Privacy Policy

Last updated: 14 March 2026 · Version 1.0

1. Data Controller

SpokenCV Ltd ("we", "us", "our") is the data controller responsible for your personal data.

2. Data We Collect

Mechanics

  • Phone number (provided at registration)
  • Full name, location, qualifications, specialisms, experience level (extracted from voice interview)
  • Voice recording and transcript of interview (via Vapi.ai)
  • Employment status, role preferences, travel distance

Garage Managers

  • Email address, password (hashed)
  • Garage name, location
  • Payment information (processed by Stripe — we do not store card details)
  • Contact unlock and placement history

3. Purpose & Legal Basis

Purpose Legal Basis (GDPR)
Create and maintain your profile Consent (Art. 6(1)(a)) + Contract (Art. 6(1)(b))
Match mechanics with garages Contract (Art. 6(1)(b))
Process subscription payments Contract (Art. 6(1)(b))
Send OTP verification codes Contract (Art. 6(1)(b))
Improve our AI interview process Legitimate Interest (Art. 6(1)(f))

4. Third-Party Processors

We share data with these processors to operate our service:

Processor Purpose Data Shared
Vapi.ai AI voice interviews Phone number, voice recording, transcript
OpenAI Transcript analysis Interview transcript (for profile extraction)
Stripe Payment processing Email, garage name, payment details
Twilio SMS verification Phone number

5. Data Retention

  • Voice transcripts: Automatically anonymised after 90 days
  • Profile data: Kept until you request deletion or deactivate your account
  • Payment records: Retained for 6 years (UK legal requirement for financial records)
  • Account data: Deleted or anonymised upon request

6. Your Rights

Under GDPR, you have the right to:

  • Access — Download a copy of all your personal data
  • Rectification — Correct inaccurate data (mechanics: via profile edit; garages: contact us)
  • Erasure — Delete your account and all associated data
  • Portability — Export your data in a machine-readable format (JSON)
  • Withdrawal of consent — Withdraw consent at any time by deleting your account
  • Restriction — Request we limit processing of your data
  • Object — Object to processing based on legitimate interest

To exercise any of these rights, email admin@go-ops.digital or use the self-service options in your profile.

7. Cookies

We use only essential cookies:

  • Session cookie — Keeps you logged in
  • CSRF cookie — Protects against cross-site request forgery

We load fonts and styles from external CDNs (Google Fonts, Tailwind CSS, HTMX, Alpine.js). These services may set their own cookies. We do not use analytics or advertising cookies.

8. Data Security

  • All data transmitted over HTTPS (TLS encryption)
  • Passwords stored using Django's PBKDF2 hashing
  • Database hosted on AWS with encryption at rest
  • Access restricted to authorised personnel only

9. International Transfers

Some of our third-party processors (Vapi.ai, OpenAI, Stripe) may process data outside the UK/EEA. These transfers are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards as required by UK GDPR.

10. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

11. Changes to This Policy

We may update this policy from time to time. We will notify registered users of significant changes via email or SMS. The "Last updated" date at the top of this page indicates the most recent revision.

We use essential cookies for site functionality. We also load fonts and styles from external CDNs. Privacy Policy