Privacy Policy

• Account: your email, name, and a hashed password (handled by our auth provider - we never see the plain password). If you sign in with Google, we receive your email and name from Google.
• Career data you give us: your CV, work history, skills, achievements, and the answers you give to tailoring questions. This is the heart of the product and it's sensitive - we treat it that way.
• Generated documents: the CVs and cover letters the service produces for you.
• Usage & billing: token counts and the cost of each AI action (for metering) - never the content of prompts or responses. Payment is handled by Stripe; we store your customer and subscription IDs, not your card number.

• To provide the service (contract): generating, scoring, and storing your applications, and billing you for it.
• Your consent: processing your career data with AI, and the optional job-match email digest. You give this explicitly at signup and can withdraw it by deleting your account or turning the digest off.
• Legitimate interest: keeping the service secure and preventing abuse (rate limiting, fraud and abuse prevention).

To write and analyse your applications, we send the relevant career data to Anthropic (the maker of Claude). Anthropic processes it to return the generated text and nothing more. Our API access is configured so your data is excluded from training their models. We don't store the model's intermediate reasoning or the raw prompt/response bodies; we keep the final documents, which are yours.

We use a small set of vetted providers to run the service. Each is bound by a data processing agreement, and for transfers outside the EU, by Standard Contractual Clauses.

• Uploaded source CVs are deleted after we extract their content, unless you choose to keep them.
• Your profile, applications, and documents are kept until you delete them or close your account.
• Billing records are retained by Stripe for as long as tax and accounting law requires, even after you delete your account.

Under the GDPR you can exercise all of the following - most of them directly in the app, today:

• Access & portability: download a complete copy of your data from Account → Your data → Export.
• Erasure: permanently delete your account and all associated data from the same page. This cascades through our database, purges your stored documents, and cancels any subscription.
• Rectification: edit your profile and documents at any time.
• Withdraw consent / object: by deleting your account or turning off the digest.

You also have the right to complain to a supervisory authority. In Sweden that's Integritetsskyddsmyndigheten (IMY).

Your data is isolated at the database level - row-level security means one user's rows are never reachable by another, even if application code had a bug. Data is encrypted in transit, documents are served only through short-lived signed links, and AI keys live exclusively on the server, never in your browser.

• Essential cookies keep you signed in and secure the session. These are always on - the service can't work without them - and need no consent.
• Analytics cookies (Google Analytics 4): we use these to measure traffic and improve the product. They load only after you accept on the cookie banner - decline and no analytics script ever runs. You can change or withdraw your choice any time via the "Cookies" link in the footer.

We use no third-party advertising or cross-site ad-tracking cookies. Your analytics choice is stored locally in your browser, not in an account.

The service isn't intended for anyone under 16, and we don't knowingly collect their data.

If we change this policy we'll update the effective date and, for material changes, tell you in the app or by email. Reach us any time at privacy@cvfriend.com, CVFriend, Stockholm, Sweden.