Legal

Privacy Policy

Last updated: February 27, 2026

1. Controller

The data controller for HarmonyPath.ai is:

r6lab Radoslaw Jozefowicz
ul. Akacjowa 3, 55-003 Krzykow, Poland
VAT: PL9730929262
Email: contact@harmonypath.ai

2. What Data We Collect

2.1 Data you provide directly

When you purchase and complete a Career Clarity Report, we collect:

Email address — provided during the questionnaire
Questionnaire answers — your responses to the 12–14 career questions (current role, industry, skills, constraints, aspirations, and related information)

2.2 Data collected automatically

Payment data — processed entirely by Stripe. We do not store card numbers, bank details, or any payment instrument data. We receive only a Stripe session ID confirming payment status.
Server logs — standard AWS Lambda and API Gateway logs including IP address, request timestamps, and HTTP status codes. Retained for 30 days.

2.3 Data we do not collect

We do not collect your name unless you include it in a questionnaire answer
We do not use tracking pixels, advertising cookies, or behavioural analytics
We do not collect social media identifiers
We do not use session recording tools

3. How We Use Your Data

Purpose	Legal basis
Generating your Career Clarity Report	Performance of contract (Art. 6(1)(b) GDPR)
Sending your report and follow-up email	Performance of contract (Art. 6(1)(b) GDPR)
Responding to support requests	Legitimate interest (Art. 6(1)(f) GDPR)
Improving prompt quality using anonymised outputs	Legitimate interest (Art. 6(1)(f) GDPR)
Complying with tax and accounting obligations	Legal obligation (Art. 6(1)(c) GDPR)

We do not use your data for automated profiling or decision-making beyond the report generation pipeline described in our product.

4. AI Processing

Your questionnaire answers are submitted to third-party AI model APIs to generate your report:

Anthropic Claude — primary analysis pipeline (claude.ai API)
OpenAI GPT-4o — cross-validation stage

Your answers are sent to these services as part of API requests. Both Anthropic and OpenAI process data under their own privacy policies and data processing agreements. We do not instruct either provider to use your data to train their models. API requests are processed in transit and are not stored by these providers beyond their standard logging retention periods.

Your questionnaire answers and generated report are stored in our database (AWS DynamoDB, EU region) linked to your email address and a unique report ID.

5. Data Retention

Data type	Retention period
Questionnaire answers	12 months from submission
Generated report	12 months from generation
Email address	12 months from submission
Follow-up email records	12 months
Server logs	30 days
Stripe payment records	As required by Stripe and applicable tax law (typically 7 years)

After the retention period, questionnaire answers and reports are deleted from our database. Email records are removed from our email service provider (Resend).

6. Data Sharing

We share your data only with the following third-party processors, under data processing agreements where required:

Processor	Purpose	Location
Stripe	Payment processing	USA (EU SCCs in place)
Anthropic	AI report generation	USA (EU SCCs in place)
OpenAI	AI cross-validation	USA (EU SCCs in place)
AWS	Database and compute infrastructure	EU (eu-west-1)
Resend	Transactional email delivery	USA (EU SCCs in place)

We do not sell your personal data. We do not share your data with advertisers, data brokers, or any third party not listed above.

7. International Transfers

Where processors are located outside the European Economic Area (EEA), transfers are conducted under Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate safeguards under Chapter V of the GDPR.

8. Your Rights Under GDPR

As a data subject in the EEA, you have the following rights:

Right of access — request a copy of the personal data we hold about you
Right to rectification — request correction of inaccurate data
Right to erasure — request deletion of your data where no legal obligation requires retention
Right to restriction — request that we limit processing of your data
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interest
Right to withdraw consent — where processing is based on consent, withdraw at any time

To exercise any of these rights, email: contact@harmonypath.ai

We will respond within 30 days. We may ask you to verify your identity before processing the request.

You also have the right to lodge a complaint with a supervisory authority. The competent authority in Poland is:

Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warsaw
uodo.gov.pl

9. Security

We implement appropriate technical and organisational measures to protect your data, including:

HTTPS encryption for all data in transit
AWS DynamoDB encryption at rest
Access to production systems restricted to the data controller
No plaintext storage of questionnaire answers

10. Children

HarmonyPath.ai is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted data, contact us at contact@harmonypath.ai and we will delete it promptly.

11. Changes to This Policy

We may update this policy to reflect changes in our practices or applicable law. Material changes will be notified by updating the "Last updated" date at the top of this page. Continued use of the service after the date of change constitutes acceptance of the updated policy.

12. Contact

Email: contact@harmonypath.ai
Post: r6lab Radoslaw Jozefowicz, ul. Akacjowa 3, 55-003 Krzykow, Poland