Your resume is yours.

Account data. When you sign up we collect your email address and a securely hashed password (or a Google OAuth identifier if you sign in with Google).

Resume content. Resumes you upload, paste, or build inside Carevra, including any personal details you choose to include (name, contact info, work history, education).

Job descriptions. Job postings you paste or import for tailoring, ATS analysis, interview prep, and match scoring.

Generated outputs. Tailored resumes, ATS scores, interview answers, LinkedIn rewrites, and other AI-generated artifacts produced for your account.

Billing data. Subscription status and plan. Card details are handled exclusively by Stripe — we never see or store your full card number.

Operational logs. Minimal IP and request metadata for security, abuse prevention, and rate limiting. No third-party advertising or cross-site tracking pixels.

We use your data solely to operate Carevra: to authenticate you, tailor and analyze your resumes against job descriptions, generate interview prep and LinkedIn rewrites, track your applications, process payments, and provide customer support.

Resumes and job descriptions are sent to our AI inference providers strictly to generate your result. Providers are contractually bound under zero-retention enterprise terms to not store, log, or train on your inputs.

ATS scoring, keyword extraction, and rewrites run via large language model providers (currently Google Gemini and OpenAI). Inputs are transmitted over encrypted connections and discarded by the provider after the response is returned. We do not fine-tune or train any model on your content.

We use your email for account verification, password recovery, billing receipts, security alerts, and essential product notifications. Marketing emails are opt-in and you can unsubscribe from any non-essential message at any time.

Data is stored on encrypted Postgres infrastructure with row-level security so that every read and write is scoped to your authenticated user. We use TLS 1.3 in transit, AES-256 at rest, principle-of-least-privilege access controls, and audit logging on admin actions.

No system is perfectly secure. We continuously patch dependencies and run periodic internal security reviews. If we ever discover a breach affecting your data, we will notify you without undue delay.

We use a small number of trusted subprocessors to run the product:

• Stripe — subscription billing and payments.
• Google & OpenAI — AI inference under zero-retention terms.
• Supabase — managed Postgres database, authentication, and file storage.
• Google OAuth — optional sign-in.

You can delete any saved resume, tailored job, or application from your account at any time. To request full account deletion or a copy of your data, email support@carevra.com from the address on file. We process deletion requests within 7 days and purge backups within 30 days.

Users in the EU/UK have rights under GDPR including access, rectification, erasure, restriction, portability, and objection. Users in California have rights under CCPA including the right to know, delete, and opt out of the sale of personal information (Carevra does not sell personal information).

We use a single first-party session cookie to keep you signed in. No third-party analytics, advertising, or cross-site tracking cookies.

Carevra is not intended for users under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we'll delete it.

We'll post material changes here and, where appropriate, notify you by email. Continued use of Carevra after an update constitutes acceptance of the revised policy.

Questions about your data? support@carevra.com