Privacy Policy

• Account data: name, email, password (stored as a salted hash; we never see the plaintext).
• Resume & application content: resumes you upload, job descriptions you submit, documents we generate for you, revision instructions, and your application tracker entries.
• Transaction data: your credit balance and history, purchases, and subscription status. Card numbers are collected and stored by Stripe, never by us.
• Usage & technical data: standard server logs (IP address, browser type, timestamps) used for security, debugging, and abuse prevention.
• Support data: messages you send to support, including support-chat transcripts you choose to escalate to us.

• To provide the Service: parsing your resume, scoring matches, generating tailored documents, tracking applications.
• To operate billing, credits, and fraud prevention.
• To respond to support requests.
• To secure and improve the Service (aggregate, de-identified analysis only).
• We do not sell your personal data, share your resume with employers or recruiters, or use your content for advertising.

When you request scoring, tailoring, or a cover letter, the relevant content (your resume and the job description) is sent to our AI provider (Google, Gemini API) to generate the result. These API calls are governed by the provider's enterprise data terms: content is not used to train their public models. Generated results are cached so repeated requests don't reprocess your data unnecessarily.

• Database & authentication: Supabase (Postgres), with encryption at rest and in transit. Row-level security ensures your records are readable only by your authenticated account.
• Hosting: Vercel (application servers and content delivery).
• Payments: Stripe (PCI-DSS Level 1).
• AI processing: Google Gemini API (transient processing, as described above).

These providers process data on our behalf under their respective data processing agreements. We do not use third-party advertising or cross-site tracking scripts.

We use only essential cookies: session cookies that keep you logged in and security cookies that protect against request forgery. No advertising cookies, no third-party trackers. Because we use only essential cookies, there's no consent banner to click, because there's nothing to consent to.

• Account and content data: retained while your account is active.
• Generated documents and cached results: retained so you can re-download them; deleted with your account.
• Payment and ledger records: retained as required by tax and accounting law (typically 7 years), even after account deletion.
• Server logs: rotated on a short cycle (typically ≤ 90 days).

• Access & portability: you can view and download your resumes and generated documents at any time from the app.
• Correction: edit your profile and content directly in the app.
• Deletion: request permanent deletion of your account and content by emailing support@yespile.app from your account email. We complete deletion within 30 days, except records we must keep by law (Section 6).
• Depending on your jurisdiction (e.g., GDPR in the EU/UK, CCPA/CPRA in California), you may have additional statutory rights. To exercise any of them, contact support@yespile.app. We do not discriminate against users who exercise privacy rights, and we do not “sell” or “share” personal information as those terms are defined in the CCPA.

Transport encryption (TLS) everywhere, encryption at rest, row-level security at the database layer, server-side-only handling of all secrets and credit operations, and signature verification on payment webhooks. No system is perfectly secure; if a breach affects your data we will notify you promptly as required by law.

The Service is not directed to children under 16, and we do not knowingly collect their data. If you believe a child has created an account, contact support@yespile.app and we will delete it.

We'll update this policy as the Service evolves and notify you of material changes by email or in-app notice before they take effect.

Privacy questions or requests: support@yespile.app. See also our Terms of Service.