Privacy Policy

Your privacy matters. Here's exactly how we handle your data.

Last updated: 18 May 2026

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a one-way hash — we never see your plain-text password).

CV and Career Data

When you upload your CV, we process its full contents to extract skills, experience, qualifications, and career history. This includes:

  • Employment history — employer names, job titles, start and end dates
  • Education history — institution names, qualifications, and graduation years
  • Skills, certifications, and languages
  • Any personal statements or summaries you include

Career dates and graduation years are used solely to calculate employment durations and career gaps for your analysis. These dates may allow age to be inferred; we do not use this information for any purpose other than presenting your career history back to you.

AI processing:Your CV content is sent to Anthropic's Claude AI API to perform analysis. Anthropic acts as a data processor on our behalf and is contractually bound not to use your data to train its models. See Anthropic's privacy policy.

Job Descriptions

Job descriptions you paste or import are processed — including by Anthropic's Claude AI API — to extract requirements and compare them against your profile. Job descriptions are stored as part of your analysis history and deleted when you delete the associated job or your account.

Usage Data

We collect standard server logs including pages visited, features used, browser type, and device information. This helps us diagnose issues and improve the product.

2. Lawful Basis for Processing

We rely on the following lawful bases under UK/EU GDPR:

  • Contract (Article 6(1)(b)) — processing your CV and job descriptions is necessary to deliver the service you have signed up for.
  • Legitimate interests (Article 6(1)(f)) — for usage analytics and service improvement, balanced against your privacy interests.
  • Consent (Article 6(1)(a)) — for optional marketing emails, which you can withdraw at any time from your account settings.

3. How We Use Your Information

We use your information to:

  • Provide career fit analysis and job compatibility scoring
  • Generate match scores and improvement recommendations
  • Maintain your account, CV history, and analysis history
  • Send service-related communications (account updates, security alerts)
  • Send marketing emails, only if you have opted in
  • Improve our service using anonymised, aggregated data

4. What We Will Never Do

  • Sell your personal data to third parties
  • Share your CV or profile with employers, recruiters, or job boards
  • Use your individual data to train AI models
  • Grant third parties access to your personal data outside of the processors listed below

5. Third-Party Processors

We use the following sub-processors to operate CareerArchitect. Each is bound by a Data Processing Agreement and processes your data only on our instructions.

  • Anthropic — AI analysis of CV and job description content. Privacy policy
  • Vercel — Application hosting and edge infrastructure. Privacy policy
  • Stripe — Payment processing. Stripe handles payment card data directly; we never see or store card numbers. Privacy policy
  • Resend — Transactional and marketing email delivery. Privacy policy

6. Data Storage and Security

Your data is encrypted in transit (TLS) and at rest (AES-256). We use access controls, monitoring, and principle-of-least-privilege to protect your information. Our infrastructure is hosted on providers with SOC 2 compliance.

7. Data Retention

We retain your data for as long as your account is active. Specifically:

  • CVs and job analysis data — retained while your account is open
  • Account deletion — all personal data is permanently removed within 30 days
  • You can delete individual CVs, jobs, or your entire account at any time from your account settings

8. Your Rights

Under UK/EU GDPR you have the right to:

  • Access — request a copy of all data we hold about you
  • Rectification — update or correct inaccurate information
  • Erasure — delete your account and all associated data (available directly in account settings)
  • Portability — receive your data in a machine-readable format
  • Restriction — ask us to pause processing of your data
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — for marketing emails, withdraw at any time via account settings

To exercise any of these rights, contact us at privacy@careerarchitect.coach. We will respond within 30 days.

9. Cookies

We use the following cookies:

  • session (essential) — keeps you signed in. Cleared when you close your browser or sign out.
  • cookieConsent (essential) — remembers your cookie preference for one year so this notice does not reappear.

On payment pages, Stripe may set its own cookies governed by Stripe's privacy policy.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or an in-app notification at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

11. Contact

For questions about this policy or to exercise your data rights, contact us at privacy@careerarchitect.coach.