Privacy Policy

• Account data: your name, email address, and password (hashed) when you sign up.
• Resume content: the résumé text and structured data you upload or enter.
• Job postings: the job posting URLs or text you provide when generating documents.
• Generated documents: the AI-generated résumé, cover letter, and CV PDFs stored in your history.
• Profile photo: if you choose to upload one for CV generation.
• Payment data: handled entirely by Stripe — we never see or store your card details.
• Usage data: which plan features you use and when, to enforce plan limits and improve the Service.

• To provide, operate, and improve the Service.
• To generate your résumé documents using AI (your content is passed to our AI provider — see §4).
• To enforce plan limits and process payments.
• To send transactional emails (account confirmation, password reset).
• We do not sell your personal data to third parties.

Your account data and generated documents are retained for as long as your account is active. You may delete your account at any time from Account settings, which permanently removes your profile and associated documents. Some data may be retained in backups for up to 30 days after deletion.

• Supabase — database and file storage. Your data is stored on Supabase-managed infrastructure.
• Anthropic (Claude) — AI generation. Your résumé content and job posting text are sent to Anthropic's API to generate output documents. Anthropic's privacy policy applies to data processed by their API.
• Stripe — payment processing. Payment data is governed by Stripe's privacy policy.
• Inngest — background job processing for document generation.

We use cookies solely for authentication (to keep you signed in). We do not use tracking or advertising cookies. A session cookie is set when you log in and cleared when you log out.

Depending on your location, you may have the right to access, correct, or delete your personal data. To exercise these rights, delete your account from Account settings or contact us directly. EU/UK residents may have additional rights under GDPR/UK GDPR.

We use industry-standard security practices including encrypted connections (HTTPS), hashed passwords, and role-based database access controls. No method of transmission over the internet is 100% secure; use the Service at your own risk.

The Service is not directed at children under 18. We do not knowingly collect personal data from minors.

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use after changes constitutes acceptance.

Questions or privacy requests? Contact us via the email address listed on our website.