Login
← Back to Home

Privacy Policy

Last Updated: December 6, 2025

Last Updated: December 6, 2025

This Privacy Policy describes how STVIGA LLC ("AHRAS," "we," "us," or "our") collects, uses, stores, and shares your information when you use our AI-powered job description generation service at ahras.io (the "Website") and related services, features, and applications (collectively, the "Service").

By using AHRAS, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. How We Share Your Information
  4. AI Services and Generated Content
  5. Cookies and Tracking Technologies
  6. Data Security
  7. Data Retention
  8. Your Privacy Rights
  9. International Data Transfers
  10. Children's Privacy
  11. Third-Party Services
  12. Changes to This Privacy Policy
  13. Contact Us
  14. Appendix: Definitions

1. Information We Collect

We collect information about you in various ways when you use AHRAS. This includes information you provide directly, information we collect automatically, and information we receive from third-party authentication services.

1.1 Information You Provide Directly

Account Information: When you create an AHRAS account, we collect:

  • Email address
  • Full name
  • Account credentials (when using email/password registration)
  • Company name (optional)
  • Job title or role (optional)
  • Profile preferences

Authentication via Third Parties: When you register or log in using Google or Apple Sign-In:

  • Your name and email address from the authentication provider
  • Profile picture (if provided by the authentication service)
  • Unique identifier from the authentication provider

Note: We do not receive or store your Google or Apple password.

Job Description Content: When you use AHRAS to generate job descriptions, we collect:

  • Selected professional role (Backend Engineer, Product Manager, UX/UI Designer, etc.)
  • Seniority level (Junior, Middle, Senior, Lead)
  • Technology stack selections (programming languages, frameworks, tools)
  • Company information you provide (name, industry, benefits)
  • Soft skills selections
  • Tone and style preferences (Formal, Friendly, Concise, Detailed)
  • Custom inputs and modifications to generated content
  • Export format preferences

Usage History: We store:

  • Previously generated job descriptions
  • Templates you create or save
  • Generation history and timestamps
  • Editing activity

Communication Information: When you contact our support team, we collect:

  • Your name and email address
  • The content of your messages
  • Any attachments or screenshots you send
  • Support ticket metadata

Payment Information: If you subscribe to a paid plan, our payment processor (Stripe) collects:

  • Credit card or payment method details
  • Billing address
  • Payment transaction history
  • Subscription status

Note: We do not directly store your full credit card details. Our payment processor handles this in compliance with PCI-DSS standards.

1.2 Information We Collect Automatically

Usage Information: When you use AHRAS, we automatically collect:

  • Pages and features you access
  • Job descriptions you generate (number, roles, formats)
  • Time spent on different sections
  • Click patterns and navigation flow
  • Feature usage frequency
  • Search queries within the Service
  • Device information (type, operating system, browser type and version)
  • IP address and general geolocation (country/city level)
  • Screen resolution and display settings

Log Data: Our servers automatically record information including:

  • Your IP address
  • Browser type and version
  • Pages you visit and duration
  • Referring/exit pages
  • Date and time stamps
  • API requests and responses
  • Error logs and crash reports

Performance Data: We collect technical performance metrics:

  • Page load times
  • API response times
  • Generation success/failure rates
  • Service uptime and availability

Cookies and Similar Technologies: We use cookies, web beacons, local storage, and similar technologies to:

  • Keep you logged in across sessions
  • Remember your preferences and settings
  • Analyze usage patterns and optimize performance
  • Provide personalized experiences
  • Track subscription status
  • Improve the Service

See Section 5 for detailed information about cookies.

1.3 Information from Third-Party Services

Google Sign-In: When you authenticate using Google:

  • We receive your name, email address, and profile picture
  • We receive a unique Google user identifier
  • We may access basic profile information as permitted by Google's OAuth scopes

Apple Sign-In: When you authenticate using Apple:

  • We receive your name and email address (or Apple's private relay email)
  • We receive a unique Apple user identifier
  • Apple may provide a privacy-focused email relay address

Important: You can manage or revoke AHRAS's access to your Google or Apple account at any time through:

  • Google: https://myaccount.google.com/permissions
  • Apple: Settings → Apple ID → Password & Security → Apps Using Your Apple ID

1.4 Information from Other Users

If your organization uses AHRAS and another team member invites you to collaborate or share templates, we may receive your email address and related information from that user.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Improve the Service

  • Create and maintain your account
  • Authenticate your identity
  • Generate AI-powered job descriptions based on your inputs
  • Store and organize your generation history
  • Provide search, filtering, and template management features
  • Sync your data across devices
  • Personalize your experience based on role preferences
  • Develop new features and improve existing ones
  • Train and refine our AI models for better output quality
  • Analyze usage patterns to optimize performance
  • Debug and fix technical issues

2.2 To Process Payments and Manage Subscriptions

  • Process subscription payments
  • Manage billing and invoicing
  • Send payment receipts and transaction confirmations
  • Handle subscription upgrades, downgrades, and cancellations
  • Prevent fraudulent transactions
  • Enforce usage limits based on subscription tier

2.3 To Communicate With You

  • Send you service-related announcements
  • Respond to your questions and support requests
  • Send subscription renewal reminders
  • Send you updates about new features and improvements (if you opt in)
  • Send you marketing communications (with your consent, and with easy opt-out)
  • Request feedback or participation in surveys
  • Notify you about changes to our Terms of Service or Privacy Policy

2.4 For Security and Fraud Prevention

  • Protect against unauthorized access
  • Detect and prevent fraud, spam, and abuse
  • Verify your identity during authentication
  • Monitor for suspicious activity
  • Enforce our Terms of Service and acceptable use policies
  • Comply with legal obligations

2.5 For Analytics and Research

  • Understand how users interact with AHRAS
  • Analyze aggregate usage patterns
  • Measure feature adoption and effectiveness
  • Conduct A/B testing for new features
  • Generate anonymized statistical data
  • Improve AI model performance through aggregated feedback

2.6 For Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and prevent harm
  • Protect our rights, property, and intellectual property
  • Enforce our agreements

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following limited circumstances:

3.1 Service Providers

We share information with third-party service providers who help us operate AHRAS:

Infrastructure Providers:

  • Cloud hosting services (e.g., Vercel, Supabase)
  • Content delivery networks (CDNs)
  • Database services and storage providers

AI and Machine Learning Services:

  • AI model providers for job description generation (OpenAI GPT-4)
  • Natural language processing services
  • Quality and accuracy improvement services

Payment Processors:

  • Stripe (for processing subscription payments and managing billing)
  • Payment processors handle financial information according to their own privacy policies and PCI-DSS standards

Authentication Services:

  • Google OAuth for Google Sign-In
  • Apple Sign-In for Apple authentication
  • Supabase Auth for authentication management

Analytics Services:

  • Usage analytics providers (e.g., PostHog, Vercel Analytics)
  • Error tracking services (e.g., Sentry)
  • Performance monitoring tools

Communication Services:

  • Email service providers (for transactional and marketing emails)
  • Customer support platforms (for ticket management)

All service providers are contractually obligated to:

  • Use your information only to provide services to us
  • Maintain appropriate security measures
  • Not use your information for their own purposes
  • Comply with applicable data protection laws

3.2 With Your Consent

We may share your information when you explicitly consent, such as:

  • When you choose to share generated job descriptions publicly
  • When you share templates with specific users or teams
  • When you connect AHRAS with third-party integrations
  • When you authorize data sharing for collaboration features

3.3 For Legal Reasons

We may disclose your information if required to:

  • Comply with legal obligations (subpoenas, court orders, legal processes)
  • Enforce our Terms of Service and acceptable use policies
  • Protect the rights, property, or safety of STVIGA LLC, our users, or the public
  • Detect, prevent, or address fraud, security issues, or technical problems
  • Respond to government requests in accordance with applicable law
  • Investigate potential violations of our terms or policies

3.4 Business Transfers

If STVIGA LLC or AHRAS is involved in a merger, acquisition, sale of assets, or bankruptcy:

  • Your information may be transferred to the acquiring entity
  • We will notify you via email and/or prominent notice on our Service at least 30 days before transfer
  • The acquiring entity will be bound by this Privacy Policy unless you consent to a new policy
  • You will have the option to delete your account before the transfer

3.5 Aggregate and Anonymized Data

We may share aggregate, anonymized, or de-identified information that cannot reasonably be used to identify you:

  • Usage statistics and trends (e.g., "80% of users generate Backend Engineer roles")
  • Industry benchmarks and insights
  • Research findings for improving AI models
  • Performance metrics and service quality indicators

This data does not contain Personal Information and cannot be linked back to you.

3.6 Public Information

If you choose to make job descriptions public or share them with specific links:

  • Anyone with the link can view that content
  • Search engines may index public content
  • Other users may see your username or company name associated with public templates

You control what information is made public through your privacy settings and sharing preferences.

4. AI Services and Generated Content

AHRAS uses artificial intelligence and machine learning models to generate job description content. This section explains how we handle AI-related data.

4.1 AI Model Providers

We use third-party AI services (such as OpenAI GPT-4) to power job description generation. Your inputs are sent to these providers' APIs to generate content.

Data Sent to AI Providers:

  • Role selection and seniority level
  • Technology stack and skills
  • Company information and benefits
  • Tone and style preferences
  • Custom text inputs

Data NOT Sent to AI Providers:

  • Your email address or personal contact information
  • Payment information
  • Account credentials
  • Usage history beyond the current generation request

4.2 How We Use AI-Generated Content

Storage:

  • We store generated job descriptions in your account
  • Content is tied to your user account and generation history
  • You retain ownership of the generated content

Model Training: We may use aggregated, anonymized data from generation requests to:

  • Improve AI model performance
  • Refine prompt engineering
  • Enhance content quality and relevance
  • Train custom models specific to job description generation

Important: We do not use your specific company information, proprietary details, or identifiable content to train public AI models without explicit consent.

4.3 Content Ownership and Rights

Your Rights:

  • You own the generated job descriptions
  • You can use, modify, publish, and distribute the content as you see fit
  • You can delete generated content from your account at any time

Our Rights:

  • We retain the right to use anonymized, aggregated patterns from generations to improve the Service
  • We may analyze generation success rates and content quality for service optimization
  • We reserve the right to remove content that violates our Terms of Service

4.4 AI Model Compliance

Our use of third-party AI services complies with:

  • Provider terms of service and acceptable use policies
  • Data protection and privacy requirements
  • Industry best practices for AI governance

We regularly review AI provider policies to ensure alignment with our privacy commitments.

4.5 Limitations and Disclaimers

AI-Generated Content:

  • May not always be factually accurate or suitable for your specific needs
  • Should be reviewed and edited before publication
  • May reflect biases present in training data
  • Is provided "as is" without guarantees of fitness for a specific purpose

You are responsible for reviewing and ensuring the appropriateness of generated content before using it in production.

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device when you visit websites. We use cookies and similar technologies (web beacons, pixels, local storage, session storage) to enhance your experience and provide core functionality.

5.2 Types of Cookies We Use

Essential Cookies (Required):

  • Authentication: Keep you logged in across sessions
  • Security: Prevent CSRF attacks and enhance security
  • Session management: Maintain your session state
  • Subscription status: Track your plan and feature access

Functional Cookies (Optional):

  • Preferences: Remember your language, theme, and display settings
  • Role defaults: Remember frequently used role selections
  • Feature toggles: Enable specific functionality you've requested

Analytics Cookies (Optional):

  • Usage tracking: Understand feature adoption and user flows
  • Performance monitoring: Identify bottlenecks and technical issues
  • A/B testing: Test new features with different user cohorts
  • Conversion tracking: Measure subscription and feature usage

Marketing Cookies (Optional, if applicable):

  • Campaign tracking: Measure effectiveness of marketing campaigns
  • Attribution: Understand how users discover AHRAS
  • Retargeting: Show relevant ads on other platforms (with explicit consent)

5.3 Third-Party Cookies

We may use third-party services that set their own cookies:

  • PostHog / Vercel Analytics: Product analytics and user behavior tracking
  • Stripe: Payment processing and subscription management
  • Google Sign-In / Apple Sign-In: Authentication services

These third parties have their own privacy policies governing their use of cookies.

5.4 Managing Cookies

Browser Controls: Most browsers allow you to:

  • View and delete cookies
  • Block all cookies (may break functionality)
  • Block third-party cookies only
  • Clear cookies when you close your browser
  • Set cookie preferences per website

Our Cookie Settings: You can manage your cookie preferences in your AHRAS account settings:

  • Essential cookies cannot be disabled (required for core functionality)
  • You can opt out of analytics and marketing cookies
  • Changes take effect immediately

Note: Blocking essential cookies will prevent you from using AHRAS properly, including logging in and generating job descriptions.

Opt-Out Tools:

  • Do Not Track: We respect browser Do Not Track (DNT) signals for non-essential tracking

5.5 Local Storage and Session Storage

We use browser local storage and session storage to:

  • Cache generation results for faster access
  • Store draft inputs temporarily
  • Maintain UI state across page refreshes
  • Reduce unnecessary API calls

You can clear local storage through your browser settings.

6. Data Security

6.1 Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards:

  • Encryption in transit: All data transmitted between your device and our servers uses TLS 1.2+ (SSL/HTTPS)
  • Encryption at rest: Sensitive data is encrypted in our databases using AES-256
  • Secure password hashing: Passwords are hashed using bcrypt with strong salt
  • API security: Secure authentication using OAuth 2.0 and JWT tokens
  • Regular security audits: Vulnerability assessments and penetration testing
  • Firewall protection: Network-level security and intrusion detection systems
  • DDoS protection: Mitigation strategies for denial-of-service attacks

Organizational Safeguards:

  • Access controls: Least privilege principle for employee and contractor access
  • Employee training: Regular security awareness and data protection training
  • Confidentiality agreements: All staff and contractors sign NDAs
  • Incident response procedures: Defined processes for security breach response
  • Background checks: For employees with access to sensitive systems

Infrastructure Security:

  • Hosting: Reputable cloud providers with SOC 2 Type II compliance
  • Regular backups: Automated daily backups with encryption
  • Disaster recovery: Documented procedures for data recovery and business continuity
  • Monitoring: 24/7 automated monitoring for suspicious activity

6.2 Payment Security

  • All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor
  • We do not store full credit card numbers on our servers
  • Stripe tokenizes payment information for secure recurring billing
  • Payment data is encrypted and handled according to PCI-DSS standards

6.3 Limitations

While we take security seriously, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

Your Responsibilities:

  • Use a strong, unique password for your AHRAS account
  • Enable two-factor authentication if available
  • Keep your password confidential and do not share it with others
  • Log out when using shared or public devices
  • Keep your email account secure (used for password recovery)
  • Notify us immediately of any unauthorized access or suspicious activity

6.4 Data Breach Notification

In the event of a data breach that affects your personal information:

  • We will notify you via email within 72 hours of discovering the breach (as required by GDPR)
  • We will describe what information was compromised
  • We will explain the potential impact and risks
  • We will outline steps we're taking to address the breach and prevent future occurrences
  • We will provide recommendations for protecting yourself (e.g., changing passwords)
  • We will notify relevant regulatory authorities as required by law

7. Data Retention

7.1 How Long We Keep Your Data

Active Accounts: We retain your information for as long as your account is active and as necessary to provide the Service.

Inactive Accounts:

  • Accounts inactive for 24+ months may be flagged for deletion
  • We will send email notifications before deleting inactive accounts
  • You can reactivate your account by logging in

Deleted Accounts: When you delete your account:

  • Most personal information is deleted within 30 days
  • Generated job descriptions and templates are deleted immediately upon account closure
  • Some information may be retained in encrypted backups for up to 90 days for recovery purposes
  • Certain data may be retained longer for legal compliance (see below)

7.2 Specific Retention Periods

Account Information:

  • Deleted 30 days after account closure
  • Email address may be retained in hashed form to prevent re-registration abuse

Generated Content:

  • Job descriptions: Deleted with account or when you manually delete
  • Templates: Deleted with account or when you manually delete
  • Generation history: Deleted with account

Log Data:

  • Access logs: Retained for 12 months for security and analytics
  • Error logs: Retained for 6 months for debugging
  • Performance metrics: Retained for 24 months in aggregated form

Payment Records:

  • Transaction history: Retained for 7 years for tax, accounting, and legal compliance
  • Invoices and receipts: Retained for 7 years
  • Subscription history: Retained for 3 years after subscription ends

Support Communications:

  • Support tickets: Retained for 3 years
  • Chat transcripts: Retained for 1 year

7.3 Legal and Compliance Retention

We may retain certain information longer if required by law or for:

  • Tax and accounting purposes: 7 years (IRS requirements)
  • Legal disputes: Until dispute is resolved
  • Fraud prevention: Hashed identifiers may be retained indefinitely
  • Regulatory compliance: As required by applicable laws

7.4 Anonymized Data

After the retention period, we may retain anonymized or aggregated data indefinitely for:

  • Analytics and research
  • Service improvement
  • Industry benchmarking

This data cannot be used to identify you and is not considered Personal Information.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information.

8.1 Rights for All Users

Access:

  • Request a copy of the personal information we hold about you
  • Receive data in a structured, machine-readable format (JSON, CSV)

Correction:

  • Request correction of inaccurate or incomplete information
  • Update your account information directly through settings

Deletion:

  • Request deletion of your personal information (subject to legal retention requirements)
  • Delete your account and all associated data through account settings

Data Portability:

  • Export your generated job descriptions and templates
  • Receive your data in common formats (TXT, Markdown, HTML, PDF)

Object to Processing:

  • Object to certain types of processing (e.g., marketing communications)
  • Opt out of analytics and non-essential cookies

Withdraw Consent:

  • Withdraw consent for processing based on consent (e.g., marketing emails)
  • Changes take effect immediately

8.2 European Union (GDPR) Rights

If you're in the EU/EEA or UK, you have additional rights under GDPR:

Right to Restriction of Processing:

  • Request limitation of how we process your data in certain circumstances

Right to Lodge a Complaint:

  • File a complaint with your local supervisory authority
  • Contact information for EU data protection authorities: https://edpb.europa.eu/about-edpb/board/members_en

Right to Object to Automated Decision-Making:

  • Object to decisions based solely on automated processing (including AI generation)
  • Request human review of automated decisions

Legal Basis for Processing: We process your data based on:

  • Contract: To provide the Service you've subscribed to
  • Consent: For marketing communications and non-essential cookies
  • Legitimate interests: To improve the Service, prevent fraud, and ensure security
  • Legal obligations: To comply with applicable laws and regulations

8.3 California (CCPA/CPRA) Rights

If you're a California resident, you have rights under CCPA/CPRA:

Right to Know:

  • What personal information we collect
  • How we use and share your information
  • Categories of third parties we share with

Right to Delete:

  • Request deletion of your personal information (subject to exceptions)

Right to Opt-Out:

  • Opt-out of the sale of personal information (we do not sell personal information)
  • Opt-out of sharing for targeted advertising

Right to Non-Discrimination:

  • We will not discriminate against you for exercising your rights
  • Same service quality regardless of privacy choices

California Disclosures:

  • Categories collected: See Section 1
  • Business purposes: See Section 2
  • Third parties: See Section 3
  • We do not sell personal information

8.4 How to Exercise Your Rights

Automated Tools:

  • Account Settings: Access, update, and delete your data directly
  • Export Data: Download your generated job descriptions and templates
  • Delete Account: Permanently delete your account and all data

Contact Us:

  • Email: support@stviga.com
  • Subject Line: "Privacy Rights Request"
  • Include: Your name, email address, and specific request

Response Time:

  • 30 days for most requests
  • 45 days for complex requests (we'll notify you if we need extra time)
  • We may need to verify your identity before processing your request

Identity Verification: To protect your privacy, we may ask you to:

  • Confirm your email address
  • Answer security questions
  • Provide additional identification for sensitive requests

9. International Data Transfers

9.1 Where We Process Data

AHRAS is operated by STVIGA LLC, a company registered in New Mexico, USA, with a business office in Lithuania.

Your information may be transferred to and processed in:

  • United States (primary data center location)
  • European Union (if applicable for EU users)
  • Other locations where our service providers operate

9.2 Legal Basis for Transfers

When we transfer data internationally, we rely on:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission for EU-US transfers
  • Adequacy decisions: By the European Commission or other relevant authorities
  • Your explicit consent: When you choose to use the Service knowing data will be transferred
  • Other legal transfer mechanisms: As appropriate under applicable law

9.3 EEA and UK Users

If you're in the European Economic Area or United Kingdom:

Legal Grounds for Processing:

  • Contract performance: To provide the Service
  • Legitimate interests: To improve the Service and prevent fraud
  • Consent: For marketing and non-essential processing
  • Legal obligations: To comply with laws

Your Rights:

  • You have rights under GDPR (see Section 8.2)
  • We implement appropriate safeguards for international transfers
  • You can contact our EU representative (see Section 13.3)

Data Protection Officer: We have appointed a Data Protection Officer for GDPR compliance (see Section 13.2).

9.4 Safeguards for International Transfers

We implement appropriate safeguards including:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Contractual obligations with service providers
  • Regular security audits and assessments
  • Compliance with EU-US data transfer frameworks

10. Children's Privacy

10.1 Age Restriction

AHRAS is not intended for children under 13 years of age (or the applicable age in your jurisdiction, such as 16 in the EU).

We do not knowingly collect personal information from children under these ages without parental consent.

10.2 If We Learn of Child Data

If we discover we have collected information from a child without proper parental consent:

  • We will delete that information as soon as possible
  • We will terminate the child's account immediately
  • We will notify parents if required by law

10.3 Parental Concerns

If you believe your child has provided information to AHRAS:

  • Contact us immediately at support@stviga.com
  • Provide your child's name and email address
  • We will verify the request and delete the information promptly
  • We will close the account and prevent further use

10.4 School or Educational Use

If AHRAS is used in an educational setting:

  • Schools must obtain appropriate parental consent
  • Schools act as the data controller for student data
  • We process student data as a service provider under the school's direction
  • Schools are responsible for complying with FERPA and other educational privacy laws

11. Third-Party Services

11.1 Third-Party Links

AHRAS may contain links to third-party websites, platforms, or services. We are not responsible for:

  • The privacy practices of these third parties
  • The content on external websites
  • How these services handle your information
  • Security of third-party platforms

Examples of Third-Party Links:

  • Links to job posting platforms (LinkedIn, DOU.ua, HeadHunter)
  • Links to documentation or help resources
  • Links to social media platforms

Recommendation: Review the privacy policies of any third-party services you visit.

11.2 Third-Party Integrations

If you connect AHRAS with third-party services:

  • Those services may access information from AHRAS according to their permissions
  • Those services have their own privacy policies and terms of service
  • You control what data is shared through integration settings
  • You can revoke integrations at any time through your account settings

Current Integrations:

  • Google Sign-In (authentication)
  • Apple Sign-In (authentication)
  • Payment processors (Stripe)

11.3 Authentication Provider Privacy Policies

Your use of authentication services is governed by:

  • Google Privacy Policy: https://policies.google.com/privacy
  • Apple Privacy Policy: https://www.apple.com/legal/privacy/
  • Google OAuth scopes: We only request basic profile information (name, email)
  • Apple Sign-In: Supports privacy relay email addresses

You can manage or revoke AHRAS's access through your Google or Apple account settings.

12. Changes to This Privacy Policy

12.1 Updates

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices or features
  • Changes in applicable laws and regulations
  • New technologies or security measures
  • User feedback and industry best practices

12.2 Notification of Material Changes

When we make material changes:

  • We will update the "Last Updated" date at the top
  • We will notify you via email at least 30 days before changes take effect
  • We will display a prominent notice on the Service
  • For significant changes affecting your rights, we may ask for your explicit consent

What constitutes a "material change":

  • Changes to how we share your information
  • New types of data collection
  • Changes to data retention periods
  • Reduced privacy protections
  • New uses of your data beyond the original purposes

12.3 Your Acceptance

Your continued use of AHRAS after changes take effect constitutes acceptance of the updated Privacy Policy.

If you do not agree with changes:

  • Stop using the Service
  • Contact us to discuss your concerns
  • Close your account (data will be deleted according to Section 7)

12.4 Version History

We maintain a version history of this Privacy Policy:

  • Current version: 1.0 (December 6, 2025)
  • Previous versions are available upon request

13. Contact Us

13.1 Privacy Questions and Requests

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: support@stviga.com

Subject Line: "Privacy Inquiry" or "Data Rights Request"

Website: ahras.io

Support Page: ahras.io/support

Mailing Address:

STVIGA LLC

Attn: Privacy Officer

Algirio g. 92

Vilnius, LT-09300

Lithuania

13.2 Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer:

Email: dpo@stviga.com

Subject Line: "GDPR / Data Protection Inquiry"

Our DPO is available to:

  • Answer questions about GDPR compliance
  • Assist with exercising your GDPR rights
  • Address complaints about data processing
  • Coordinate with supervisory authorities

13.3 EU Representative

For users in the European Union, you can contact us at our EU office:

STVIGA LLC

Algirio g. 92

Vilnius, LT-09300

Lithuania

Email: eu-representative@stviga.com

13.4 Response Time

We will respond to your privacy inquiries within:

  • 30 days for general questions
  • 30 days for data rights requests (GDPR/CCPA)
  • 45 days for complex requests (we'll notify you if we need extra time)
  • 72 hours for data breach notifications

13.5 Escalation

If you're not satisfied with our response:

  • Request escalation to our Privacy Officer
  • Contact your local data protection authority
  • For EU users: File a complaint with your supervisory authority

Appendix: Definitions

Personal Information: Information that identifies, relates to, describes, or can be reasonably linked to you. Also referred to as Personal Data under GDPR.

Aggregate Information: Statistical data derived from multiple users that cannot be used to identify any individual.

Anonymized Data: Data that has been processed to remove all personally identifiable elements and cannot reasonably be re-identified.

Cookies: Small text files stored on your device by websites you visit, used for authentication, preferences, and analytics.

Data Controller: The entity (STVIGA LLC) that determines the purposes and means of processing personal data.

Data Processor: An entity that processes personal data on behalf of the data controller (e.g., our service providers).

Data Subject: An identifiable natural person (you, the user).

GDPR: General Data Protection Regulation, the primary data protection law in the European Union.

CCPA: California Consumer Privacy Act, California's data protection law.

CPRA: California Privacy Rights Act, an amendment to the CCPA.

OAuth: Open Authorization, a standard for token-based authentication (used for Google/Apple Sign-In).

PCI-DSS: Payment Card Industry Data Security Standard, requirements for handling payment card information.

TLS/SSL: Transport Layer Security / Secure Sockets Layer, encryption protocols for secure data transmission.

Effective Date: December 6, 2025

Version: 1.0

Your Consent

By using AHRAS, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

If you do not agree with this Privacy Policy, please do not use AHRAS.