Privacy Policy — CVShortlist

Last updated: 1 January 2025 · CVShortlist · Effective immediately

Plain English summary: We process your CV and job descriptions through Claude AI to tailor them. We do not store your CV on our servers. We store your account and billing information through Outseta. Credits and usage are tracked in your browser only.

1. Who We Are

CVShortlist ("we", "us", "our") is an AI-powered CV tailoring service operated as a sole trader business based in the United Kingdom. We can be contacted at [email protected].

For the purposes of UK GDPR and the Data Protection Act 2018, we are the data controller for the personal data described in this policy.

2. What Data We Collect

Data you provide directly

Data	Why we collect it	Stored where
Name and email address	Account creation and login	Outseta (our auth provider)
Payment information	Processing your subscription	Stripe (we never see card details)
CV / resume content	AI tailoring — processed in real time	Not stored — processed and discarded
Job descriptions	AI tailoring — processed in real time	Not stored — processed and discarded
Target country and preferences	Tailoring settings	Not stored beyond the session

Data collected automatically

Data	Why	Where
IP address	Rate limiting abuse prevention on our proxy server	Stored temporarily in a hashed file on our server, deleted hourly
Credit usage count	Enforcing your monthly plan limit	Your browser's localStorage only
Session token	Keeping you logged in	Your browser's sessionStorage — cleared when you close the tab

3. How We Use Your Data

We use your data only for the following purposes:

Providing the service: Passing your CV and job description to the Claude AI API (operated by Anthropic, Inc.) to produce a tailored CV. This data is sent securely and is not retained by us after processing.
Account management: Creating and managing your account and subscription via Outseta.
Billing: Processing payments via Stripe.
Security and abuse prevention: Rate limiting requests using a hashed IP address.

Customer support: Responding to your emails to [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies and Local Storage

We do not use advertising or tracking cookies. We use the following browser storage:

Storage key	Purpose	Expiry
cvb_used_v2_{uid}	Counting your monthly credit usage	Resets each month automatically
cvb_token	Keeping you logged in during your session	Cleared when you close your browser tab
cvb_cookie_ok	Remembering that you dismissed this notice	Persistent until you clear browser data
cvb_tip_dismissed	Remembering that you dismissed the onboarding tip	Persistent until you clear browser data

9. Children's Privacy

CVShortlist is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "last updated"