We are introducing and announcing major updates to privacy and security on our platforms.

We’re introducing major updates to privacy and security across our platforms

For the past ten years, we’ve built platforms, apps and experiences that help Europeans move, whether that’s for work, education or a fresh start. Salary Insights helps you understand compensation across borders. mEUvy lets you compare countries, cities and neighborhoods on what actually matters: cost of living, safety, housing, LGBTQ+ visibility and more. EUorigin for Vision Pro immerses you in the stories of EU innovators. EUnify (coming soon) will do the same for students navigating education across Europe. And CUEB.ES is our online community, a space for collaboration with social features and productivity tools built in.

Everything we’ve created has been built with privacy and security at its core. Today, we’re announcing what we will do in the near and distant future to take that commitment further.

Our philosophy: your data stays yours

At vaic.at, we believe empowering you means keeping you in control. That’s why everything runs on your device. Your data is processed and stored locally unless you explicitly choose otherwise. Sharing is opt-in, not opt-out. AI and automation run offline, in your hands. Your profile, preferences and personal details are encrypted on your device and never shared with us without your consent.

This isn’t a policy we adopted recently. It’s how we’ve operated from the start, built on nearly a decade of helping talent navigate careers and life across Europe.

Why this matters

There are serious reasons why we take this approach.

The first is geopolitical. State-sponsored groups outside Europe are actively looking for ways to understand and exploit tensions within European societies. A centralised database of where people want to live, why they want to leave, and what they’re looking for would be a valuable target. We refuse to build that target.

The second is commercial. Over the past ten years, our servers have logged 5,267 attempted attacks, groups trying to access user data. Our defence has held, but our best protection has always been simple: they can’t hack data we don’t store.

We know this framing might feel alarming. But we think it’s time to be honest about what’s at stake when personal data gets scattered across the web. These aren’t hypothetical risks. They’re the reason we’ve built everything the way we have.

What’s changing: unprecedented threats require unprecedented safeguards

Our current protections work well against today’s threats. But the landscape is shifting. We’re seeing new techniques—analysis of encrypted package sizes to infer metadata, for example, that didn’t exist a few years ago. These methods are expensive now, but that won’t last. Once a technique exists, it spreads.

So we’ve been working on something we internally call UPPSS (Unprecedented Precautionary Privacy and Security Safeguards). It required us to rethink encryption, red-teaming, cyber resilience and access management from scratch. Some of these changes will be popular. Some might not be. But we believe they’re non-negotiable if we want to protect our users in the years ahead.

Here’s what we’re introducing.

A. Profile Access Keys

Profile Access Keys are temporary, single-use keys that let you share specific data with specific people for a limited time.

Say you’re on a call with one of our recruiters. They can request access to your CV. You approve it, set a timer, and they can see it, but only during that session. When the timer runs out (or you revoke access), the data disappears from their view. You control what’s shared, with whom, and for how long. Every key works once and is auto-generated.

This means you can use our services fully without ever giving permanent access to your information.

B. Profile Clips and the new Profile Drafter

We’ve redesigned how you create your account and profile. The new Profile Drafter makes it clear—field by field—what will be shared and what won’t. You can adjust these settings on almost every input.

The shared version of your profile is called a Profile Clip. It contains only what’s needed to help our partners match you with opportunities:

• Screen name
• City preferences
• Reasons for moving
• Job, study or traineeship preferences
• Hard and soft skills
• Visa sponsorship preferences

Optionally, you can add an email address (we recommend Apple’s Hide My Email), or links to profiles like GitHub, Stack Overflow or ResearchGate, though linking to external platforms can reduce your privacy.

The idea is simple: share the minimum needed to find a match. Only when you’ve found something worth pursuing does a full profile come into play.

C. Rotational Content Deletion

By default, our servers will now delete your personal data every two weeks.

This includes things like job applications, CVs, phone numbers and surnames. If the data isn’t actively in use, meaning you haven’t issued a Profile Access Key for it, it gets removed automatically.

Here’s how it works in practice:

Example 1: You apply for a job through mEUvy. Your data moves off-platform to the partner’s applicant tracking system. Once that transfer is complete, we delete the application data from our servers. Done.

Example 2: You’re exploring traineeships on EUnify. You upload your data and share a Profile Access Key with a university. When that key expires, you’ll be prompted to renew it. If you don’t, the data stays until the two-week mark, then gets deleted.

Common questions:

What if I’m in the middle of a hiring process or relocation? Our partners have two weeks to respond. In most cases, moving forward means consenting to send your data to their systems (like an employer’s ATS), at which point we no longer need to store it. The two-week window covers the matching phase.

Will I lose my data? No. Everything remains stored on your device. If you engage with another service later, you can consent to re-share seamlessly. In Account Settings, you can turn off “Consent to Server Side Renewal” to automate this process. The only way to lose data permanently is to delete it from your device after it’s already been removed from our servers.

Is all data deleted every two weeks? No, only private and personal data. Things like your city preferences, saved searches and app settings remain intact.

Can I delete my data sooner? Always. Go to Account Settings > Remove Identifiable Data in any of our services.

Can I opt out of the two-week cycle? Yes. You can disable it anytime in Account Settings. Our original data retention policy (one year) still applies as the maximum.

We know this system might take getting used to. We’re actively seeking feedback from our community and will keep refining the experience to reduce friction while keeping privacy and security at the very top of our priorities.

What’s coming next

Right now, our apps work by downloading all technically-relevant datasets directly to your device, including service data you might never actually use. All processing happens locally, which guarantees your privacy when the app handles sensitive requests. The server never knows what you’re looking for because it never processes your queries.

This approach works well at our current scale, but it won’t forever. As our databases grow, downloading everything becomes impractical. To future-proof our apps and services, we need to rethink how data moves between you and our servers, without compromising privacy.

That’s why we’re working on a major server migration to a new architecture designed to take our security even further. We’re starting with protocols and systems that will enable End-to-end Encryption, Private Information Retrieval (PIR), followed by Private Nearest Neighbor Search (PNNS). This will allow to hide queries to our servers, do private profile match and much more.

Our dream for the next 10 year-chapter of our company is to eventually bring homomorphic encryption, a technique that allows computations on encrypted data without ever decrypting it, to all of our apps and services. We will attempt to built this based on Apple’s open-source swift-homomorphic-encryption library, the same technology Apple uses in iOS for privacy-preserving features like Live Caller ID Lookup. It’s early days, and this work is still very much in development, but we believe it represents the future of how private data should be handled in the cloud.

We are very honest here. This project is huge and we are not claiming to have all this ready tomorrow. But we will do whatever we can to get closer to this dream each and every day. Therefore we are also migrating to Swift Server as part of this infrastructure overhaul.

We’ll share more details as these systems mature. For now, we wanted to be upfront about where we’re headed, even when the destination is still being built.

Our commitment

The (digital and online) world is changing fast. So are we.

What we’ve shared today mainly covers the user-facing updates: new controls, new defaults, new ways to limit exposure. We promise to do our best to make this solution as solid as we possibly can. The infrastructure work happening behind the scenes is the biggest technical challenge we’ve taken on. We look forward to sharing more when those systems are live.

In the meantime, stay tuned here in our Journal. And thank you for helping us keep the most powerful suite of European mobility tools private and secure.