Privacy Policy

Last updated: January 8, 2026

Effective date: January 14, 2026

1. Introduction

JobFitstr ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our resume generation service at jobfitstr.com (the "Service").

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable data protection laws.

2. Data Controller

JobFitstr
Email: privacy@jobfitstr.com
Support: support@jobfitstr.com

3. Information We Collect

3.1 Personal Information You Provide

  • Account Information: Email address, name, password (hashed)
  • CV/Resume Content: Your uploaded CV and generated resumes (encrypted)
  • Job Descriptions: Job URLs and scraped job descriptions you provide (encrypted)
  • Payment Information: Processed by Stripe (we store only Stripe customer ID, not card details)

3.2 Automatically Collected Information

  • Usage Data: Pages viewed, features used, time spent
  • Device Information: IP address, browser type, operating system
  • Cookies: Essential cookies for authentication, optional analytics cookies (with consent)

3.3 Third-Party Data

  • Google OAuth: If you sign up with Google, we receive your email and name
  • AI Processing: Your CV and job descriptions are sent to Anthropic (Claude AI) via secure HTTPS

4. How We Use Your Information

4.1 Service Delivery (Legal Basis: Contract Performance)

  • Generate tailored resumes from your CV and job descriptions
  • Provide resume quality reports and hallucination detection
  • Store your CVs and resumes for future use
  • Process payments and manage subscriptions

4.2 Account Management (Legal Basis: Contract Performance)

  • Create and maintain your account
  • Authenticate your login sessions
  • Send service emails (e.g., validation reports, password resets)
  • Enforce usage limits based on subscription tier

4.3 Marketing (Legal Basis: Consent)

  • Send promotional emails about new features (only if you opt-in)
  • You can unsubscribe anytime via the link in emails or account settings

4.4 Legal Compliance (Legal Basis: Legal Obligation)

  • Maintain audit logs for GDPR compliance (data access, deletion requests)
  • Respond to legal requests from authorities
  • Prevent fraud and enforce our Terms of Service

5. How We Share Your Information

⚡ We DO NOT sell your personal data to third parties.

We share data only with:

Anthropic (Claude AI)

Your CV and job descriptions are processed via secure API to generate resumes. Anthropic does not store your data long-term.

Purpose: AI resume generation | Location: US | Safeguards: HTTPS encryption, DPA signed

Stripe (Payment Processor)

Payment card details are entered directly into Stripe. We only receive a customer ID.

Purpose: Payment processing | Location: US/EU | Safeguards: PCI DSS compliant

Railway / Vercel (Hosting)

Your data is stored on Railway (backend database) and Vercel (frontend). All data encrypted at rest.

Purpose: Service hosting | Location: US/EU | Safeguards: Encryption at rest, SOC 2 certified

Resend (Email Service)

Your email address is used to send validation reports and service notifications.

Purpose: Email delivery | Location: US | Safeguards: GDPR compliant, DPA signed

6. Data Retention

  • Active Accounts: Your CVs and resumes are stored indefinitely while your account is active
  • Deleted Resumes: Soft-deleted for 30 days (recoverable), then permanently purged
  • Closed Accounts: Data deleted 30 days after account closure (or immediately on request)
  • Validation Reports (Free Tool): Stored for 30 days only, then auto-deleted
  • Audit Logs: Retained for 2 years for legal compliance

7. Your Rights Under GDPR

✓ Right to Access (Article 15)

Request a copy of your data: Go to Settings → Export Data or email privacy@jobfitstr.com

✓ Right to Rectification (Article 16)

Update incorrect data: Edit your profile in Settings

✓ Right to Erasure (Article 17)

Delete your account: Settings → Delete Account (all data purged within 30 days)

✓ Right to Data Portability (Article 20)

Download your data in JSON format: Settings → Export Data

✓ Right to Withdraw Consent (Article 7)

Unsubscribe from marketing emails: Click "Unsubscribe" in any email or visit Settings

✓ Right to Object (Article 21)

Object to data processing: Email privacy@jobfitstr.com

To exercise your rights, email: privacy@jobfitstr.com (we respond within 30 days)

8. Data Security

  • Encryption at Rest: CVs and resumes encrypted with Fernet (AES-128)
  • Encryption in Transit: HTTPS/TLS 1.3 for all connections
  • Password Security: Passwords hashed with bcrypt (cost factor 12)
  • Access Control: Role-based access, JWT token authentication
  • Regular Backups: Daily automated backups, 30-day retention
  • Monitoring: 24/7 server monitoring, security alerts enabled

9. Cookies

Essential Cookies (Always Active)

  • access_token: Authentication (JWT token), expires after 24 hours
  • cookie_consent: Remembers your cookie preferences

Optional Cookies (Require Consent)

  • Analytics: Usage tracking to improve service (only if you consent)

You can manage cookie preferences via the cookie banner or in Settings.

10. International Data Transfers

Your data may be transferred to and processed in the United States (Anthropic, Stripe, Railway) under approved data transfer mechanisms:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with all third-party processors
  • Encryption in transit and at rest for all data transfers

11. Children's Privacy

Our Service is not intended for individuals under 16 years old. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately at privacy@jobfitstr.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice on our Service. Your continued use after changes indicates acceptance of the updated policy.

13. Contact Us & Complaints

For privacy questions or to exercise your rights:

Email: privacy@jobfitstr.com
Support: support@jobfitstr.com

Right to Lodge a Complaint:

If you believe we have not handled your data properly, you can lodge a complaint with the UK Information Commissioner's Office (ICO):

ICO Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113

© 2026 JobFitstr. All rights reserved. | Terms of Service