polished.cv

Privacy Policy

Last updated: May 2, 2026

1. Introduction

polished.cv (“we”, “our”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at polished.cv (the “Service”).

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information you provide

  • Account data: Email address, name, and password (or magic link authentication) when you create an account.
  • Resume and document content: Resumes, statements of purpose, cover letters, and other documents you upload or paste for analysis.
  • Job descriptions: Job postings you paste for JD matching.
  • Payment information: Billing details processed securely through Stripe. We never store credit card numbers on our servers.
  • Contact form submissions: Name, email, and message content when you use our contact form.
  • Reviews: Name, role, rating, and comment when you submit a review.

2.2 Information collected automatically

  • Usage data: Pages visited, features used, timestamps, and interaction patterns.
  • Device information: Browser type, operating system, screen resolution.
  • Cookies: Essential cookies for authentication and session management. See Section 7.

3. How We Use Your Information

  • To provide AI-powered resume analysis, scoring, and rewriting services.
  • To match your resume against job descriptions and generate tailored recommendations.
  • To process payments and manage your subscription.
  • To send transactional emails (account verification, password reset, purchase confirmations).
  • To improve our AI models and service quality using anonymized, aggregated data.
  • To respond to your inquiries and provide customer support.
  • To detect and prevent fraud, abuse, and security threats.

4. How We Process Your Documents

Your resume and document content is sent to our AI processing engine for analysis. Here’s what you should know:

  • Documents are processed using secure, encrypted connections (TLS 1.2+).
  • Analysis results are stored in your account for your convenience.
  • We do not share your individual document content with third parties.
  • We do not use your individual documents to train AI models.
  • You can delete your documents and analysis history at any time.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Payment processors: Stripe processes your payment securely. See Stripe’s Privacy Policy.
  • AI service providers: Document content is sent to AI APIs for processing under strict data processing agreements.
  • Legal requirements: We may disclose information if required by law or to protect rights, safety, or property.

6. Data Security

  • All data is encrypted in transit (TLS) and at rest.
  • Passwords are hashed using bcrypt — we never store plaintext passwords.
  • Access to user data is restricted to authorized personnel only.
  • We conduct regular security reviews of our infrastructure.
  • Payment data is handled entirely by Stripe (PCI DSS compliant).

7. Cookies

We use the following types of cookies:

  • Essential cookies: Required for authentication, session management, and security. Cannot be disabled.
  • Functional cookies: Remember your preferences (theme, dismissed banners).
  • Analytics cookies: Help us understand how you use our service. Anonymous and aggregated.

8. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and all associated data.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to certain processing of your data.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are legally required to retain it.

10. Children’s Privacy

Our Service is not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

11. International Data Transfers

Your data may be processed in countries outside your country of residence. We ensure appropriate safeguards are in place for all international transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. The “Last updated” date at the top indicates the most recent revision.

13. Contact Us

If you have questions about this Privacy Policy, contact us at: