Privacy Policy
Last updated: April 11, 2026
At Careeronaut, your privacy matters. This Privacy Policy explains what information we collect, how we use it, and the choices you have. We aim to be straightforward -- if anything is unclear, reach out to us at hello@careeronaut.com.
1. Information We Collect
Account information. When you sign up we collect your name and email address. Your password is cryptographically hashed before storage -- we never store it in plain text.
Resume content. Everything you enter into the resume editor -- work experience, education, skills, and any other sections -- is stored so you can access and edit your resumes at any time.
Payment information. Subscription payments are processed by Stripe, which is PCI-DSS compliant. We never receive, process, or store your credit card number. We retain only your Stripe customer ID and subscription status.
Usage and analytics data. We use Google Analytics (via Google Tag Manager) to understand how people use the site. See Section 4 for details on cookies and consent.
2. How We Use Your Information
- Provide the service -- store and render your resumes, manage your account, and process payments.
- AI-powered features -- when you use AI writing suggestions, relevant resume content is sent to our AI provider (Anthropic Claude) to generate recommendations. See Section 5 for details.
- Transactional emails -- send account confirmations, password resets, and subscription receipts via Resend. We do not send marketing emails unless you opt in.
- Improve Careeronaut -- analyse aggregated, anonymised usage patterns to fix bugs and build better features.
- Protect against abuse -- detect and prevent fraud, spam, or security threats.
3. Legal Bases for Processing (GDPR)
If you are in the European Economic Area (EEA) or the UK, we rely on the following legal bases:
- Contract -- processing necessary to provide the service you signed up for (account data, resume storage, payments).
- Consent -- analytics cookies are only set after you accept them via our cookie banner. You can withdraw consent at any time.
- Legitimate interest -- basic security monitoring and service improvement, balanced against your privacy rights.
4. Cookies and Tracking
We use a cookie consent banner. Analytics cookies are not set until you give consent, in line with Google Consent Mode v2.
Essential cookies. These are required for authentication and session management (e.g., your login session token). They cannot be disabled because the service would not function without them.
Analytics cookies. If you consent, Google Analytics collects anonymised data about page views, device type, and general usage patterns. You can change your cookie preferences at any time via the cookie settings link in the site footer.
We do not use advertising or remarketing cookies. We do not run third-party ad networks on Careeronaut.
5. Third-Party Service Providers
We share data with a limited set of service providers, only as needed to operate Careeronaut. We do not sell your personal data to anyone.
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase (PostgreSQL on AWS US-West-2) | Database hosting | Account data, resume content |
| Stripe | Payment processing | Email, subscription details (card data handled solely by Stripe) |
| Anthropic (Claude API) | AI resume suggestions | Resume content submitted for AI features |
| Resend | Transactional email delivery | Email address, email content |
| Google Analytics | Website analytics (with consent) | Anonymised usage data, device info |
When you use AI features, your resume content may be sent to Anthropic for processing. Per Anthropic's API terms, data sent through the API is not used to train their models. We only send content that is necessary to generate the suggestions you requested.
6. Data Storage and Security
Your data is stored in a PostgreSQL database hosted by Supabase on Amazon Web Services in the US-West-2 (Oregon) region. All data is encrypted in transit (TLS) and at rest.
Authentication is handled via NextAuth.js using secure, HTTP-only JWT session tokens. Passwords are hashed using industry-standard algorithms before storage.
While no system is 100% secure, we follow industry best practices including regular dependency updates, secure coding practices, and principle of least privilege for data access.
7. Data Retention
We retain your account data and resume content for as long as your account is active. If you delete your account, all associated data is permanently removed from our systems within 30 days, including backups.
We may retain anonymised, aggregated analytics data (which cannot identify you) indefinitely for service improvement purposes.
Payment records may be retained as required by tax and accounting regulations, typically for 7 years.
8. Your Rights
Depending on your location, you may have some or all of the following rights regarding your personal data:
- Access -- request a copy of the personal data we hold about you.
- Correction -- update or correct inaccurate data directly in your account settings, or contact us for assistance.
- Deletion -- delete your account and all associated data from your account settings page at any time.
- Data portability -- export your resume data in standard formats (PDF, DOCX).
- Withdraw consent -- change your cookie preferences at any time; opt out of any non-essential communications.
- Object to processing -- you may object to processing based on legitimate interest.
- Lodge a complaint -- you have the right to file a complaint with your local data protection authority.
To exercise any of these rights, email us at hello@careeronaut.com. We will respond within 30 days.
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to know -- you can request details about the categories and specific pieces of personal information we have collected.
- Right to delete -- you can request deletion of your personal information.
- Right to opt out of sale -- we do not sell your personal information, so there is nothing to opt out of.
- Non-discrimination -- we will not discriminate against you for exercising your privacy rights.
10. International Data Transfers
Our servers are located in the United States. If you access Careeronaut from outside the US, your data will be transferred to and processed in the US. We rely on standard contractual clauses and other appropriate safeguards where required to ensure adequate protection for your data.
11. Children's Privacy
Careeronaut is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by placing a notice on our website. Your continued use of Careeronaut after changes are posted constitutes acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests related to your privacy, contact us at:
Careeronaut
Email: hello@careeronaut.com
Website: careeronaut.com
This privacy policy is provided for informational purposes. Consult with a qualified attorney for legal advice specific to your situation.