Data Protection Impact Assessment
Version 1.0 · July 13, 2026 · Public summary
GDPR Article 35 requires a DPIA when processing is likely to result in a high risk to individuals — including profiling and automated scoring. This is our public summary; the full internal DPIA is available to supervisory authorities on request.
Available in 8 languages via the language switcher (top-right). The English version is authoritative.
1. Nature of processing
Kyrovo collects self-reported information about a user's work life (tasks, hours, energy, savings, monthly burn, employer, role, industry, metro) and derives two personal scores:
- •Career Resilience Score (CRS, 300-850)
- •AI Risk Score (per task, Low/Medium/High)
The scores are personal to the user, visible only to the user, and used only to generate a private 90-day plan and score history.
2. Purpose and legal basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide the scoring service the user asked for | Art. 6(1)(b) — contract |
| Send account & security emails | Art. 6(1)(b) — contract |
| Product analytics (aggregate, opt-in) | Art. 6(1)(a) — consent |
| Fraud prevention & abuse detection | Art. 6(1)(f) — legitimate interest |
| Comply with legal obligations | Art. 6(1)(c) — legal obligation |
We do not rely on legitimate interest for profiling that produces significant effects.
3. Necessity & proportionality
- •Minimum data. Employer name is optional (used only for Layoff Radar). Age, gender, and ethnicity are never collected.
- •No third-party sharing. No CRS is shared with employers, insurers, lenders, ad networks, or data brokers — ever.
- •Retention. Score history: while your account exists. Deleted within 30 days of account deletion.
- •Storage. EU users: data resides in EU regions where our sub-processors offer that (see Sub-processors).
4. Risks to data subjects and mitigations
Risk: A CRS is leaked or shared without consent → reputational or employment harm.
Mitigation: Row-level security; scores never leave the user's authenticated session; no API exists to fetch another user's CRS; no employer or B2B product uses this data.
Risk: Automated scoring produces unfair or discriminatory output.
Mitigation: Weights are deterministic and published in the AI Model Card. Quarterly bias-drift testing. No demographic proxies in the score.
Risk: A user misinterprets the CRS as a diagnosis or prediction.
Mitigation: Every surface labels the score as informational; the AI Model Card lists limitations; support of human review on request.
Risk: Sensitive health-inference from energy/burnout inputs (Washington MHMDA scope).
Mitigation: Explicit consent gate before burnout inputs; consent revocable; separate Health Data Privacy Notice; data segregated from analytics pipelines.
Risk: Unauthorized access via account takeover.
Mitigation: OAuth via Google, PBKDF2-hashed passwords, session rotation, breach monitoring, optional 2FA on the roadmap.
5. Data subject rights
Under GDPR you have the right to access, rectify, erase, restrict, port, object, and — for profiling that produces significant effects — not to be subject to solely automated decisions. Kyrovo's scoring is informational only, but we honor all rights on request.
Exercise any right: privacy@getkyrovo.com · SLA: 30 days.
6. Consultation & review
This DPIA was reviewed internally by our Data Protection Officer and reviewed against the ICO DPIA template, CNIL DPIA guidance, and EDPB Guidelines 4/2019. It is reviewed at least annually, and immediately upon any material change to processing.
EU representative and DPO contact: privacy@getkyrovo.com.
This is a public summary. Supervisory authorities in the EU/EEA and UK may request the full internal DPIA at the contact above.