Privacy Policy

Version: 2026-03-20. This document describes how user data is processed in the application.

1. Data Controller and Contact

Data Controller: Tomasz Golaszewski.
Data inquiries: tomasz.golaszewski@outlook.com.
For data breach reports or exercising your data rights, contact the address above.

Google account data required for authentication (e.g., identifier, email).
User content (resumes, job descriptions, LinkedIn imports) stored primarily on the user's own Google Drive.
Minimal technical metadata needed for the application to function (e.g., file indexes).
Public profile operational data (if the user enables this feature).

Service delivery (Art. 6(1)(b) GDPR — contractual necessity).
Security, fraud prevention, and operational stability (Art. 6(1)(f) GDPR — legitimate interest).
Compliance with legal obligations, where applicable (Art. 6(1)(c) GDPR).
User consent for analytics and marketing cookies (Art. 6(1)(a) GDPR).

Google Drive (appDataFolder) as the primary storage for user content.
The application server processes data temporarily in RAM and does not maintain persistent copies of user content.
Upstash Redis for minimal technical metadata.
Neon PostgreSQL — limited account data (authentication, credit wallet, transaction history).

Google — OAuth authentication, Google Drive API, Google Analytics 4, Google Tag Manager, Google AdSense.
Vercel — hosting, runtime infrastructure, Vercel Analytics and Speed Insights.
Upstash — Redis (technical metadata, rate limiting, daily operation counters).
Paddle — payment processor (transaction processing, billing data).
PostHog — product analytics (EU instance, loaded only after consent).
Microsoft Clarity — heatmaps and session recordings (loaded only after consent).
Sentry — error monitoring (technical session data, stack traces).
Better Stack — server logs and uptime monitoring.
Langfuse — AI call observability (costs, latency; no user content).
Resend — transactional email delivery (e.g., job digest).
Neon — PostgreSQL database (account data, credit wallet, transaction history).
AI Providers (OpenAI, Google Gemini, OpenRouter) — only to the extent necessary to fulfill AI requests. Content is processed in memory and not stored persistently.

Necessary — session cookies (NextAuth), language and theme preferences. Always active; no consent required.
Analytics — Google Analytics 4 (via GTM), PostHog (EU instance), Microsoft Clarity, Vercel Analytics. Loaded only after consent via the cookie banner.
Marketing — Google AdSense, Google Ads remarketing. Loaded only after consent for marketing cookies.
Tag management uses Google Tag Manager with Google Consent Mode v2 — scripts do not load without the appropriate consent.
We respect the browser's Do Not Track (DNT) header.
You can change your preferences at any time by clearing site data in your browser or rejecting cookies on your next visit.

Some infrastructure and AI providers may process data outside the European Economic Area (including Google, OpenAI, Microsoft).
In such cases, GDPR-compliant mechanisms are applied (e.g., Standard Contractual Clauses, EU-US Data Privacy Framework), as appropriate for each service.

User content (resumes, jobs, cover letters): until deleted by the user or upon account deletion.
AI credits: expire 90 days after purchase/grant.
Payment transaction history: 7 years (tax/accounting obligation).
Technical metadata (Drive indexes, rate limiting): for the duration necessary for service operation.
Error logs (Sentry, Better Stack): per provider retention policy (typically 30–90 days).
Analytics data (GA4, PostHog, Clarity): per provider retention policy; anonymized after 14 months (GA4) / 12 months (PostHog).
Provider backup data may be deleted with a delay per their retention policies.

The application uses AI models to generate content (resume tailoring, cover letters, ATS scoring). Results are advisory only and require user verification.
No decision affecting the user (e.g., employment) is made automatically by the application.
ATS scoring and AI suggestions do not constitute profiling under Art. 22 GDPR.

Right of access (Art. 15 GDPR) — export all your data as JSON via: Settings -> Privacy -> Download My Data.
Right to rectification (Art. 16) — edit your profile and resumes directly in the app.
Right to erasure (Art. 17) — delete your account in settings (details in section 11).
Right to restrict processing (Art. 18) — contact: tomasz.golaszewski@outlook.com.
Right to data portability (Art. 20) — JSON export (see above).
Right to object (Art. 21) — against processing based on legitimate interest.
Right to lodge a complaint with the Polish DPA (Prezes UODO) at uodo.gov.pl.
We respond to requests within 30 days.

In the app, go to: Settings -> Danger Zone -> Delete Account.
Confirm by typing DELETE. This action is permanent and irreversible.
Deletion covers your Cavi account data, public profile data, and all technical metadata associated with your account.
Billing data (Paddle transaction history) may be retained per tax obligations (7 years).