Compliance

Data Protection Impact Assessment

Version 1.0 · July 13, 2026 · Public summary

GDPR Article 35 requires a DPIA when processing is likely to result in a high risk to individuals — including profiling and automated scoring. This is our public summary; the full internal DPIA is available to supervisory authorities on request.

Available in 8 languages via the language switcher (top-right). The English version is authoritative.

1. Nature of processing

Kyrovo collects self-reported information about a user's work life (tasks, hours, energy, savings, monthly burn, employer, role, industry, metro) and derives two personal scores:

  • Career Resilience Score (CRS, 300-850)
  • AI Risk Score (per task, Low/Medium/High)

The scores are personal to the user, visible only to the user, and used only to generate a private 90-day plan and score history.

2. Purpose and legal basis

PurposeLegal basis (GDPR Art. 6)
Provide the scoring service the user asked forArt. 6(1)(b) — contract
Send account & security emailsArt. 6(1)(b) — contract
Product analytics (aggregate, opt-in)Art. 6(1)(a) — consent
Fraud prevention & abuse detectionArt. 6(1)(f) — legitimate interest
Comply with legal obligationsArt. 6(1)(c) — legal obligation

We do not rely on legitimate interest for profiling that produces significant effects.

3. Necessity & proportionality

  • Minimum data. Employer name is optional (used only for Layoff Radar). Age, gender, and ethnicity are never collected.
  • No third-party sharing. No CRS is shared with employers, insurers, lenders, ad networks, or data brokers — ever.
  • Retention. Score history: while your account exists. Deleted within 30 days of account deletion.
  • Storage. EU users: data resides in EU regions where our sub-processors offer that (see Sub-processors).

4. Risks to data subjects and mitigations

Risk: A CRS is leaked or shared without consent → reputational or employment harm.

Mitigation: Row-level security; scores never leave the user's authenticated session; no API exists to fetch another user's CRS; no employer or B2B product uses this data.

Risk: Automated scoring produces unfair or discriminatory output.

Mitigation: Weights are deterministic and published in the AI Model Card. Quarterly bias-drift testing. No demographic proxies in the score.

Risk: A user misinterprets the CRS as a diagnosis or prediction.

Mitigation: Every surface labels the score as informational; the AI Model Card lists limitations; support of human review on request.

Risk: Sensitive health-inference from energy/burnout inputs (Washington MHMDA scope).

Mitigation: Explicit consent gate before burnout inputs; consent revocable; separate Health Data Privacy Notice; data segregated from analytics pipelines.

Risk: Unauthorized access via account takeover.

Mitigation: OAuth via Google, PBKDF2-hashed passwords, session rotation, breach monitoring, optional 2FA on the roadmap.

5. Data subject rights

Under GDPR you have the right to access, rectify, erase, restrict, port, object, and — for profiling that produces significant effects — not to be subject to solely automated decisions. Kyrovo's scoring is informational only, but we honor all rights on request.

Exercise any right: privacy@getkyrovo.com · SLA: 30 days.

6. Consultation & review

This DPIA was reviewed internally by our Data Protection Officer and reviewed against the ICO DPIA template, CNIL DPIA guidance, and EDPB Guidelines 4/2019. It is reviewed at least annually, and immediately upon any material change to processing.

EU representative and DPO contact: privacy@getkyrovo.com.

This is a public summary. Supervisory authorities in the EU/EEA and UK may request the full internal DPIA at the contact above.