Legal

Privacy.

Plain English version: your data is yours, we don't train AI on it, we don't sell it, and you can wipe it any time from the account page.

Last updated: 2026-06-25

1. What we collect

When you sign in with Google, we receive your email address and a unique user ID from Supabase Auth. We use these to identify your account and tier (Free or Pro).

When you use the product, you may store the following in your tenant of our hosted Postgres database:

  • Profile fields you enter (name, email, phone, location, work authorization, salary range, social URLs).
  • Resume text you paste or upload (extracted from PDF; the PDF binary itself is discarded after parsing).
  • Jobs you save from LinkedIn or sync from public job boards.
  • Applications you log and their status history.
  • Custom answers, skills, and ATS check results you generate.
  • Anonymous usage events (e.g., “AI draft used”) so we can enforce monthly caps.

2. What we do with it

We use stored data only to render your account inside the product. Specifically:

  • Your profile + answers + skills are passed to OpenAI as prompt context when you trigger an AI draft or ATS check. OpenAI's API tier we use does not train models on submitted prompts.
  • Your jobs and applications appear in your dashboard.
  • Your resume text is used for ATS comparisons against jobs you check.

We never use your data to train our own AI models, sell it to third parties, or share it for advertising.

3. Third parties we use

  • Supabase — authentication and hosted Postgres. Subject to Supabase's privacy policy.
  • Google — OAuth identity provider. We receive only the email/profile scopes you grant.
  • OpenAI — model inference for AI drafts and ATS checks. Prompts include your profile, answers, skills, resume text, and the target job description. Not used for training under our API tier.
  • Stripe — payment processing for Pro subscriptions (when enabled). We never see your full card number.
  • Vercel — application hosting. Receives standard request metadata.

4. Cookies & local storage

We use first-party cookies set by Supabase Auth to keep you signed in. The Chrome extension stores your backend URL, API key, and sidebar collapse state in chrome.storage.local. We do not use third-party tracking cookies.

5. Your rights

  • Access — your data is visible in the product at all times.
  • Export — request a JSON export by emailing the address below.
  • Deletion — wipe your account from the account page; we delete your row from Supabase Auth and cascade-delete every public row tied to your user ID.
  • Correction — edit anything from the relevant page (profile, answers, etc.).
  • EU/UK residents — you have the additional rights granted by GDPR. Contact us to exercise them.

6. Data retention

We retain your data for as long as your account exists. When you delete your account, we cascade-delete every row tied to your user ID immediately. Backups are rotated out within 30 days.

7. Security

Connections to the application are TLS-encrypted end to end. Passwords are managed by Google OAuth — we never see them. API keys are stored as SHA-256 hashes, not in plaintext. Database access is enforced at the app level via per-user scoping on every query.

8. Children

GetPeter is not directed at children under 16 and is not designed for use by them.

9. Changes

If we change this policy materially we'll surface a notice in the product and update the date at the top of this page. Continuing to use the product after a change means you accept it.

10. Contact

Privacy questions or data requests: privacy@getpeter.app (replace with real email before launch).

See also: Terms of service.