Privacy Policy

We collect the following information when you use our service:

• Account information — your name and email address, provided via Google OAuth when you sign in.
• CV / Résumé content — the text extracted from the PDF you upload, used solely to generate your cover letters.
• Job descriptions and cover letters — the content you submit and the letters we generate, stored so you can review and edit them later.
• Billing information — handled entirely by Stripe. We do not store card numbers or payment details on our servers.
• Usage data — basic logs such as the number of cover letters generated, used to enforce free tier limits and improve the service.

• To generate and store your cover letters.
• To manage your subscription and process payments via Stripe.
• To authenticate you securely via Google OAuth.
• To enforce free tier usage limits.
• To improve and maintain the service.

We do not sell your personal data to third parties.

We share data with the following third parties only to the extent necessary to provide the service:

• OpenAI— your CV text and job description are sent to OpenAI's API to generate cover letters. OpenAI's privacy policy governs how they handle this data.
• Stripe — payment processing. Stripe's privacy policy governs billing data.
• Google — authentication. Google's privacy policy governs sign-in data.
• Supabase— our database provider, hosted in the EU (AWS eu-west-1). Your data is stored on Supabase's infrastructure.

Your account data, jobs, and cover letters are retained for as long as your account is active. You may delete your account at any time, which will result in the immediate and permanent deletion of all your data.

If you are located in the European Economic Area, you have the following rights:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure— request deletion of your data ("right to be forgotten").
• Portability — request your data in a machine-readable format.
• Objection — object to certain types of processing.

To exercise any of these rights, please use our contact form.

We use essential session cookies to keep you logged in. We do not use tracking or advertising cookies. No cookie consent banner is required for essential cookies under ePrivacy rules.

We use industry-standard measures to protect your data, including encrypted connections (HTTPS) and secure credential storage. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of the service after changes constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or wish to exercise your data rights, please use our contact form.