Privacy Policy

We provide an AI-assisted CV optimizer focused on the UK market. In this policy, “we”, “us”, and “our” refer to the service operated under this website/app.

• Account & authentication: email and password (hashed). Guests may use a deviceId; we also store a startup-safe fingerprint and first IP to prevent abuse.
• Usage: scan counts, credit balance, streaks, last spin date, and timestamps.
• Content you provide: CV text, optional job description text, filenames, and generated results (summaries, bullet rewrites, gaps, and packs).
• Uploads: PDFs/DOCX/TXT/MD can be uploaded and stored in S3; we keep a text preview for dashboard display.
• Payments: processed by Stripe. We receive non-card metadata such as payment status, amount, currency, and your email from Stripe.
• Technical: basic device/HTTP headers used to create a salted fingerprint for abuse prevention.

• Provide features like ATS scan, JD match scoring, interview/career packs, and advice.
• Maintain your account, credits, and “Pro” access period.
• Process payments and extend Pro access after successful payment.
• Prevent misuse (e.g., repeated free guest creation).
• Improve quality, performance, and reliability of the service.

We process data under legitimate interests (service operation, fraud prevention), contract (providing purchased or requested features), and consent where applicable (e.g., cookies or marketing if used).

• Data is stored in databases we control; uploads are stored in Amazon S3.
• Passwords are hashed; S3 objects use server-side encryption (AES-256).
• We restrict access to production data and apply best-effort safeguards appropriate for a SaaS of this size.

• Stripe (billing). We don’t store card numbers; Stripe handles payments.
• AWS S3 (file storage). We store your uploads and generate presigned URLs for temporary access.
• Service providers as necessary to operate the app (infrastructure, logging, error monitoring).
• We do not sell your personal data.

We keep data for as long as your account is active or as needed to provide the service. You may request deletion (subject to legal/operational requirements). Uploaded files and derived results may be removed if you delete your account.

• Access, correct, or delete your data.
• Object to or restrict certain processing.
• Data portability where applicable.
• Withdraw consent where we rely on consent.

To exercise rights, contact us via the contact page.

We use essential cookies (e.g., to keep you signed in and store a device identifier). If we add analytics/marketing cookies, we will update this page and (where required) ask for consent.

Our infrastructure and providers may process data in the UK, EU, and/or other regions. We use appropriate safeguards (e.g., SCCs) where required.

Questions or requests? Contact us.