Plain English. No fine print.
This policy explains what we do with your information when you use PositionMeAI. If something here isn’t clear, email us at hello@positionmeai.com.
01Who we are
PositionMeAI is a service operated by De Vlamingh & Associates Consulting (“we”, “us”, “our”), a close corporation registered globally. We are the Responsible Party under the Protection of Personal Information Act (GDPR/CCPA, Act 4 of 2013).
Our registered email for data queries: hello@positionmeai.com
02What we collect, and why
We collect only what we need to provide the service you’ve asked for. We don’t sell your data, and we don’t share it with advertisers.
When you take a Career Scan
When you complete a Scan (Career Launch, Shift, Evolve, Return, FuturePath, or the readiness check-in), your answers are processed in your browser to generate your Career Report. We do not see these answers unless you choose to share them with us.
When you ask for your report by email or download
If you ask us to email you your report, or to download a PDF that we send, we collect:
- Your email address
- Optionally, your first name (if you provide it)
- The summary of the report you generated
- The date and time of submission
We use this only to send you the report and, with your consent, occasional updates about new Foundations or Playbooks. You can unsubscribe at any time using the link in any email.
When you request Foundations access
When you submit the CareerLaunch Bundle application form (or the Foundations Training access form, which routes to the same Bundle application), we collect:
- Your first name and surname
- Your email address
- Your selected career stage
- The optional context paragraph you provide
- Your optional Foundation-of-interest or context selection
We use this to respond to your application within 2 business days with whether it’s a fit for the founding cohort, the secure Stripe payment link if appropriate, and any clarifications.
When you apply for a 1:1 Consultation
When you submit the Consultations apply form (or email us directly), we hold whatever you write in your application. We use it only to respond to your application, propose an associate match, and to prepare for any session you book. We share the relevant parts of your application with the proposed associate to assess fit; we don’t share it more widely.
When you pay for the Bundle via Stripe
When you make a payment via Stripe, PositionMeAI never sees your card details, banking information, or any other payment-instrument data. Stripe is a payment processor regulated by the Reserve Bank and is independently GDPR- and CCPA-aware. Stripe holds your payment data under their own privacy policy; we hold only the confirmation that a payment was made, the amount, the transaction reference, and the email associated with the purchase — for accounting, customer service, and to grant you Bundle access.
When you use the AI-assisted features
See Section 7 below — these features have their own handling because they involve a third-party AI processor.
What we do not collect
We do not collect:
- Your ID number, address, banking details, or other sensitive personal information, unless you specifically include them in something you send us
- Information about you from third-party data brokers
- Detailed device tracking, advertising IDs, or social-graph data
03What we store on your device (localStorage and cookies)
We use browser localStorage to remember your progress across the site — for example, which page of a Playbook you were on, your personalisation choices on a Playbook, and the answers you’ve given so far in a Scan you haven’t finished.
This data lives on your device only. It is not transmitted to us. You can clear it at any time using your browser’s “clear site data” function.
We do not use third-party advertising cookies. The site uses essential cookies and Cloudflare’s standard hosting cookies for security and performance.
Optional — anonymised platform insights. At the start of the Career Report you may tick an opt-in checkbox allowing us to use your anonymised answers to surface platform-wide patterns (e.g. which career directions cluster with which capability profiles, where SA users score strongest or weakest, how Foundations Training is engaged with). If you tick this, the data is stripped of your name and email at source and used only for product insight and aggregated trend reporting — never sold, never shared with third parties, never used for academic publication without separate explicit consent. If you don’t tick it, nothing leaves your device. Either way, the Report works identically and you receive the same results.
04How long we keep what we collect
| What | How long |
|---|---|
| Email and report data you’ve submitted | Until you ask us to delete it, or 3 years from your last interaction with us, whichever is sooner |
| Bundle / Foundations Training applications | 12 months from submission, then archived for record-keeping for a further 12 months |
| Consultations applications and session correspondence | While the consulting relationship is active, plus 5 years after final contact (consistent with professional-practice record-keeping standards) |
| Stripe payment confirmations & access records | 5 years from the transaction date (consistent with SARS record-keeping requirements) |
| Browser localStorage | Until you clear it |
You can ask us to delete your data sooner. See Section 9 for how.
05Who we share your information with
We use a small number of third-party processors to deliver the service. We have contractual relationships with each, and they process your data only on our instructions.
| Processor | Location | What they do |
|---|---|---|
| Brevo SA (Sendinblue) | France / EU | Email delivery, contact management, marketing automation. Trust Center |
| Cloudflare, Inc. | United States | Web hosting, content delivery, security. Privacy Policy |
| Anthropic PBC (AI-assisted features only) | United States | AI processing for the CV generator and other AI-assisted features. Trust Center |
We do not share your information with any third party for advertising, marketing, or commercial purposes outside of what you’ve directly asked us to do.
We may disclose information if we are legally required to (for example, in response to a lawful court order or to comply with a regulatory request) or if we believe disclosure is necessary to prevent imminent harm. We will tell you about such disclosure where we are legally able to do so.
06International transfers of your information
Some of our processors (Cloudflare, Anthropic) are based in the United States, and Brevo is based in the European Union. This means your information is transferred outside your country of residence.
We rely on Section 72 of GDPR/CCPA for these transfers. In plain terms, the transfer is permitted because:
- It is necessary to perform the service you have asked us for, or
- The receiving party is subject to laws or contractual obligations that provide a level of protection substantially similar to GDPR/CCPA (the EU’s GDPR meets this test; we have contractual data-processing terms with our US processors that include GDPR/CCPA-aligned commitments)
If you do not want your information transferred internationally, we cannot provide the service. Email us and we will delete any information we already hold.
07AI-assisted features (the CV Generator and similar)
Where you use one of our AI-assisted features — currently the CV Generator — the information you enter is transmitted to our AI processor, Anthropic PBC (United States), under a commercial Data Processing Agreement.
In plain terms:
- Anthropic does not train Claude on data sent through their commercial API. Your CV is not absorbed into the model.
- Anthropic automatically deletes inputs and outputs from their backend within 30 days of receipt or generation. This is their standard commercial API retention as of March 2026.
- Exception: if Anthropic flags a session for a Usage Policy violation, or is required by law to retain it, they may keep the input and output for up to 2 years. This applies to all commercial API customers, including us.
- We do not retain a copy of the input or the generated output on our servers. The output is delivered to your browser session for you to download.
A few things you can do to reduce what leaves your device when using AI-assisted features:
- Use initials instead of full names for past employers and references
- Don’t include your ID number, address, or date of birth on the CV at all — SA employers should not be asking for them at application stage
- Write your draft yourself and use the AI only to polish sections
If you don’t want to use AI for any of this, our non-AI Foundations cover the same craft (CV, positioning, interview preparation) without any external AI processing involved.
08Children
PositionMeAI is built for adults entering or navigating the workforce. We do not knowingly collect information from anyone under the age of 18 without verifiable parental or guardian consent.
The Education Pathway Guide is intended for use by Year 11 and 12 learners (typically 16–18 years old). It runs entirely in the browser and does not transmit personal information to us unless the learner specifically chooses to send their results to themselves by email. We recommend learners under 18 use this feature with a parent or guardian present.
If you believe a person under 18 has provided us with personal information without appropriate consent, contact us immediately at hello@positionmeai.com and we will delete it.
09Your rights under GDPR/CCPA
Under GDPR/CCPA, you have the right to:
- Confirm whether we hold any personal information about you
- Access the personal information we hold about you
- Correct information that is inaccurate, out of date, or incomplete
- Delete information that we no longer have a lawful basis to hold
- Object to processing of your information for direct marketing purposes
- Withdraw consent for any processing you previously agreed to
- Lodge a complaint with the Information Regulator if you believe we have not handled your information lawfully
To exercise any of these rights, email hello@positionmeai.com with “Data request” in the subject line. We will respond within 30 days as required by GDPR/CCPA, and faster wherever we can.
You can contact the Information Regulator directly at:
Your Local Data Protection Authority
Refer to your country's data protection regulator (e.g. ICO in the UK, Data Protection Commission in Ireland, EDPB in the EU, FTC in the US, OAIC in Australia)
Telephone: +27 (0) 10 023 5200
Email: complaints.IR@justice.gov.za
Website: inforegulator.org.za
10Security
We use industry-standard measures to protect your information, including:
- Encrypted connections (HTTPS) across the whole site
- Contractual data-processing terms with each of our third-party processors
- Access controls on any system that holds your personal information
- No storage of CV data or scan answers on our servers (these stay in your browser or with your AI processor of choice)
No system is perfect. If we ever become aware of a breach that puts your information at risk, we will notify you and the Information Regulator as required by GDPR/CCPA.
11Changes to this policy
We may update this policy as the platform grows. When we make material changes (for example, adding a new processor or a new AI-assisted feature), we will:
- Update the “Last updated” date at the top
- Notify subscribers by email if the change is significant
- Keep an archive of previous versions available on request
Small wording or formatting updates that don’t change the substance of the policy will not trigger a notification.
12Contact us
For any question about this policy, your information, or how we handle it:
De Vlamingh & Associates Consulting
Email: hello@positionmeai.com
Subject line: “Data query” or “Privacy”
We respond to every email. If you don’t hear back within 5 working days, please resend — emails sometimes go astray.