Privacy Policy
Effective Date: 10 April 2026
Last Updated: 13 April 2026
Version 1.0
1. Introduction
RoleAbility (“we”, “us”, or “our”) is a product trade name of VCNS TECH LTD, committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how VCNS TECH LTD collects, uses, stores, and protects your information when you use our website, platform, and services.
This policy applies to:
- Visitors to our website
- Registered users (free and paid subscribers)
2. Data Controller
RoleAbility is a trading name of VCNS Tech Ltd, a company registered in the United Kingdom. VCNS Tech Ltd acts as the Data Controller for the purposes of the UK General Data Protection Regulation (UK GDPR).
VCNS Tech Ltd
Trading as RoleAbility
United Kingdom
Email: enquiries@vcns.tech
Website: https://roleability.com
3. Data We Collect
3.1 Account Data
- Name
- Email address
- Authentication credentials
3.2 Profile and Career Data
- CV or résumé content
- Skills, experience, and employment history
- Job preferences
- Application tracking data
3.3 Platform Usage Data
- Feature usage and interaction patterns
- Match scores and match breakdown analytics
- Job view history (which listings you viewed, when, and how many times)
- Behavioural events — including login activity, searches executed, CV uploads, and applications submitted — logged with timestamps and contextual metadata
- Weekly performance snapshots — aggregated weekly metrics including application count, average match score, views, and percentile rank
- User-configured performance targets (e.g. weekly application goals, match score thresholds)
- Saved searches and alert preferences
- Match feedback and role comparison history
3.4 Payment Data
- Subscription status
- Subscription tier
- Payment method
- Billing cycle
- Billing address
- Billing history
Payment card details are not stored by RoleAbility. All payments are securely processed by Stripe (a PCI DSS compliant third-party payment processor) in accordance with their privacy policy. Future payment methods (e.g. Apple Pay, Google Pay) will also be processed via PayPal or Stripe and are subject to the same data handling practices.
3.5 Technical Data
- IP address
- Approximate geolocation (country and region, derived from IP address by our hosting infrastructure — Cloudflare)
- Browser type and version
- Device identifiers
- Operating system
- Authentication session identifiers (stored as secure, HTTP-only cookies)
- HTTP referrer and entry page
- Timestamps of platform interactions
- Session and request logs
3.6 Analytics Data
- Page visits
- Click behaviour
- Performance and usage metrics
4. How We Collect Data
We collect data through the following methods:
- Directly from you during account registration and platform use
- Automatically via cookies and analytics tools
- Through third-party service providers such as payment processors
5. Lawful Basis for Processing
We process personal data in accordance with the UK GDPR and Data Protection Act 2018. The table below sets out each processing activity and the legal basis on which we rely.
| Legal Basis | Processing Activity |
|---|---|
| Contractual Necessity | Account creation, authentication, and platform access |
| Contractual Necessity | CV parsing, skill extraction, and job match scoring — core features of the service you signed up for |
| Contractual Necessity | Application tracking, performance summaries, and personalised strategy recommendations |
| Contractual Necessity | Processing subscription payments and managing your billing relationship with us |
| Contractual Necessity | Email verification and essential service communications (e.g. password reset, subscription notices) |
| Legitimate Interests | Logging behavioural events (searches, views, logins) to personalise job recommendations and improve suggestion quality |
| Legitimate Interests | Benchmarking your match scores against anonymised, aggregated data from other users to compute a percentile ranking |
| Legitimate Interests | Producing anonymised market intelligence (e.g. trending skills, average match rates) from platform-wide activity — no individual data is exposed |
| Legitimate Interests | Security monitoring, fraud prevention, request logging, and platform integrity |
| Legitimate Interests | Improving matching algorithms and platform features using aggregated usage data |
| Consent | Marketing and promotional communications (you may withdraw consent at any time) |
| Consent | Non-essential analytics cookies and third-party tracking tools |
| Legal Obligation | Retaining financial and subscription records as required by UK tax and accounting legislation |
| Legal Obligation | Responding to lawful requests from regulators, courts, or law enforcement authorities |
6. How We Use Your Data
We use your data to:
- Provide and operate the RoleAbility platform
- Parse and extract skills and experience from uploaded CVs to enable job matching
- Analyse job compatibility and generate match scores against your profile
- Track your application activity and produce weekly performance summaries
- Benchmark your performance against anonymised, aggregated data from other platform users to produce a percentile ranking
- Contribute to and display anonymised, platform-wide market intelligence (e.g. trending skills, average match scores) — no individual data is ever exposed in these outputs
- Generate personalised career insights and recommendations
- Improve our matching algorithms and platform features
- Process subscriptions and payments
- Communicate with you, including account verification and service updates
- Ensure platform security and integrity
7. AI and Automated Processing
RoleAbility uses automated data analysis to personalise your experience. Specifically, our systems perform the following automated processing on your data:
CV Parsing and Skill Extraction
When you upload a CV, our systems automatically extract and classify your skills, job titles, employment history, and estimated years of experience. This structured data forms the basis of all matching and analytics features.
Job Match Scoring
Each job listing is scored algorithmically against your profile, producing an overall match percentage and a breakdown across three dimensions: skill alignment (matched and missing skills), experience alignment (years and title relevance), and role alignment (weighted combination of both). Scores range from 30–100.
Behavioural Learning for Recommendations
Your job view history is used to adjust recommendation scores. Roles you have previously viewed receive a small relevance boost to reflect demonstrated interest. Already-applied roles are excluded from recommendations automatically.
Application Strategy and Behaviour Analysis
Based on your recent application history and average match scores, the platform automatically computes a personalised weekly application target, a recommended minimum match threshold, and focus areas derived from your strongest-performing job categories. Your application frequency, match score trend (improving, stable, or declining), and search broadness are also analysed to generate specific feedback.
Decision Confidence Scoring
A decision confidence indicator (Strong, Good, Fair, or Weak) is computed from the quality and volume of your application data relative to your percentile position on the platform. This is used to determine how much weight is given to personalised strategy recommendations.
All of the above outputs are advisory only. They are intended to inform and support your job search decisions, and do not constitute automated decision-making with legal or similarly significant effects within the meaning of UK GDPR Article 22.
8. Data Sharing
We do not sell your personal data. We may share your data with the following trusted third-party processors where necessary to operate the platform:
| Provider | Purpose | Data Shared |
|---|---|---|
| Cloudflare | Platform hosting, database, file storage, CDN, WAF, DNS and DDoS protection | All platform traffic, including IP addresses, request data, session tokens, and stored user data |
| Stripe | Payment processing, subscription management, and billing lifecycle | Billing details, subscription status, and payment method information. Card data is handled entirely by Stripe and never stored by RoleAbility. Stripe is PCI DSS compliant. |
| PayPal | Alternative payment processing (where selected by the user) | Billing details and payment method information. Payment data is handled entirely by PayPal and never stored by RoleAbility. |
Job data providers (Remotive, Adzuna, Reed, The Muse): These services are data sources, not data processors. RoleAbility fetches job listings from their APIs. No personal data about you is sent to these providers.
Employer websites: When you click “Apply” on a job listing, you are redirected to the employer's own recruitment system (e.g. Greenhouse, Lever, Workday, or their careers page). Any data you submit on those external sites is governed by that employer's own privacy policy.
We may also disclose personal data where required by law, court order, or regulatory authority, or in connection with a business merger, acquisition, or asset transfer, in which case we will notify you as required by applicable law.
9. International Data Transfers
Your data may be transferred and processed outside the United Kingdom or European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses and equivalent legal protections.
10. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law.
| Data Type | Retention Period |
|---|---|
| Account Data | For the duration of the account, plus up to 90 days after deletion to allow recovery. Permanently deleted thereafter. |
| CV and Profile Data | Until removed by the user, or upon account deletion — whichever occurs first. |
| Behavioural and Usage Data | Up to 12 months from the date of collection, or until account deletion — whichever occurs first. |
| Subscription and Billing Records | 6 years from the end of the subscription period, in accordance with UK HMRC record-keeping requirements. |
| Technical and Security Logs | Up to 90 days from collection, unless retained longer for active security incident investigation. |
| Analytics Data | Anonymised or aggregated within 12 months of collection. Anonymised aggregates may be retained indefinitely as they no longer constitute personal data. |
11. Data Security
We implement a range of technical and organisational security measures to protect your personal data against unauthorised access, loss, alteration, or disclosure:
- Encryption in transit: All data transmitted between your browser and our platform is encrypted (HTTPS).
- Encryption at rest: Data stored in our database is encrypted at rest by our hosting infrastructure.
- Credential security: Passwords are never stored in plain text and are cryptographically hashed before storage.
- Session security: Authentication sessions are managed using secure cookies and industry-standard session controls.
- Network-level protections: Our infrastructure includes DDoS mitigation, traffic filtering, and abuse prevention controls.
- Access controls: Internal systems and administrative functions are access-controlled and not exposed to end users.
- Monitoring: Platform activity is monitored for security incidents and anomalous behaviour.
While we strive to protect your data, no system can be guaranteed completely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected users in accordance with our obligations under UK GDPR.
12. Cookies and Tracking
We use cookies in accordance with the Privacy and Electronic Communications Regulations (PECR) and UK GDPR. Cookies are small text files stored on your device when you visit our platform.
Essential Cookies
These cookies are strictly necessary for the platform to function. They do not require your consent and cannot be disabled without preventing you from using core features.
| Cookie | Purpose | Duration |
|---|---|---|
| authjs.session-token | Maintains your authenticated session so you remain logged in while using the platform. | Session / 30 days |
| __Secure-authjs.session-token | Secure variant of the above, used when accessed over HTTPS. | Session / 30 days |
Analytics Cookies
We may use analytics tools to understand how visitors use our platform, helping us improve features and performance. These cookies are only set with your consent, which you may withdraw at any time.
| Cookie | Purpose | Duration |
|---|---|---|
| Analytics provider cookies | Page visit and interaction analytics to improve platform performance and usability. | Up to 2 years |
You can manage or withdraw consent for non-essential cookies at any time via the cookie preference controls on the platform, or by adjusting your browser settings. Disabling analytics cookies will not affect your ability to use the platform.
13. Your Rights
You have a number of rights in relation to your personal data under UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). These are set out below.
Right of Access (Art. 15 UK GDPR)
You have the right to request a copy of the personal data we hold about you, along with information about how and why we process it.
Right to Rectification (Art. 16 UK GDPR)
You have the right to request that we correct inaccurate personal data or complete incomplete data we hold about you.
Right to Erasure (Art. 17 UK GDPR)
You have the right to request that we delete your personal data in certain circumstances — for example, where the data is no longer necessary for the purpose it was collected, or where you withdraw consent and there is no other lawful basis for processing. You can initiate account deletion directly from your profile settings.
Right to Restrict Processing (Art. 18 UK GDPR)
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as where you contest its accuracy or have objected to processing pending verification of our legitimate grounds.
Right to Data Portability (Art. 20 UK GDPR)
Where processing is based on your consent or a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible.
Right to Object (Art. 21 UK GDPR)
You have the right to object to processing of your personal data where we rely on legitimate interests as the lawful basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, or the processing is necessary for legal claims.
Right to Withdraw Consent (Art. 7(3) UK GDPR)
Where we process your data on the basis of your consent (for example, for marketing communications or analytics cookies), you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Rights Related to Automated Processing (Art. 22 UK GDPR)
Our automated scoring and recommendations are advisory only and do not constitute solely automated decision-making with legal or similarly significant effects (as explained in §7). However, you have the right to request a human review of any automated output, to express your view, and to contest any result. Contact us at the details in §16 to exercise this right.
Right to Opt Out of Direct Marketing (PECR Reg. 21–22)
Under PECR, you have the right to opt out of direct electronic marketing communications at any time. You can do this by clicking the unsubscribe link in any marketing email, or by contacting us directly at enquiries@roleability.com.
How to Exercise Your Rights
To exercise any of the above rights, please contact us at enquiries@roleability.com. We will respond within one calendar month of receiving your request. We may need to verify your identity before processing certain requests. There is no charge for exercising your rights, except in cases of manifestly unfounded or excessive requests.
If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): https://www.ico.org.uk
14. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect or process personal data from children.
To enforce this, we require all users to confirm they are aged 18 or over at the point of registration before an account can be created. If we become aware that an account has been created by a person under this age, we will promptly delete the account and all associated personal data.
15. Changes to our Privacy Policy
We may update our Privacy Policy from time to time. Updates will be published on this page with a revised effective date; we will also notify registered users via email. We encourage you to review this policy periodically to stay informed about how we are protecting your data. If we make material changes that significantly affect your rights or how we process your data, we will provide more prominent notice (e.g. email notification or in-app alert) and obtain consent where required by law.
16. Contact Us
For questions regarding this Privacy Policy or your personal data, please contact:
Email: enquiries@roleability.com
Website: https://roleability.com