Effective May 23, 2026
This Privacy Policy explains how IamLadi s.r.o. (“selfunderstand,” “we,” “us”) collects, uses, discloses, retains, and protects personal data when you use the selfunderstand website and application (the “Service”). It applies in addition to our Terms of Service and the data-processing consent you grant before starting the assessment.
The controller of your personal data is IamLadi s.r.o., IČO 09877169, č.p. 332, 739 45 Fryčovice, Czech Republic, registered at Krajský soud v Ostravě, C 84636, contactable at ladi@iamladi.com. For purposes of the EU General Data Protection Regulation (“GDPR”) and the UK GDPR, we are the controller for personal data processed in connection with the Service. We have not appointed a data protection officer; you may direct privacy inquiries to the contact address above.
We do not knowingly collect special categories of personal data (such as racial or ethnic origin, political opinions, religious beliefs, health, sex life, or sexual orientation). If you choose to disclose such data in free-text responses you do so voluntarily; please avoid doing so unless necessary, as the Service is not designed to process special-category data.
We collect data (a) directly from you when you sign in, grant consent, and converse with the Service; (b) automatically when you use the Service (operational telemetry); and (c) from Google via Clerk for the limited purpose of authenticating you. We do not buy personal data and do not enrich your profile from data brokers.
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide the assessment and generate your report | Performance of contract (Art. 6(1)(b)) |
| Persist transcripts and scores for return visits | Performance of contract (Art. 6(1)(b)) |
| Process free-text assessment content via LLM providers | Explicit consent (Art. 6(1)(a)) recorded at /consent |
| Cross-border transfer of personal data to the United States | Explicit consent (Art. 6(1)(a)) and, where applicable, Standard Contractual Clauses / Data Privacy Framework |
| Secure the Service, prevent abuse, and debug errors | Legitimate interests (Art. 6(1)(f)) in maintaining a functional, secure product |
| Aggregate, de-identified analysis to improve scoring accuracy | Legitimate interests (Art. 6(1)(f)); de-identified outputs cannot be re-associated to you |
| Respond to your inquiries and data-subject requests | Legal obligation (Art. 6(1)(c)) and legitimate interests |
| Comply with applicable law and respond to lawful requests | Legal obligation (Art. 6(1)(c)) |
Where processing is based on consent, you may withdraw it at any time by deleting your account from Settings → Data or by emailing ladi@iamladi.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
We share personal data with the following sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Convex, Inc. | Application database, server functions, file storage | United States (US East) |
| Clerk, Inc. | Authentication and identity management | United States |
| Google LLC | Google Sign-In (OAuth identity provider) | United States |
| OpenRouter, Inc. | LLM routing gateway used to access the model providers below | United States |
| Anthropic, PBC | Claude (Sonnet, Haiku) inference for the interviewer, scorer, and assistant | United States |
| Google LLC | Gemini inference for the moderation/fast-path agent (separate from Google Sign-In above) | United States |
| Cloudflare, Inc. | Edge hosting, TLS, and DDoS protection for the web application | Global edge network |
We contractually require sub-processors to safeguard personal data and to process it only on our instructions. We do not sell or rent personal data, and we do not share it with advertisers. We may disclose personal data when required by law, to enforce our agreements, to protect rights, property, or safety, or in connection with a corporate transaction (in which case the acquirer will be bound by this Policy or one substantially similar).
Your personal data is processed and stored in the United States. If you access the Service from the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction with data-export restrictions, this constitutes a cross-border transfer. We rely on (a) your explicit consent recorded at /consent, (b) the EU-US Data Privacy Framework where the relevant sub-processor is certified, and (c) Standard Contractual Clauses approved by the European Commission where applicable. You may obtain a copy of the transfer mechanism applicable to a given sub-processor by emailing ladi@iamladi.com.
We retain your account data for as long as your account is active. You may delete your account and associated data at any time from Settings → Data or by emailing ladi@iamladi.com. A deletion request removes your account, transcripts, scores, goals, and usage history within 24 hours via an automated cascade. Backups managed by our sub-processors may retain residual copies for the period stated in their published policies; we do not separately back up personal data outside those systems. Aggregated, de-identified statistics that cannot be re-associated to you may be retained for the purpose of improving the Service.
We use industry-standard administrative, technical, and physical safeguards to protect personal data, including encryption in transit (TLS 1.2+) and at rest, least-privilege access controls, audit logging, dependency scanning, secret-leak detection, and regular review of sub-processor security postures. No system is perfectly secure; you use the Service at your own risk and should choose a strong, unique credential for your Google account.
Subject to applicable law, you have the right to:
To exercise these rights, use the in-product controls at Settings → Data (export and account deletion) or email ladi@iamladi.com for any other request, including access, correction, restriction, objection, or withdrawal of consent. Settings → Consents is provided as a read-only history of the consents you have granted. We will respond within 30 days and may need to verify your identity before fulfilling certain requests.
If you are a California resident, you have the rights to know, delete, correct, and limit the use of sensitive personal information, and to opt out of the “sale” or “sharing” of personal information as those terms are defined under the CCPA. We do not sell personal information and do not share it for cross-context behavioral advertising. You may exercise these rights by emailing ladi@iamladi.com. We will not discriminate against you for exercising your rights.
The Service uses only strictly necessary cookies and local-storage entries required for authentication (set by Clerk) and to maintain session state (set by Convex). We do not set advertising, analytics, or cross-site tracking cookies. Because all cookies are strictly necessary, no consent banner is presented; if we ever introduce non-essential cookies we will request your consent first.
The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If we learn that we have collected data from a child under 16, we will delete it. Parents and guardians who believe their child has provided us data should contact ladi@iamladi.com.
The Service uses large language models to produce questions, scores, and reflections. These outputs are advisory and informational. We do not use them to make decisions that produce legal or similarly significant effects about you within the meaning of GDPR Article 22. We do not use the contents of your transcripts to train third-party foundation models, and our agreements with LLM providers prohibit them from doing so with your conversation content.
We may update this Policy from time to time. If we make material changes, we will notify you by email and via an in-product notice at least 14 days before the changes take effect, and where required by law we will re-request consent. The “Effective” date at the top reflects the latest revision; prior versions are available on request.
Questions, requests, or complaints? Email ladi@iamladi.com.