P
PayQare

Privacy Policy

Last updated: April 2, 2026

1. Data Controller

Seastream Media Europe SRL, registered at Pegasuslaan 5, 1831 Diegem, Belgium (VAT: BE 0744.730.564), is the data controller for the processing of personal data through the PayQare platform. For any questions regarding this policy, contact us at privacy@seastreammedia.com.

2. Data We Collect

We collect the following categories of data: - Account data: name, email address, company name, country, role. - Employee data: names, job titles, seniority levels, hire dates, years of experience, salary information, and benefits. This data is entered by you and processed solely to provide the equity analysis service. - CV documents: PDF files uploaded for candidate analysis. These are processed by AI and stored temporarily. - Usage data: pages visited, features used, session duration, device and browser information. - Payment data: processed by Stripe; we do not store credit card numbers.

3. How We Use Your Data

We process your data for the following purposes: - Providing the Service: equity analysis, salary recommendations, CV analysis, data export. - Account management: authentication, subscription management, customer support. - Service improvement: aggregated, anonymized analytics to improve features. - Communication: transactional emails (account confirmation, subscription changes, data retention notices). - Legal compliance: responding to legal obligations, protecting our rights. We process data based on: (a) contract performance (providing the Service you subscribed to); (b) legitimate interest (service improvement, security); (c) legal obligation (tax, anti-fraud); (d) your consent (marketing communications, if applicable).

4. AI Processing

CV analysis uses Anthropic's Claude API to extract structured information from uploaded documents. Documents are transmitted to Anthropic's servers for processing and are not retained by Anthropic beyond the processing request. AI outputs are generated in real-time and stored in your PayQare account. We do not use your data to train AI models. Anthropic's data handling practices are described in their privacy policy at anthropic.com/privacy.

5. Data Sharing

We share data with the following categories of third parties, strictly as necessary to operate the Service: - Supabase (database hosting and authentication) - EU region. - Anthropic (AI processing for CV analysis) - US, with appropriate safeguards. - Stripe (payment processing) - certified EU-US Data Privacy Framework. - Vercel (hosting) - with edge functions in EU where possible. We do not sell your personal data. We do not share your data with advertisers. We may disclose data if required by law or to protect our legal rights.

6. Data Retention

- Active accounts: data is retained for the duration of your subscription. - After cancellation: data is retained for 90 days (grace period) during which you can reactivate your account. After 90 days, all company data (employees, analyses, adjustments) is permanently deleted. - Account data (email, name) may be retained for up to 12 months after deletion for legal and tax purposes. - Payment records are retained as required by Belgian tax law (7 years). - Usage logs are retained for 90 days.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to: - Access: request a copy of your personal data. - Rectification: correct inaccurate data. - Erasure: request deletion of your data (subject to legal retention requirements). - Portability: receive your data in a structured, machine-readable format. - Restriction: restrict processing in certain circumstances. - Objection: object to processing based on legitimate interest. - Withdraw consent: where processing is based on consent. To exercise these rights, email privacy@seastreammedia.com. We will respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorite de protection des donnees).

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including: encryption in transit (TLS 1.3) and at rest, row-level security in our database, regular security audits, access controls and authentication, and secure handling of API keys and credentials. While we take reasonable precautions, no system is 100% secure. We will notify affected users and relevant authorities within 72 hours in the event of a data breach, as required by GDPR.

9. International Data Transfers

Your data is primarily stored in the EU (Supabase EU region). When data is transferred outside the EU (e.g., for AI processing via Anthropic), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions where available.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. Continued use of the Service after changes constitutes acceptance.

12. Contact

Seastream Media Europe SRL Pegasuslaan 5 1831 Diegem, Belgium VAT: BE 0744.730.564 Data protection contact: privacy@seastreammedia.com