP address, browser type and version, operating system, device identifiers, screen resolution and network information.
• Usage and interaction data: pages visited, functions used, dwell time, click paths, searches within the platform, error logs and session recordings.
• Cookies and similar technologies: first-party and third-party cookies, pixel tags, local storage objects and other tracking technologies described in our Cookies Policy.
• Inference Data: Behavioral patterns and AI-generated inferences about your career preferences, learning style, and level of engagement derived from your use of the Services.

3.3 Data Received from Third Parties

• Single sign-on providers: If you register or sign in using Google, LinkedIn, or Microsoft, we receive your name, email address, and profile photo, subject to your settings with those providers.
• Educational Institutions: Enrollment status, student identifier, degree program, graduation date, academic performance metrics, and other data transmitted to SIKER under an institutional agreement.
• Employer Partners: Job posting data, organizational structure, and position requirements shared by enterprise customers using TalentOS.
• Publicly available data: Professional profiles or labor market data from public sources used to supplement career recommendations.

4. Legal Bases for Processing (GDPR)

SIKER processes personal data on the following legal bases in accordance with Article 6 of the GDPR:

• Performance of a contract (Art. 6(1)(b)): processing necessary to create and manage your account, provide the Services, process payments and fulfill our contractual obligations.
• Legitimate interests (Art. 6(1)(f)): fraud prevention, platform security, service improvement and internal analysis, to the extent that such interests do not override your fundamental rights and freedoms.
• Consent (Art. 6(1)(a)): processing of non-essential cookies, use of your data to train or improve AI models and marketing communications. You can withdraw your consent at any time.
• Compliance with a legal obligation (Art. 6(1)(c)): response to legitimate requests from public authorities, conservation of accounting and tax records, and attention to requests for the data subject rights requests within legal deadlines.
• Vital interests (Art. 6(1)(d)): in exceptional circumstances that involve serious risk to the safety of a user or a third party.

When we process special categories of personal data pursuant to Article 9 of the GDPR, we rely on explicit consent or applicable statutory exceptions, including processing necessary for career guidance and job placement services pursuant to Art. 9(2)(b).

5. Purposes of Processing

• Service Delivery: Provide personalized career recommendations, talent analysis, content generation and all functionality described in our product documentation.
• Account Management: Maintaining your user profile, managing subscription status, and enabling access to multiple products.
• AI-powered capabilities: Train and operate machine learning models that drive career matching, talent scoring, content recommendations, and journey mapping. AI training with personally identifiable data is done only with your explicit consent.
• Security: detection, investigation and prevention of fraudulent, abusive activities, unauthorized access and harmful behavior.
• Customer service: responding to queries, resolving issues and maintaining service continuity.
• Product Analysis and Improvement: Aggregate and anonymized usage analysis to understand feature performance and improve the Services.
• Legal Compliance: Address our applicable legal obligations and respond to lawful legal processes.
• Marketing Communications: Sending newsletters, product updates and promotional materials to users who have given their consent, with a clear unsubscribe mechanism in each communication.
• Research and sector reports: production of anonymized labor market analysis, educational trend reports and aggregate sector analysis.

6. Transparency in AI and Automated Decision Making

SIKER uses artificial intelligence and machine learning throughout the platform. The following disclosures apply:

• Seek uses AI algorithms to match your profile with career paths, job opportunities, and educational programs. These recommendations are probabilistic in nature and do not constitute guaranteed results, certified professional advice, or accredited psychological evaluations.
• TalentOS uses AI to generate talent scores, competency profiles, and career readiness indicators for institutions and employers. These scores are supportive tools and should be reviewed by qualified human professionals before being used in decisions that affect individuals, including admissions, hiring, or academic progress.
• PathMaker uses large language models to generate professional content. The generated content reflects training data and may contain inaccuracies. Users are solely responsible for reviewing, editing and publishing AI-generated content.
• Right to Human Review: Where SIKER's AI systems produce results that have a significant effect on you, you have the right to request human review of that decision. Please send such requests to privacy@siker.info. Enterprise and institutional customers may also establish review workflows under their Data Processing Agreement.
• No Psychological Diagnosis: Nothing in the Services constitutes psychological evaluation, psychiatric diagnosis, therapeutic advice or medical guidance. Assessment results in Seek and TalentOS are exploratory tools designed to support self-reflection and personal planning.
• 7. Minors

The Services are not directed to children under 13 years of age in the United States or under the applicable minimum age in other jurisdictions (16 years of age in the European Economic Area under the GDPR). We do not knowingly collect personal data from minors below these thresholds without the verified consent of their parents or legal guardians.

Users between the ages of 13 and 17, or the applicable local minimum age, may access the Services only: (a) with the verifiable consent of a parent or legal guardian; or (b) through an institutional account managed by an authorized educational institution that has entered into a Data Processing Agreement with SIKER that includes appropriate safeguards for minor users.

• If we learn that we have inadvertently collected personal data from a minor below the applicable age threshold without appropriate consent, we will immediately delete such data. Parents and guardians may request deletion by contacting us at privacy@siker.info.
• 8. Sharing of Personal Data

SIKER does not sell personal data. We share personal data only in the following circumstances:

8.1 Service Providers and Subprocessors

We engage trusted third-party providers to perform functions on our behalf, including cloud hosting (Amazon Web Services and Google Cloud Platform), payment processing (Stripe), email delivery (SendGrid), analytics (Mixpanel, Google Analytics), customer support (Intercom), and AI infrastructure (OpenAI, Anthropic). All Subprocessors are bound by data processing terms that impose security and confidentiality obligations consistent with Article 28 GDPR.

We maintain an updated list of our subprocessors at https://siker.info/subprocessors. We will notify enterprise and institutional customers of any anticipated changes to that list as required by applicable Data Processing Agreements.

8.2 Business and Institutional Partners

When you access the Services through a business employer or educational institution, your data may be shared with such organization in accordance with the applicable Data Processing Agreement. Your employer or institution is the Controller in that relationship and is responsible for managing your privacy rights in that context.

8.3 Business Transfers

In the context of a merger, acquisition, reorganization, bankruptcy or sale of all or a substantial part of SIKER's assets, personal data may be transferred to the acquirer or successor entity. We will notify you of any such transfer via the email address associated with your account or by means of a prominent notice on our website prior to any transfer that would result in a material change to this Privacy Policy.

8.4 Legal and Safety Disclosures

We may disclose personal data: (i) when required by applicable law, regulation, court order or governmental request; (ii) to enforce our Terms of Service and protect our legal rights; (iii) to protect the safety, rights or property of SIKER, our users or the public; or (iv) to detect, prevent or address fraud, security vulnerabilities or technical issues.

9. International Data Transfers

SIKER operates from the United States. Your personal data may be processed in the United States and other countries where our subprocessors operate, including countries that may not offer the same level of data protection as your home jurisdiction.

For transfers of personal data from the European Economic Area, the United Kingdom or Switzerland to the United States or other third countries, SIKER relies on the following legal transfer mechanisms:

• Standard Contractual Clauses (SCCs) adopted by the European Commission (2021 SCCs), incorporated into all Data Processing Agreements with data controllers in the EU/EEA.
• The EU-U.S. Data Privacy Framework (DPF), to the extent that SIKER certifies its participation.
• Binding corporate rules or other appropriate safeguards as appropriate.

For transfers from Latin American jurisdictions, we apply equivalent safeguards required by applicable national data protection laws and disclose the identity of data recipients upon request.

10. Data Security

SIKER implements technical and organizational measures designed to protect personal data against unauthorized access, accidental loss, destruction and alteration. Our security program includes:

• Encryption of personal data in transit (TLS 1.2 or higher) and at rest (AES-256).
• Role-based access controls and multi-factor authentication for all systems containing personal data.
• Periodic penetration testing and vulnerability scanning as part of SIKER's vulnerability management process.
• Incident response plan and internal processes to monitor, detect, and respond to security events.
• Periodic review of internal security controls. SIKER works towards obtaining recognized security certifications as the organization grows.
• Training employees in security and confidentiality agreements.

In the event of a Personal Data Breach likely to result in a high risk to your rights and freedoms, we will notify you and, where required, the competent supervisory authority within the timeframes required by applicable law (no later than 72 hours for supervisory notifications under GDPR).

11. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, maintain your account, comply with legal obligations, resolve disputes, and enforce our agreements. Our standard retention periods are:

• Active account data: retained for the life of the account plus 3 years after account closure.
• Assessment and Career Data: Retained for 5 years from the date of creation to facilitate longitudinal career tracking, unless you request earlier deletion.
• Business and Institutional Implementation Data: Retained for the term of the applicable agreement plus 2 years, or as required by applicable law, whichever is longer.
• Transaction and billing records: retained for 7 years for compliance with tax and accounting obligations.
• AI training data (with consent): Pseudonymized and retained for the duration of consent, unless revoked sooner.
• Server and application logs: retained for 90 days and then deleted or anonymized.
• Marketing communications preferences: retained until you withdraw your consent or unsubscribe.

After the applicable retention period, the personal data is either securely deleted or anonymized so that it can no longer be attributed to an identifiable person.

12. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): request a copy of the personal data we hold about you, including information about how it is processed.
• Right to rectification (Art. 16 GDPR): request the correction of inaccurate or incomplete data.
• Right to deletion (Art. 17 GDPR / right to be forgotten): request the deletion of your personal data, subject to applicable legal retention requirements.
• Right to limit processing (Art. 18 GDPR): request that we limit the processing of your personal data in certain circumstances.
• Right to data portability (Art. 20 GDPR): receive your personal data in a structured, commonly used and machine-readable format.
• Right to object (Art. 21 GDPR): object to processing based on legitimate interests, including profiling and automated decision-making.
• Right to withdraw consent: withdraw previously granted consent at any time without affecting the lawfulness of prior Processing.
• Rights related to automated decision-making (Art. 22 GDPR): not to be subject to decisions based solely on automated processing that produce significant legal effects.
• CCPA/CPRA Rights: California residents have the right to know, delete, correct, object to the sale/sharing, and limit the use of sensitive personal information.

To exercise any of these rights, please submit a request to privacy@siker.info or through the privacy settings panel in your account. We will respond within 30 days (GDPR) or 45 days (CCPA). We may require identity verification before processing your request. We will not discriminate based on the exercise of your privacy rights. If you are located in the EEA, you have the right to lodge a complaint with your local data protection authority.

13. Business and Institutional Clients

When SIKER provides Services to an Enterprise Customer or Educational Institution (the Customer) under a separate subscription or enterprise agreement, the following applies:

• Customer as Controller: The Customer acts as the Controller of the Personal Data of its employees, students, or end users submitted to or collected through the Services. SIKER acts as the Processor and processes such data only in accordance with the Customer's documented instructions.
• Customer Responsibilities: Customer is responsible for providing appropriate privacy notices to its end users, obtaining required consents, and ensuring that its use of the Services complies with applicable data protection laws.
• Data Processing Agreement (DPA): Enterprise and institutional customers must execute a Data Processing Agreement (DPA) with SIKER before using the Services in a manner that involves Processing Personal Data of identified individuals.
• Educational Institutions and FERPA: For American educational institutions, SIKER is a school official with legitimate educational interest as defined by FERPA. Educational institutions are responsible for maintaining FERPA compliance within their implementation configuration.
• Audit Rights: Business clients and institutional partners have the right to audit SIKER's data processing activities upon reasonable prior notice, subject to the terms of the applicable Data Processing Agreement.

14. Cookies and Tracking Technologies

Please see our Cookies Policy (Document 3 of this pack) for full information about how we use cookies and similar technologies and how you can manage your preferences.

See our Cookie Policy (Document 3 of this framework) for full details and preference management.

We may update this Privacy Policy from time to time to reflect changes in our data practices, products or applicable law. We will notify you of material changes by posting a notice on our website and, where required by law, by sending you an email to the address associated with your account at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy.

16. Contact us

Data Protection Contact: SIKER - Privacy Team

Email: privacy@siker.info

privacy@siker.info

Related documents

Use of SIKER services is also subject to our Terms of Service.