Skip to main content

Privacy Policy

Last updated:

1. Introduction

Carcosa R&D AB (“we”, “our”, “us”) operates Aquilo, a platform for browsing senior leadership positions collected from Swedish and Scandinavian recruitment firms. Aquilo consists of:

  • The Aquilo app (aquilo-web): The authenticated interface where you search and browse job listings
  • Our backend (aquilo-ng): Stores and serves job data via a REST API
  • This website: aquilo.carcosa.se, with product information and legal pages

This Privacy Policy explains how we collect, use, and protect your personal data.

2. Data We Collect

Account Information (from Google OAuth)

When you sign in with Google, we receive and store:

  • Email address (required for authentication)
  • First and last name
  • Profile picture URL
  • Google ID (used to link your account)

We do not receive or store your Google password.

Usage Data

  • Pages visited within the application
  • Search filters applied
  • IP address (for security and abuse prevention)

Client-Side Storage

The web app stores a JWT token and basic user info in your browser’s local storage to keep you logged in across sessions. See our Cookie Policy for details.

3. How We Use Your Data

We use your data to:

  • Authenticate your identity via Google OAuth and JWT
  • Provide access to job listing search and browsing
  • Improve the service based on usage patterns
  • Enforce fair use (rate limiting, abuse prevention)

We do not:

  • Sell your personal data
  • Share your data with third parties for marketing
  • Store or process the content of job listings you view beyond what is needed to render the page

4. Job Listing Data

Aquilo collects job postings from publicly accessible recruitment firm websites. This data includes job titles, descriptions, contact information published by the recruiter, and employer names. We do not collect personal data about job applicants.

5. Data Storage and Security

  • Database: PostgreSQL hosted on neon.tech in the EU
  • Backend: Hosted in the EU

We use industry-standard encryption for data in transit (HTTPS, TLS) and at rest.

6. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data
  • Withdraw consent

To exercise these rights, contact us at privacy@carcosa.se.

7. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, we will remove your data within 30 days.

8. Cookies and Local Storage

We use local storage (not cookies) for authentication in the web app. During Google sign-in, temporary state cookies are used server-side for the OAuth redirect flow only. We do not use tracking cookies or third-party analytics.

See our Cookie Policy for details.

9. Changes to This Policy

We may update this policy. We will notify you of significant changes via email or in-app notice.

10. Contact

For privacy inquiries: privacy@carcosa.se

Carcosa R&D AB Sweden