hrvstr
Legal

Data Policy

Last updated: January 20, 2026

This Data Policy provides specific details about how hrvstr collects, processes, stores, and protects your data. It supplements our Privacy Policy.

Your Data is Yours

You own your resume, job data, and generated documents. You can export or delete them at any time.

Encrypted & Secure

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We follow industry security best practices.

Never Sold

We never sell your personal data to third parties. Your information is only used to provide our services.

US-Based Hosting

Data is stored on secure servers in the United States with SOC 2 compliant providers.

What Data We Collect

Resume and Profile Data

Data TypePurposeRetention
Resume file (PDF/DOCX)Source for tailored documentsUntil you delete
Parsed resume contentAI processing for document generationUntil you delete
Contact informationInclude in generated documentsUntil you delete
Work historyResume tailoring and fit analysisUntil you delete
EducationResume tailoringUntil you delete
SkillsKeyword matching and fit analysisUntil you delete

Job Tracking Data

Data TypePurposeRetention
Job descriptionsDocument generation and fit analysisUntil you delete
Company namesApplication trackingUntil you delete
Job URLsReference and link backUntil you delete
Application statusPipeline trackingUntil you delete
Notes and contactsYour personal trackingUntil you delete
Interview answersInterview preparationUntil you delete

Account and Technical Data

Data TypePurposeRetention
Email addressAccount identification, communicationsUntil account deletion
Authentication tokensSecure loginSession-based
Subscription statusFeature access controlUntil account deletion
Payment historyBilling and refunds7 years (legal requirement)
Usage logsService improvement, debugging90 days
IP addressesSecurity, fraud prevention90 days

How Data is Processed

AI Document Generation

When you generate a tailored resume or cover letter:

  1. Your parsed resume data and the job description are sent to our AI provider (Anthropic)
  2. The AI processes this data and generates optimized content
  3. Generated content is returned and stored in your account
  4. AI providers do not retain your data after processing

Fit Analysis

When you request a fit analysis:

  1. Your resume data is compared against the job description
  2. AI identifies matching skills and potential gaps
  3. A match score and analysis is generated and stored

Job Scraping

When you save a job via URL or extension:

  1. We fetch the publicly available job posting content
  2. AI extracts structured data (title, company, description)
  3. Extracted data is stored in your job tracker

Data Storage and Security

Infrastructure

  • Application Hosting: Vercel (US regions)
  • Database: Neon PostgreSQL (US East)
  • File Storage: Encrypted blob storage
  • Authentication: Clerk (industry-standard security)
  • Payments: Stripe (PCI DSS compliant)

Security Measures

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Role-based access controls for employees
  • Multi-factor authentication for internal systems
  • Automated vulnerability scanning
  • DDoS protection and rate limiting

Your Data Rights

Export Your Data

Download all your data including resume, jobs, and generated documents from Settings.

Delete Your Data

Delete individual items or your entire account. Deletion is permanent and cannot be undone.

How to Exercise Your Rights

  • Export data: Go to Settings → Export Data
  • Delete specific items: Use delete buttons in the app
  • Delete account: Go to Settings → Delete Account
  • Data access request: Email privacy@hrvstr.net

Data Breach Response

In the unlikely event of a data breach affecting your personal information:

  • We will notify affected users within 72 hours of discovery
  • We will provide details about what data was affected
  • We will outline steps we're taking to address the breach
  • We will offer guidance on steps you can take to protect yourself

Report Security Issues

If you discover a security vulnerability, please report it responsibly to security@hrvstr.net. We appreciate your help keeping hrvstr secure.

Third-Party Data Processors

We work with trusted third-party services to operate hrvstr. Each is contractually bound to protect your data:

ProviderPurposeData Processed
AnthropicAI content generationResume content, job descriptions
ClerkAuthenticationEmail, authentication tokens
StripePayment processingPayment method, billing address
VercelApplication hostingApplication requests
NeonDatabase hostingAll user data (encrypted)

Changes to This Policy

We may update this Data Policy as our practices evolve. Material changes will be communicated via email and/or prominent notice on our website. The "Last updated" date indicates when the policy was last revised.

Contact Us

For questions about this Data Policy or to exercise your data rights: