Privacy Policy

Last updated: April 4, 2026

01Data Controller

Morerange S.L., CIF B70668637, c/de Fluvia 97, 1-14, 08019 Barcelona, Spain. Contact: aelita@morerange.it.

02Data We Collect

We collect and process the following categories of personal data:

  • Account data: email address, hashed password (managed by Supabase authentication).

  • Session data: audio recordings of interviewer speech (system audio capture), screenshots of interview screen content, OCR-extracted text from screen captures.

  • Profile data: resume text uploaded by the user for personalized AI responses.

  • Usage data: session timestamps, AI model usage, token consumption for billing purposes.

  • Payment data: transaction records processed by our payment provider (Paddle). We do not store credit card numbers or full payment details.

03Legal Basis for Processing

We process your data based on: (a) performance of a contract — to provide the Aelita service you have subscribed to; (b) legitimate interest — to improve service quality and prevent abuse; (c) consent — for optional features such as resume upload and voice hint preferences.

04How We Use Your Data

Audio and screen data are processed in real time to generate AI-powered hints during your interview session. Audio is transcribed using speech-to-text services, and screen content is analyzed via OCR. This data is sent to AI language models to produce contextual answers. Voice hints are synthesized using text-to-speech services (Microsoft Edge TTS) and delivered to your audio device. Session data is stored for session history and billing reconciliation.

05Third-Party Data Processors

To provide the service, your data may be processed by the following third-party providers:

Anthropic (USA)

AI language processing. Transcripts, OCR text, and resume data.

OpenAI (USA)

Alternative AI language model processing (if selected by user).

Groq (USA)

Speech-to-text transcription of audio data.

Deepgram (USA)

Real-time streaming speech-to-text (if selected by user).

Microsoft (USA)

Text-to-speech synthesis for voice hints (Edge TTS).

Supabase (EU/USA)

Authentication, database, and file storage.

Vercel (USA)

Web application hosting and delivery.

Railway (EU)

Server infrastructure hosting (europe-west4).

Paddle (UK)

Payment processing, VAT handling, and refunds as merchant of record.

06International Data Transfers

Some of the third-party providers listed above are located outside the European Economic Area (EEA), primarily in the United States. Where applicable, these transfers are governed by Standard Contractual Clauses (SCCs) as approved by the European Commission, or equivalent safeguards as required by GDPR Article 46. You can request details of the specific safeguards in place by contacting us.

07Data Retention

Audio data is processed in real time and not permanently stored on our servers. Transcripts, AI-generated answers, and session metadata are retained for the duration of your account. Resume text is retained until you delete it or close your account. Payment transaction records are retained as required by applicable tax and accounting regulations. When you delete your account, all personal data associated with it is permanently removed from our systems.

08Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Right of access: request a copy of your personal data.
  • Right to rectification: correct inaccurate personal data.
  • Right to erasure: request deletion of your personal data (“right to be forgotten”).
  • Right to restrict processing: limit how we use your data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interest.

You can exercise the right to erasure and data portability directly from your account profile. For all other requests, contact us at aelita@morerange.it. We will respond within 30 days.

09Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted data transmission (TLS), secure authentication via Supabase, and access controls on our server infrastructure.

10Cookies

We use essential cookies only for authentication and session management. We do not use tracking cookies or third-party analytics.

11Children

Aelita is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors.

12Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this page periodically.

13Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD) at www.aepd.es.

14Contact

For any questions regarding this Privacy Policy or your personal data, contact us at aelita@morerange.it.