TAILOR./ Privacy Policy

Privacy Policy

Last updated: 6 June 2026

The short version

  • Privacy by design. We collect only what’s needed to run the service.
  • We utilise AI technology and associated providers to process your CV and job description to generate your results, and nowhere else.
  • Your account email and saved sessions are stored with our database host (Supabase, EU region).
  • Subscription billing is handled by Stripe. We never see your card details.
  • You can download or delete everything we hold about you at any time, in two clicks, from your Account page.
  • We do not sell your data, share it for advertising or use it to train AI models.

1. Who we are

TAILOR is an AI-powered job application optimisation tool operated by EMJ Digital Solutions, a sole trader based in the United Kingdom. From a single job advert and your CV, the service produces a tailored CV, alignment report, cover letter, interview brief, company research and 30/60/90-day plan. References to “we”, “us” and “our” in this policy refer to that operator. Our service address is 61 Bridge Street, Kington, HR5 3DJ, United Kingdom. For privacy enquiries, contact us at privacy@tailor-get-noticed.com.

2. What data we collect and why

CV and job description text

When you paste or upload a CV and job description, this text is transmitted to our AI processing service to generate your tailored CV, alignment report, cover letter, interview brief, company research and 30/60/90-day plan. This is the core function of the service.

Legal basis: Performance of contract. Processing is necessary to deliver the service you have requested.

Voice input

The CV Builder lets you dictate your answers instead of typing them. If you choose to do this, your web browser converts your speech to text using its own built-in speech recognition. Depending on which browser you use, this may involve sending the audio to the browser’s provider (for example, Google, if you use Chrome) to carry out the conversion.

What TAILOR receives: only the resulting text, never the audio recording. This speech-to-text step is performed by your browser and is outside our control. You can type your answers instead at any time.

Account email

We store your email address so you can sign in via a passwordless one-time code. We do not store passwords. Your email is the only personal identifier we associate with your account.

Legal basis: Performance of contract.

Subscription and usage state

If you subscribe to a paid plan, we store your plan tier, current billing period dates, the number of analyses you’ve used in the current period and the customer / subscription identifiers issued by Stripe. We use these to grant access, enforce per-period caps and show you what you’ve used.

What we do not store: card numbers, CVCs or any other payment instrument data. Stripe handles all of that directly. See Section 3.

Legal basis: Performance of contract; legal obligation (tax / accounting records).

Saved sessions

When you save an analysis session, the full result (CV, alignment report, cover letter, interview brief, etc., including the source CV and job description text) is stored in our database, linked to your account. You can list, re-run or delete saved sessions at any time from inside the app, or remove them all at once by deleting your account.

Legal basis: Consent. You actively choose to save a session.

Referral relationships

If you sign up using a referral code, we record the link between you and the referrer (account IDs, status, timestamps) so we can apply the referral discount and credit. We do not store the referrer’s email or other personal information against your account.

Legal basis: Performance of contract.

Free-tier abuse signals

For unauthenticated free-tier usage, we may store a short-lived browser fingerprint and IP address to enforce reasonable per-device usage limits and detect abuse. It is rolled over regularly and used only for rate-limiting and abuse prevention.

Legal basis: Legitimate interest. Preventing abuse of a free service.

Engagement signals (how the product is used)

We record how TAILOR is used so we can see what’s working and fix what isn’t: the pages you visit, time spent per tab, the referring site, an approximate country from your IP address, your browser’s User-Agent string (e.g. “Chrome on Mac”), and steps through our product funnel (for example, reaching the subscribe screen). For visitors who aren’t signed in, this is tied to a first-party anonymous identifier (the tailor_anon_id cookie), not your name. If you later create an account, activity recorded before sign-up, including from an extension install identifier, may be associated with your account so your history stays consistent. This is all first-party: it lives in our own database and is never sold or shared with advertisers.

Legal basis: Legitimate interest. Running, supporting and securing the service.

Ratings and feedback

If you submit a rating or comment about your CV, analysis or Health Check, we store the rating (1–5 stars), your comment text and (if you opt in) a display name and city. Ratings appear on the public TAILOR site only when you have explicitly opted in AND after a manual moderation check. You can withdraw consent for public display at any time by emailing privacy@tailor-get-noticed.com.

Legal basis: Consent for public display; legitimate interest for private storage (product improvement).

Lifecycle emails

Beyond the sign-in code, account-deletion confirmation and referral notifications listed in Section 3, you may also receive: (a) a welcome email after you first sign in, (b) up to two reminders if you haven’t used your welcome gift, (c) a one-time review-request email after you’ve built a CV or run an analysis (in two parts for the analyse flow), and (d) a one-time 30-day inactivity check-in offering a free session.

Every non-transactional email carries a one-click unsubscribe link in the footer. Once you unsubscribe, no further lifecycle email fires for your account. Transactional email (sign-in codes, account deletion confirmation, payment receipts) is required for the service and continues regardless.

We do not send pure marketing email and we never share your address with third-party advertisers.

Legal basis: Legitimate interest (soft opt-in, per UK PECR); easy opt-out maintained at all times.

What we do not collect

  • No passwords (passwordless email auth only)
  • No card numbers or other payment instrument data. Stripe handles all of that
  • No third-party analytics scripts, advertising pixels or ad identifiers
  • No cross-site tracking, and we never sell or share your data with advertisers
  • No use of your data to train AI models

3. Who we share your data with

We use a small number of third-party processors to run the service. We do not share your data with anyone else.

Anthropic, PBC

Provider of the Claude AI model used to process your CV and job description text.

Privacy policy

OpenAI, LLC

Alternative AI provider used when Anthropic is not configured. Only one provider processes any given request.

Privacy policy

Supabase Inc.

Hosts our authentication system and Postgres database. Your account email and saved sessions live here. We use the EU region (London / Frankfurt).

Privacy policy

Stripe Payments Europe Ltd.

Processes all subscription payments and the cancel / change-plan flow. Stripe receives your email and card details directly. These never touch our servers.

Privacy policy

Resend (Resend.com, Inc.)

Sends transactional email on our behalf: your sign-in code, account-deletion confirmations and referral-reward notifications. Receives the recipient email address and message contents.

Privacy policy

Vercel Inc.

Hosts the TAILOR application servers (UK region, London). Sees inbound HTTP requests as part of normal operation, including IP addresses for the duration of standard server logs (see Section 4).

Privacy policy

All providers above are bound by their own privacy policies and data processing agreements. Under the API terms applicable to this service, neither Anthropic nor OpenAI use your CV or job description text to train their models.

4. How long we retain your data

Account & profile: Retained until you delete your account from the Account page. On deletion, your profile, all saved sessions and any referral records are removed within minutes.

Saved sessions: Retained until you delete them individually from inside the app, or until you delete your account. We do not apply automatic expiry to paid users’ sessions.

Analysis results that aren’t saved: Not stored. The text is sent to the AI provider for processing and is not written to disk by TAILOR.

Subscription & payment records (with Stripe): Retained per Stripe’s own retention policy and for as long as required for UK tax and accounting law (typically up to 7 years for invoices and transaction records). Deleting your TAILOR account cancels any active subscription and removes the link from your profile, but Stripe’s underlying transaction records remain with Stripe.

Free-tier abuse signals: Rolling retention, kept no longer than 90 days.

Server access logs: Standard web server logs (including IP addresses) retained for up to 30 days for security and diagnostic purposes, then deleted automatically.

5. Your rights

Under UK GDPR, you have the following rights regarding your personal data. The most common ones can be exercised yourself, immediately, from the Account page:

Right of access / portability

Click “Download my data” on the Account page to get a JSON copy of everything we hold about you.

Right to erasure

Click “Delete my account” on the Account page. Cancels your subscription, removes your profile, sessions and referrals.

Right to rectification

Email us if any data we hold is inaccurate.

Right to object

Object to processing where we rely on legitimate interest (e.g. abuse signals).

Right to restrict

Ask us to pause processing of your data in certain circumstances.

Right to lodge a complaint

If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner’s Office (ico.org.uk).

For any rights request you can’t self-serve from the Account page, contact us at privacy@tailor-get-noticed.com. We will respond within 30 days.

6. Cookies and tracking

TAILOR uses a small set of first-party cookies, and no third-party analytics or advertising cookies:

  • ·Essential session cookies set by Supabase Auth, used to keep you signed in. Strictly necessary; not used for tracking and they expire automatically.
  • ·tailor_anon_id (first-party, about a year), a random identifier so we can count unique visitors, understand how the site is used and enforce fair free-tier limits. It is not your name and is never shared.
  • ·tailor_ref (first-party, 30 days), set only if you arrive via a referral link, so we can credit the person who referred you.
  • ·tailor_pilot (first-party, up to 90 days), set only if you arrive via a pilot-programme link, to grant the access you were invited to.
  • ·tailor_install_id (first-party, about a year), present only if you use our Chrome extension, a random identifier that links your extension install to your account so your history and entitlements stay consistent across the extension and the site.
  • ·Stripe may set cookies on its own checkout pages (which load on stripe.com, not on our site). See Stripe’s privacy policy for details.

These non-essential cookies are first-party and used only to run, measure and protect TAILOR, never for advertising and never shared. We use no third-party analytics scripts, advertising pixels or cross-site tracking.

7. Data security

We use HTTPS for all traffic in transit. Your account is protected by passwordless email-based authentication. We do not store passwords. Payment information is processed by Stripe and never reaches our servers. Saved sessions are stored in a managed Postgres database with Row Level Security policies that prevent any user from reading another user’s data. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Children's privacy

TAILOR is intended for use by adults in a professional context. We do not knowingly collect data from anyone under the age of 16. If you believe a minor has submitted data through this service, please contact us and we will delete it promptly.

9. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of this page will reflect any changes. For material changes, we will additionally notify signed-in users by email. Continued use of the service after a change constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions or requests, please contact us at:

EMJ Digital Solutions

61 Bridge Street, Kington, HR5 3DJ, United Kingdom

privacy@tailor-get-noticed.com

Last updated 6 June 2026