We're built for the AI Act, not retrofitted to it.
ResuVolt is an AI system used in the employment context — Annex III, paragraph 4 of the EU AI Act classifies this as high-risk. Below is our public, dated posture on every relevant requirement, so universities, public-sector buyers, regulators, and users can verify our claims before trusting us with their data.
Last updated: · Reviewed by founder Domantas Kazlauskas
What this page is — and what it is not
This is a public compliance posture, not a formal conformity assessment under Article 43 of the EU AI Act. We commit to publishing a third-party-reviewed conformity assessment before EU AI Act enforcement applies to in-market high-risk systems used by ResuVolt customers.
This page is dated. It is accurate as of . We update it as our system, our infrastructure, and the regulatory landscape evolve. If you find an inaccuracy, email labas@resuvolt.com and we will correct it.
How we meet each requirement
1. Risk management system (Art. 9)
Documented- •Internal risk register reviewed at every release.
- •Identified risks: hallucination on Lithuanian/Baltic names, JD-scraping over-confidence, locale-specific GDPR clause omission, age-discrimination via photo handling.
- •Each risk has a documented mitigation: prompt-level guardrails, post-output validation, locale-aware GDPR clause injection, photo handling per country (DACH yes / Anglo no).
- •Risk register reviewed before each production deploy. Major changes are documented in a CHANGELOG visible to enterprise customers.
2. Data and data governance (Art. 10)
Documented- •Training data: we do not train our own foundation model. We use Anthropic Claude Haiku 4.5 via API. Their data governance is documented at anthropic.com.
- •Fine-tuning data: prompt-level only, not weight-level. All prompts are under version control in our public-on-request repo.
- •Inference data: user CV + JD. Stored on Supabase EU (Frankfurt, eu-central-1). Encrypted at rest. Never used to train a third-party model. Never sold.
- •Test data: we maintain a regression set of 50+ Lithuanian/Latvian/Estonian/Polish CVs and JDs. Failures on this set block deploys.
3. Technical documentation (Art. 11, Annex IV)
In progress- •Versioned prompt files in /src/lib/ai.ts — every change tracked in git.
- •Model card published at /ai-act-compliance/model-card (link below) — to be expanded ahead of formal enforcement.
- •System architecture diagram available on request to enterprise/B2B/B2G customers under NDA.
- •Performance metrics: median match-score MAE, 95th-percentile latency, hallucination rate on test set — published quarterly.
4. Transparency (Art. 13)
Live in product- •Every CV that ResuVolt generates carries a clear watermark in the source: 'Drafted with ResuVolt AI (resuvolt.com/ai-act-compliance) — review before submission'.
- •Match-score explainability: each numerical match score is paired with a 'why' breakdown showing which CV elements contributed and which are missing.
- •Model identity disclosed in our /privacy and /terms: Anthropic Claude Haiku 4.5.
- •Users can read the prompt template that produced their tailored CV at any time via the in-app 'Show prompt' link on every result page.
5. Human oversight (Art. 14)
Built in by design- •ResuVolt is assisted-apply, never auto-apply. Every CV is reviewable in plain text + diff form before download.
- •No application is ever submitted to an employer without explicit human action — we do not click 'submit' for the user.
- •Edit-after-generation is encouraged via in-product copy. The 'Tailored' result is positioned as a draft, not a final document.
- •For institutional B2B customers (universities, PES), human-oversight reports are part of the standard dashboard.
6. Accuracy, robustness, cybersecurity (Art. 15)
Tested- •Accuracy: regression test set of 50+ Baltic CVs + JDs runs on every deploy. Median match-score MAE target: <8 points (0–100 scale).
- •Robustness: adversarial test cases for Lithuanian/Polish character handling, very long CVs (>5K chars truncated cleanly), and ATS edge cases.
- •Cybersecurity: Supabase RLS enforced on all user tables (audited 2026-05). Stripe webhook signature verification. No PII in client-side localStorage beyond user-explicit caches.
- •Incident response: any user can email labas@resuvolt.com about a quality or security concern; we commit to a 72-hour first response.
7. GDPR + AI Act dual compliance
Live- •Lawful basis (Art. 6 GDPR): contract performance for users, legitimate interest for aggregate analytics.
- •Data subject rights: users can export all their data via /settings (GDPR Art. 15) and delete their account (GDPR Art. 17) in one click.
- •EU hosting: Supabase eu-central-1 (Frankfurt). DPA on file (verify in Supabase dashboard).
- •AI Act + GDPR overlap: where AI Act human-oversight requirements exceed GDPR, we apply the stricter standard. Where they conflict (rare), we document the reasoning.
- •User-pasted JD content: we cache only the JD text the user explicitly pastes; we strip recruiter PII (emails, phone numbers, names) before storing.
How we compare
Most career-AI tools were designed before the EU AI Act drafting. Below is an objective public-record check.
| Capability | Typical US tool | ResuVolt |
|---|---|---|
| Public AI Act posture | None | This page |
| EU data residency | US default | Supabase eu-central-1 |
| Model identity disclosed | Often opaque | Anthropic Claude Haiku 4.5, in /privacy |
| Match-score explainability | Score only | Score + why-breakdown |
| Auto-apply | Sometimes yes | No, by design |
| Locale-specific GDPR clause | Generic or absent | Per country, automatic |
| Lithuanian / Baltic test set | Not present | 50+ CVs in regression suite |
Comparison reflects common limitations of US-built career tools as of 2026-05-01. We will update this table in response to factual corrections.
AI Act inquiries
Public-sector buyers, university procurement officers, journalists, and regulators: write to us at the address below for any AI Act, GDPR, or compliance question. We commit to a 72-hour first response.
labas@resuvolt.comFounder: Domantas Kazlauskas, Vilnius, Lithuania.