Privacy Policy

Arcana ("we", "us", "our") operates the arcana.cv website and CV generation service. We are committed to protecting your personal data and being transparent about what we collect.

When you use Arcana, we collect:

• Account information: Email address, name (from your authentication provider)
• Profile data: Phone number, location, LinkedIn URL, website, professional summary, skills
• Career history: Work experience, education, job titles, organizations, descriptions, dates
• Job postings: Job advertisement text or URLs you provide for CV targeting
• Generated content: CVs, cover letters, and interview session transcripts we create for you
• Usage data: Pages visited, features used, session recordings (see Analytics section)
• Technical data: Browser type, device information, IP address

We use your personal data to:

• Provide and improve the CV generation service
• Generate tailored CVs and cover letters based on your profile and job postings
• Conduct practice interviews and gap analysis
• Match your profile with relevant job opportunities in your area (using your location data)
• Process payments and manage subscriptions
• Send service-related communications
• Analyze usage patterns to improve our service (only after you sign in)
• Improve and train our AI models using anonymized data to provide better recommendations and document generation
• Prevent fraud and ensure security

Legal basis (GDPR): Contract performance (providing the service you signed up for), legitimate interests (improving our service, AI model improvement, job matching), and consent (analytics after sign-in).

We share data with the following service providers:

Authentication: Clerk

Handles user authentication and session management. Receives your email and name.

Privacy: clerk.com/legal/privacy

AI Processing: Anthropic (Claude)

Powers CV generation, gap analysis, and interviews. Receives your profile data, career history, and job posting content to generate personalized documents.

Privacy: anthropic.com/privacy

Payments: LemonSqueezy

Processes subscription payments. Receives your payment details (we do not store card numbers).

Privacy: lemonsqueezy.com/privacy

Analytics: PostHog

Tracks usage patterns and records sessions to help us improve the product. Analytics are only activated after you sign in - we do not track anonymous visitors. Data is stored in the EU. Session recordings capture your interactions but mask sensitive inputs like passwords.

Privacy: posthog.com/privacy

Logging: Axiom

Application monitoring and error tracking. Receives technical logs which may include anonymized usage data.

Privacy: axiom.co/privacy

URL Extraction: BrightData

When you provide a job posting URL, this service fetches the page content on your behalf.

Privacy: brightdata.com/privacy-policy

We use minimal cookies:

• Session cookies (Clerk): Required for authentication. These are essential cookies that enable you to stay signed in.
• Analytics cookies (PostHog): Only set after you sign in. Track usage patterns and enable session recording to help us improve the service.

We also use browser localStorage to temporarily store checkout preferences during payment flows.

Anonymous visitors to our landing page do not receive any tracking cookies.

We retain your data for as long as you have an active account. If you delete your account:

• Profile data, career history, and generated documents are deleted within 30 days
• Anonymized usage analytics may be retained for product improvement
• Payment records are retained as required by law (typically 7 years)

If you are in the EU/EEA, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw consent: For analytics, you can withdraw consent at any time

To exercise these rights, contact us at privacy@arcana.cv

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (HTTPS) and at rest
• Secure authentication via Clerk
• Regular security reviews
• Access controls and audit logging

Your data may be processed in the United States by our service providers. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable.

We may update this policy from time to time. We will notify you of significant changes via email or through the service.

For privacy-related questions or to exercise your rights:

Email: privacy@arcana.cv