autobiographerAll Legal Docs

Privacy Policy

Effective Date: January 1, 2025 · Last Updated: January 1, 2025

This Privacy Policy describes how Autobiographer ("we," "us," or "our"), a product of trivialpursuits.dev, collects, uses, and shares information about you when you use our website at autobiographer.io and related services (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

Account Information: When you create an account, we collect your name, email address, and authentication credentials (via Google OAuth or email magic link).

Resume Data: When you upload a resume, we parse and store the contents including your work history, education, skills, and contact information.

Job Descriptions: Job descriptions you paste into the Service for analysis.

Generated Content: Taglines, summaries, cover letters, interview prep materials, and other content we generate for you.

Custom Instructions: Preferences and instructions you save for content generation.

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

Usage Data: Information about how you interact with the Service, including features used, content generated, and credits consumed.

Device Information: Browser type, operating system, and device identifiers.

Log Data: IP address, access times, pages viewed, and referring URLs.

Session Recordings: We use PostHog to record session replays for debugging and improving the user experience. These recordings capture your interactions with the interface but do not capture passwords.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Generate personalized career content using AI (powered by Anthropic's Claude)
  • Send technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent or unauthorized activity
  • Debug and fix issues with the Service

3. AI Processing

The Service uses Anthropic's Claude AI to analyze job descriptions, parse resumes, and generate career content. When you use these features:

  • Your resume data and job descriptions are sent to Anthropic's API for processing
  • Anthropic processes this data according to their privacy policy and data processing terms
  • We do not use your data to train AI models
  • Generated content is stored in your account for your continued access

4. Information Sharing

We do not sell your personal information. We may share information as follows:

Service Providers: We share information with vendors who help us operate the Service, including Supabase (database hosting), Anthropic (AI processing), PostHog (analytics), Resend (email delivery), and Fly.io (application hosting).

Legal Requirements: We may disclose information if required by law or if we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or legitimate business purposes.

Anonymous session data (for users without accounts) is automatically deleted after 7 days.

6. Your Rights and Choices

Access and Update: You can access and update your account information through the Settings page.

Delete: You can delete your account and associated data by contacting us at privacy@autobiographer.io.

Export: You can export your generated content as PDF files.

Cookies: You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

7. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

7.1 Your Rights

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it.

Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.

Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.

Right to Opt-Out of Sale/Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

Right to Limit Use of Sensitive Information: You have the right to limit our use of sensitive personal information. We only use sensitive personal information (such as account credentials) as necessary to provide the Service.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

7.2 Categories of Information

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers (name, email address, IP address)
  • Professional or employment-related information (resume data, work history)
  • Internet or network activity (usage data, session recordings)
  • Inferences drawn from the above (AI-generated career content)

7.3 Do Not Sell or Share My Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes. Our sharing of information with service providers (as described in Section 4) is not a "sale" or "sharing" under the CCPA.

7.4 How to Exercise Your Rights

To exercise your California privacy rights, contact us at privacy@autobiographer.io with the subject line "CCPA Request." We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

8. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and similar laws:

8.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance: Processing necessary to provide the Service you requested, including account creation, resume storage, and content generation.

Legitimate Interests: Processing for our legitimate business interests, including improving the Service, analytics, fraud prevention, and debugging, where these interests are not overridden by your rights.

Consent: Where required, we obtain your consent for specific processing activities, such as marketing communications. You may withdraw consent at any time.

Legal Obligation: Processing necessary to comply with our legal obligations.

8.2 Your Rights

Right of Access: You have the right to obtain confirmation of whether we process your personal data and to request a copy of that data.

Right to Rectification: You have the right to request correction of inaccurate personal data.

Right to Erasure: You have the right to request deletion of your personal data in certain circumstances ("right to be forgotten").

Right to Restriction: You have the right to request that we restrict processing of your personal data in certain circumstances.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object: You have the right to object to processing based on legitimate interests, including profiling. You also have the right to object to processing for direct marketing purposes.

Rights Related to Automated Decision-Making: Our AI-generated content is a tool to assist you, not an automated decision with legal or similarly significant effects. You always have the ability to review, edit, or discard generated content.

8.3 International Data Transfers

Your personal data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to provide adequate protection for transfers of personal data outside the EEA. You may request a copy of these safeguards by contacting us.

8.4 Supervisory Authority

If you are in the EEA, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable law.

8.5 How to Exercise Your Rights

To exercise your GDPR rights, contact us at privacy@autobiographer.io with the subject line "GDPR Request." We will respond within one month, or inform you if we need additional time (up to two additional months for complex requests).

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service:

Essential Cookies: Required for authentication and core functionality. These cannot be disabled.

Analytics Cookies: Used by PostHog to understand how you use the Service and to record session replays for debugging. You can opt out of analytics by contacting us or using browser privacy settings.

We do not use advertising or cross-site tracking cookies. For users in the EEA, we obtain consent before setting non-essential cookies.

10. Security

We implement appropriate technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest, secure authentication via OAuth and magic links, and regular security reviews. However, no method of transmission or storage is 100% secure.

11. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on the Service and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us at:
Email: privacy@autobiographer.io
Website: https://autobiographer.io

For CCPA requests, include "CCPA Request" in the subject line.
For GDPR requests, include "GDPR Request" in the subject line.

Questions? Contact us at legal@autobiographer.io