What Data We Collect
CV Tailor is a client-first application. How your data is stored depends on whether you use the service with or without an account.
Without an account (local-first / guest mode)
By default — and always when you use CV Tailor without signing in — your career data is stored exclusively in your browser's IndexedDB. The server is stateless: it processes your request and returns the result without retaining any user data.
Data stored in your browser:
- Facts — your experience, achievements, skills, and career context
- Jobs — job descriptions and parsed briefs
- Iterations — CV drafts, fit scores, and interview answers
- Artifacts — compiled PDF files
- Settings — your configuration preferences (API key, model, thresholds)
You can export or delete all of this data at any time from the Settings page.
With an account (hosted service)
When you create an account and sign in, additional data is stored on our server so it is available across your devices and sessions:
- Account information — email address, name, profile image, and linked OAuth accounts (Google, GitHub)
- Saved evaluation reports — the deep offer-evaluation results and weighted verdict for roles you evaluate
- STAR story bank — the reusable interview stories generated from your profile
- Tracked applications — the jobs you track, their status, and follow-up timing
- Usage records — per-step LLM token usage (model, input/output token counts, cost)
- Pipeline execution logs — job ID, total tokens, total cost, status, and timestamps
- Billing data — subscription tier, monthly usage count, bonus credits, and billing period dates
Some career data still stays only in your browser even when you are signed in. CV drafts, compiled PDFs, and the raw facts you edit in the profile editor remain in your browser's IndexedDB and are not uploaded to the server.
Stored on our server (account mode only): Account identity, saved evaluation reports, your STAR story bank, tracked applications, usage metrics, and billing state. Stays in your browser: Your raw profile facts, CV drafts, and compiled PDFs.
Third-Party Data Processing
OpenRouter (LLM Provider)
When you run the CV tailoring pipeline, the following data is sent to OpenRouter for AI processing:
- Your profile facts (experience sections)
- The job description text you provided
- Pipeline context (fit scores, interview answers)
This data is transmitted over HTTPS and processed by the language model you selected. We do not control how OpenRouter handles data after transmission. Please review OpenRouter's privacy policy for their data retention and processing practices.
If you provide your own API key, requests go through your OpenRouter account. If you use a paid plan, requests may go through our account on your behalf.
Polar.sh (Billing Provider)
If you subscribe to a paid plan, payment processing is handled by Polar.sh as our Merchant of Record. Polar handles all payment data, tax calculation, and invoicing. We receive your subscription status and customer ID but do not store credit card numbers or payment details.
Job Board APIs (Job Discovery)
The Job Discovery feature fetches open positions from public, documented job-board APIs (Greenhouse, Ashby, Lever) for the company career pages you choose to watch. These requests:
- Contain no personal data — only the public company board identifier you added
- Use the official, documented JSON APIs of each job board — no HTML scraping
- Are rate-limited and cached on our side, and identify our service with a descriptive User-Agent
- Never involve AI processing and never consume your usage quota
Discovered postings and your saved sources are stored in your browser's IndexedDB. If you are signed in, your saved sources and a minimal record of each discovered posting (title, company, link — not the description) are also stored on our server so rescans can skip postings you have already seen. Job posting content is displayed to you for personal use only and is not redistributed.
Umami Analytics
We use Umami, a privacy-focused analytics tool, to understand how people use CV Tailor. Umami:
- Does not use cookies
- Does not collect personal data
- Does not track users across sites
- Collects only anonymous page view and event data
You can opt out of analytics in the Settings page.
Cookies and Local Storage
CV Tailor does not use cookies. We use browser localStorage for:
- Locale preference — your language choice (EN/RU)
- Consent flag — whether you accepted or declined this notice
- Analytics opt-out — your analytics preference
Your Rights
Under GDPR and similar regulations, you have the right to:
- Access your data — browser data is visible in your browser; use the Export feature in Settings
- Delete your data — use the "Clear local cache" / "Delete all data" controls in Settings to remove browser data. If you have an account, you can request deletion of your server-side data — including saved evaluation reports, your STAR story bank, tracked applications, account information, and usage records — by contacting us.
- Opt out of analytics — toggle the analytics opt-out in Settings
- Portability — export your data as JSON from Settings
Career data stored in your browser is in your full control. For server-side account data — saved reports, stories, tracked applications, and usage records — contact us to exercise your rights.
Data Security
- All communication with our server and OpenRouter uses HTTPS encryption
- Your API key (if self-provided) is stored only in your browser's IndexedDB
- The server does not log pipeline request bodies. In account mode it persists only the specific records listed above (saved reports, story bank, tracked applications, account, and usage data); your raw facts, CV drafts, and PDFs stay in your browser
Children's Privacy
CV Tailor is not directed at children under 16. We do not knowingly collect data from children.
Changes to This Policy
We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision.
Contact
If you have questions about this privacy policy, please open an issue on our GitHub repository.