CareerCraftAI

Privacy Policy

Last updated: April 2026

1. Who We Are

CareerCraftAI ("we", "us", "our") operates the website at careercraftai.co.uk. We provide AI-powered CV generation, cover letter writing, and CV improvement tools to help UK job seekers. If you have any questions about this policy, contact us at [email protected].

2. Information We Collect

We collect the following types of information when you use our service:

  • Account information: Your name and email address when you sign in via OAuth.
  • Content you provide: Job titles, work experience, skills, and CV text that you enter into our tools. This content is used solely to generate your documents.
  • Usage data: Pages visited, features used, and generation counts — used to improve the service.
  • Payment information: If you subscribe to Pro, payment is processed by Stripe. We do not store your card details.
  • Cookies and tracking: We use cookies for session management, analytics (Google Analytics), and advertising (Google AdSense). See our Cookie Policy for details.

3. How We Use Your Information

We use the information we collect to:

  • Provide and improve the CareerCraftAI service
  • Generate AI-powered CV and cover letter documents on your behalf
  • Process subscription payments via Stripe
  • Send service-related communications (e.g. billing receipts)
  • Analyse usage patterns to improve the product
  • Display relevant advertisements to free-tier users via Google AdSense

4. Legal Basis for Processing (GDPR)

For users in the UK and European Economic Area, we process your personal data under the following legal bases: contract performance (to provide the service you signed up for), legitimate interests (to improve the service and prevent fraud), and consent (for non-essential cookies and advertising). You may withdraw consent at any time.

5. Data Sharing

We do not sell your personal data. We share data only with trusted third-party service providers necessary to operate the service:

  • Stripe — payment processing
  • Google Analytics — website analytics
  • Google AdSense / Ad Manager — advertising (free-tier users only)
  • Manus — hosting and infrastructure provider

6. Data Retention

We retain your account data and generated documents for as long as your account is active. If you delete your account, your data is removed within 30 days. Payment records are retained for 7 years as required by UK tax law.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict processing of your data
  • Data portability — receive your data in a machine-readable format
  • Lodge a complaint with the ICO at ico.org.uk

To exercise any of these rights, email us at [email protected].

8. Cookies

We use essential cookies for authentication and session management, analytics cookies via Google Analytics, and advertising cookies via Google AdSense. You can manage your cookie preferences at any time. See our full Cookie Policy.

9. Security

We implement industry-standard security measures including HTTPS encryption, secure session management, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the website. Continued use of the service after changes constitutes acceptance of the updated policy.