Privacy Policy

Last updated: 24 June 2026

This Privacy Policy explains how CV Tailor ("we", operated by the operator of CV Tailor) processes your personal data when you use the service. We designed the service to collect as little as possible and to delete it automatically.

1. Data controller

The data controller is the operator of CV Tailor. For any privacy request, contact us at andrea.giacoia93@gmail.com.

2. What we collect

• The text you submit — your CV and the job posting you paste or upload, plus the output language you choose.
• Your email address — collected by our payment provider at checkout, used solely to deliver your files.
• Payment information — handled entirely by Stripe. We never see or store your card details.

We do not require an account, and we do not use tracking or advertising cookies.

3. How we use your data

We use your inputs only to generate your tailored CV and cover letter, and your email only to send you the resulting files. We do not use your data to train AI models, and we do not sell or share it for marketing.

4. AI processing

To generate your documents, the text you submit is sent to Anthropic (the provider of the Claude AI model), which processes it on our behalf to produce the output. It is not used to train their models when accessed through their API.

5. Processors we rely on

• Anthropic — AI generation of your CV and cover letter.
• Upstash — temporary storage of your job data.
• Stripe — payment processing and email collection.
• Resend — delivery of your files by email.
• Vercel — hosting of the website.

6. Retention and automatic deletion

Your submitted text and generated output are stored only temporarily and are automatically deleted after 72 hours. The downloadable files themselves are generated on demand and are not stored on our servers. Your email and payment record are retained by Stripe according to its own policies and any applicable accounting obligations.

7. Legal basis (GDPR)

We process your inputs and email to perform the contract you enter into when you request the service (Article 6(1)(b) GDPR). Where we are required to keep payment records, the basis is our legal obligation (Article 6(1)(c) GDPR).

8. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. Because your inputs are deleted automatically within 72 hours, much of this happens by design. To exercise any right, email andrea.giacoia93@gmail.com. You also have the right to lodge a complaint with your local data protection authority.

9. International transfers

Some processors (such as Anthropic and Stripe) may process data outside the European Economic Area. Where this happens, transfers are covered by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

10. Changes

We may update this policy from time to time. The "last updated" date above reflects the latest version.

11. Contact

Questions about this policy? Email andrea.giacoia93@gmail.com.