Privacy Policy
Versão v1.0-2026-06-13
Last updated: June 11, 2026. Your privacy is a priority. This policy explains how we collect, use, and protect your data, in compliance with LGPD, COPPA, FERPA, and GDPR.
1. Who we are
MyVocationAi is a K-12 vocational discovery SaaS platform operated by MyVocationAi Tecnologia Ltda., headquartered in São Paulo, Brazil. DPO contact: dpo@myvocationai.com.
2. Data collected
We collect: (a) registration (name, email, DOB, grade, school); (b) vocational test answers (free text); (c) derived profile (RIASEC/Gardner scores); (d) Career Coach conversations; (e) parental consent (signed PDF); (f) minimal technical data (login IP, timestamp, browser).
3. How we use data
Data is used EXCLUSIVELY to: (a) operate the service for you; (b) generate your personalized vocational report; (c) enable conversations with your counselor; (d) technical and legal support when necessary.
4. We do NOT
We do NOT sell your data to third parties. We do NOT use your data for targeted advertising. We do NOT share your identity with Anthropic (LLM provider) — only de-identified data per our D-arch-23 Privacy by Architecture.
5. De-identification (D-arch-23)
When sending context to Career Coach (AI), we apply automatic sanitizing: real name → "Student X", real school → "School Y", geographic references → broad ranges, exact dates → age ranges. The AI model NEVER sees who you are.
6. Where we store
Servers on AWS us-east-2 (Ohio, USA). Daily encrypted backup (GPG). AWS SOC 2 compliance. For Brazilian students, we will activate AWS sa-east-1 (São Paulo) when volume justifies.
7. Who can see your data
You. Your designated counselor at school. Parents/guardians (if minor) upon formal request. School staff (director, admin) on a need-to-know basis. MyVocationAi tech team (super_admin) only via registered investigation with justification (LGPD/GDPR: you can audit who viewed your data at /account/privacy).
8. Retention
We keep your data active while your account is active. After termination: 5 years for academic data (audit) and 0 days for sensitive data (immediate de-identification).
9. Your rights (LGPD Art. 18 / GDPR Art. 15-22)
You can: (a) access and export all your data; (b) correct inaccurate data; (c) delete your data (right to be forgotten); (d) request anonymization; (e) revoke consent; (f) see log of who accessed your data.
10. Cookies and tracking
We use strictly necessary cookies (session, preferences, theme). We do NOT use behavioral tracking cookies or advertising pixels.
11. Changes to this policy
Significant changes will be notified via email 30 days in advance. Current version: v1.0-2026-06-13.
12. How to exercise your rights
Email: dpo@myvocationai.com. Response within 15 business days. For minors, can be done by parents/legal guardians.