Last updated: April 11, 2026
When you create an account, we collect your name, email address, and authentication details. We never store your raw password — passwords are hashed using bcrypt before storage. When you use the tool, we temporarily process your resume text and job description to generate results. We store the following optimization data in your account history: job title, company name, ATS score, matched and missing keywords, score summary, tailored resume bullets, cover letter, and interview questions. This history is tied to your account and visible only to you. We do not store raw resume files. Uploaded PDFs and DOCX files are parsed in memory and immediately discarded.
We use your information to: — Provide and improve the CareerCraft AI service — Track and enforce free-tier usage limits (3 optimizations per month) — Manage your Pro subscription via Stripe — Send transactional emails (account confirmation, password reset) via Resend — Deliver contact form messages via Telegram Bot API (internal use only) — Generate shareable ATS score cards linked to your optimization results We do not sell your personal data to third parties. We do not use your resume content or job descriptions to train AI models. All AI processing is performed via Anthropic's Claude API under their data usage policies.
Your account data and optimization history are stored in Supabase (PostgreSQL), hosted in the EU region (Stockholm, Sweden). Payment data is handled entirely by Stripe and is never stored on our servers. All data in transit is encrypted using HTTPS/TLS. Passwords are never stored in plain text. API endpoints are protected by authentication — unauthenticated requests return 401. Scheduled jobs (e.g. monthly usage reset) are secured with a secret token. Shareable score cards are publicly accessible via a unique URL containing your optimization ID. If you delete an optimization from your history, the score card link becomes invalid.
CareerCraft AI uses the following third-party services: — Anthropic Claude (AI processing) — resume optimization, LinkedIn profile optimization, cover letter generation — Stripe (payments) — subscription billing and credit purchases — Supabase (database and authentication) — account data and optimization history — Google OAuth (sign-in) — optional Google account sign-in — Vercel (hosting and analytics) — site hosting and performance monitoring — Resend (transactional email) — account and password reset emails — Telegram Bot API (internal notifications) — contact form delivery to our team Each provider operates under their own privacy policy and data processing terms.
The LinkedIn Profile Optimizer is an optional feature available to Pro subscribers and free users (1 free use). When you use it, you paste your LinkedIn About section and/or Experience into the tool. This content is processed by Anthropic's Claude API to generate optimized versions. We do not store your raw LinkedIn content. We do not access your LinkedIn account directly. The feature operates entirely on text you manually paste into the tool.
When you complete an optimization, a shareable score card is generated. This card is accessible via a public URL (/share/[id]) containing your ATS score, job title, and matched keywords. You control whether to share this URL. The score card is linked to your account — deleting the optimization from your history removes the score card. We do not proactively publish or index these URLs.
As a user in the European Economic Area, you have the following rights: — Right to access: request a copy of your personal data — Right to rectification: correct inaccurate data — Right to erasure: delete your account and all associated data (available in Account settings → Delete account) — Right to restriction: limit how we process your data — Right to data portability: receive your data in a machine-readable format — Right to object: object to processing based on legitimate interests To exercise any of these rights, contact us at info@kotabitus.com. Account deletion is also available directly from the Account settings page and the mobile profile menu — no email required.
We retain your account data for as long as your account is active. Optimization history is retained until you delete individual entries or delete your account entirely. Monthly free usage counts are reset automatically at the start of each calendar month. When you delete your account, all associated data — including optimization history, usage counts, credits, and subscription records — is permanently deleted within 24 hours.
We use essential session cookies only, required for authentication and maintaining your signed-in state. We do not use advertising cookies, tracking pixels, or third-party analytics cookies that identify you across sites. Vercel may collect anonymized performance metrics (page load times, etc.) as part of their hosting infrastructure. This data is aggregated and not linked to individual users.
We may update this Privacy Policy as the service evolves. Material changes will be communicated via email or a notice on the site. Continued use of the service after changes constitutes acceptance of the updated policy.
For privacy inquiries, data requests, or concerns: info@kotabitus.com Kotabitus Dev, Oslo, Norway