Privacy Policy

Version 1.8

Last updated: December 2025

What's Changed

Added a new section (“Admin Access and Moderation”) explaining what limited information administrators can view about user-generated decks, in line with GDPR data-minimization principles.

We value your privacy. This policy explains how IkigaiApp collects, uses, and protects your data in line with GDPR and privacy-by-design principles.

Data Controller

Service Controller: Salvatore Vivolo

Country: Italy

Project: IkigaiApp (early-stage personal project)

Physical Address: available upon formal motivated request

Contact Email: privacy@ikigaiapp.life

Data We Collect

•Account data you provide (email, name if given).
•Survey responses and self-assessment data.
•Optional demographic information you choose to share.
•Essential technical data for security and sessions.
•Pseudonymized audit logs (admin logs may include IP for security).
•Aggregated, anonymous statistics used exclusively to improve the experience.

Administrator Access and Moderation

For operational and security purposes, authorized administrators may access limited information about user-generated flashcard decks. This includes the deck name, number of cards, and an internal user identifier. The content of individual cards is not visible unless required for abuse prevention or safety checks. This access is strictly limited to platform maintenance, troubleshooting, and enforcing community guidelines, in line with the GDPR principle of data minimization.

Survey Data Explained

We use your responses to generate personalized insights and guidance across the four Ikigai spheres. Optional demographic fields help contextualize insights and are never used for advertising or profiling.

How We Use Your Data

•To generate personalized Ikigai insights.
•To provide contextualized recommendations using optional demographics.
•To personalize learning paths and guidance.
•To operate, secure, and improve the platform.
•To maintain limited security logs (deleted after 90 days).
•To communicate essential account updates.

Legal Bases

•Contract: to provide the service.
•Legitimate interests: to secure and improve the platform.
•Consent: for optional demographic fields.
•Consent: for future optional features that may require it.

External Service Providers (Processors)

•Vercel Inc. (EU/US) – Front-end hosting.
•Railway Corp. (US) – Backend/API hosting.
•MongoDB Atlas (EU/US) – Database and encrypted storage.
•Resend Inc. (US) – Transactional email delivery (e.g., magic links).
•Namecheap Inc. (US) – DNS and domain email services.
•These providers process only the minimum data required to operate the service under GDPR-compliant agreements. No third-party analytics or advertising tools are used.

Data Retention

We retain your data while your account is active. Audit logs are deleted after 90 days. When your account is deleted, data is erased or irreversibly anonymized.

Sharing

We do not sell your personal data. We share only what is strictly necessary with the trusted processors listed above. Anonymous, aggregated statistics may be used internally to improve performance.

AI Processing

IkigaiApp only uses lightweight classification of individual terms (passions/skills/jobs). No other personal data is transmitted, and no data is used to train AI models.

Your Rights

•Access, rectify, or erase your data.
•Download your data in JSON/CSV format.
•Account deletion with irreversible anonymization.
•Restrict or object to processing.
•File a complaint with a supervisory authority.

To exercise your rights: data-rights@ikigaiapp.life

Contact

Privacy questions: privacy@ikigaiapp.life • General support: support@ikigaiapp.life