Privacy Policy

• Your email and password (hashed) so you can log in.
• Your base resume text and uploaded filename.
• Job postings you save and any resumes/cover letters we tailor for them.
• Application status updates (saved, applied, interviewing, etc.).

Only you. We use Postgres Row-Level Security, which means even our own database queries can't return another user's rows. Engineers debugging the platform never see resume contents.

When you tailor a resume or generate a cover letter, we send your base resume and the job description to one of two AI model providers, routed through the Lovable AI Gateway:

• OpenAI, L.L.C. — when GPT models are used. API data usage policy: inputs sent via the API are NOT used to train OpenAI models and are retained only for limited abuse-monitoring purposes (30 days max for most endpoints).
• Google LLC (Google Gemini API) — when Gemini models are used. Gemini API terms: paid-tier API inputs are NOT used to train Google models or shared with other customers.

Neither provider trains on, retains long-term, or shares the resume content you send through the Service.

Want extra protection? Toggle PII anonymization in Settings. We scrub your name, email, phone, address, and social links to placeholders before sending to the AI, then re-insert your real contact info in the final document.

• We never sell your data to anyone, ever.
• We never train AI models on your resume.
• We never share your resume with employers, recruiters, or third parties.
• We don't run ads or use third-party trackers on logged-in pages.

Go to Settings → Danger zone and hit "Delete all my data". One click wipes every job, resume, cover letter, and your base resume text from our database. No support ticket, no waiting period.

If you live in California, you have the right to know what personal information we collect (listed above), the right to delete it, the right to correct it, and the right not to be discriminated against for exercising those rights. We do NOT sell or share personal information for cross-context behavioral advertising.

How to submit a deletion request:

• In-app: Settings → Danger zone → Delete all my data. Processed instantly.
• Email: privacy@landthis.one with subject line "CCPA deletion request" and the email address on your account. We verify identity via that email and respond within 45 days as required by the CCPA.

You may also use an authorized agent to submit requests on your behalf, with written permission attached.

• All traffic is encrypted in transit (TLS 1.3).
• Data is encrypted at rest in our managed Postgres.
• Auth runs on industry-standard JWT sessions.
• Found a vulnerability? Email security@landthis.one and we'll respond within 48 hours.