← Back to home

Privacy Policy

Last updated: April 13, 2026

Data Controller

Name: César García Rivera
ID: 02580748X
Address: Calle Padre Arrupe 27, 28055, Madrid, España
Email: legal@usecoventry.com
Website: usecoventry.com

What data do we collect?

When using CoVentry we process the following personal data:

  • Registration data: email address and password (stored encrypted by Supabase), or Google authentication data if you choose that method
  • CV and profile data: file name, extracted CV text, stated career objective, full analysis results (strengths, gaps, suggested roles, roadmap, etc.) and date of each analysis
  • LinkedIn data: if you use the LinkedIn analysis, the text extracted from the exported profile PDF and the analysis results
  • Interview data: job posting URL entered, generated questions, your answers (if submitted for evaluation) and scores
  • Payment data: if you subscribe to Premium, Stripe manages your card details; we store only the Stripe customer ID, subscription status and plan type, but never your banking data
  • Consent data: date and time of acceptance of these terms and the cookie policy, browser user agent and IP address (hashed)
  • Technical data: IP address, access date and time, technical errors for incident resolution

How do we use your data?

  • Provide you with the CV, LinkedIn and interview simulation service
  • Manage your account, authentication and free plan usage controls
  • Process your payments if you subscribe to Premium and manage the subscription
  • Keep a record of your express consent to terms, privacy and cookies
  • Improve the service through aggregated, anonymous usage analysis
  • Respond to support requests or rights exercised
  • Send you service-related communications (terms changes, incidents) and, with your express consent, commercial communications

Legal basis for processing

  • Contract performance (Art. 6.1.b GDPR): to provide the requested service and manage the Premium subscription
  • Consent (Art. 6.1.a GDPR): for non-essential cookies, sending commercial communications and recording acceptance of terms
  • Legitimate interest (Art. 6.1.f GDPR): for service improvement, security and fraud prevention
  • Legal obligation (Art. 6.1.c GDPR): for maintaining consent records and tax obligations

How long do we keep your data?

  • Account, CV and analysis data: for as long as you keep your account active
  • Payment and billing data: 6 years from invoice date (Spanish tax obligation)
  • Consent records: minimum 3 years, up to 6 if needed to demonstrate GDPR compliance
  • Technical data and access logs: maximum 12 months
  • If you delete your account, your analysis, CV and LinkedIn data will be deleted within 30 days, except data that must be retained by legal obligation (billing, consents)

Who do we share your data with?

Your data is processed by the following providers (data processors), all with adequate protection guarantees:

  • Supabase Inc. (US, EU servers) — database, authentication and storage. Transfer covered by Standard Contractual Clauses
  • Anthropic PBC (US) — AI-powered analysis (Claude model). Anthropic does not use API-submitted data to train its models. Transfer covered by Standard Contractual Clauses
  • Stripe Payments Europe Ltd. (Ireland) — payment processing and subscription management
  • Vercel Inc. (US) — web hosting. Transfer covered by Standard Contractual Clauses
  • Resend (US) — transactional emails (account confirmation, password recovery)
  • ImprovMX (US) — incoming mail forwarding to legal@usecoventry.com
  • Google LLC (US) — only if you choose to authenticate with Google

We do not sell or transfer your personal data to third parties for commercial purposes. We may disclose data when legally required (judicial, administrative or tax requirements).

International transfers

Some of the providers mentioned are located outside the European Economic Area. These transfers are covered by Standard Contractual Clauses approved by the European Commission (Decision 2021/914) and, where applicable, specific adequacy decisions.

Cookies and similar technologies

We use cookies and similar technologies such as localStorage for the service to function, to remember your preferences and, with prior consent, for analytics or marketing. You have detailed information and granular control in our Cookie Policy.

Security

We apply reasonable technical and organisational measures to protect your data: encryption in transit (TLS 1.2+), encryption at rest at the database level, token-based authentication, Row Level Security isolation in Supabase, role-based access control and anomalous event monitoring. No system is 100% secure, but we strive to follow industry best practices.

Automated decisions

CV, LinkedIn and interview analyses are produced by an artificial intelligence system without human intervention in the generation process. These decisions are advisory and do not produce legal effects on you. You have the right to request human intervention, express your point of view and challenge the results by contacting legal@usecoventry.com.

Your rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectification of inaccurate data
  • Erasure (right to be forgotten) when no longer necessary
  • Restriction of processing in certain cases
  • Portability of your data in a structured format
  • Objection to processing based on legitimate interest
  • Withdraw consent at any time, without affecting the lawfulness of prior processing
  • Not to be subject to automated decisions with significant legal effects

To exercise any right, write to us at legal@usecoventry.com with the subject "GDPR Rights" and a copy of an identity document. We will respond within one month.

If you believe we have not handled your request appropriately, you can file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

Minors

The service is not directed at persons under 18 years of age. We do not knowingly collect data from minors. If we detect an account created by a minor without authorisation, we will proceed to delete it.

Changes to this policy

We may update this policy to reflect changes in the service or legislation. If the changes affect the purposes or categories of data, we will notify you by email and, if necessary, request new consent.