Privacy Policy

This Privacy Policy (“Policy”) describes how Revectro (“we,” “us,” or “our”) collects, uses, stores, and discloses information in connection with the operation of revectro.com and any related services (collectively, the “Service”). By accessing or using the Service, you (“User,” “you”) consent to the practices described in this Policy. If you do not agree, do not use the Service.

This Policy should be read in conjunction with our Terms of Service.

2.1 Account information.When a User creates an account, we collect the User's email address, an optional display name, and a cryptographic hash of the User's chosen password. We do not store passwords in plain text and cannot recover them.

2.2 User content. When a User uses the Service, we store the content the User creates or uploads, including but not limited to: job application records, contact records, notes, email messages saved by the User, uploaded résumés (including original file contents), and artifacts produced by the AI features such as analyses, revisions, and recommendations.

2.3 Operational logs. We maintain a per-User log of invocations of each AI-powered feature for the purposes of enforcing usage limits, detecting abuse, and operational diagnostics.

2.4 Information we do not collect. The Service does not collect advertising identifiers, third-party analytics, location data, device fingerprints, or any behavioral telemetry beyond what is strictly required to operate the Service.

3.1 Storage.All persistent information described in Section 2 is stored in a managed PostgreSQL database operated by Neon Inc. (“Neon”) in the AWS US-East-1 region (Virginia, United States). Neon encrypts data at rest and maintains SOC 2 Type 2 certification.

3.2 Application runtime.The Service's application code is hosted by Vercel Inc. (“Vercel”). During the lifecycle of an individual request, Vercel's runtime reads, processes, and returns information on behalf of the User. Vercel does not retain a copy of the information outside of the request lifecycle.

3.3 AI processing.The Service uses third-party large language model services provided by Anthropic, PBC (“Anthropic”) for analytical and generative features. When a User invokes such a feature, the relevant content is transmitted to Anthropic's API for processing. Per Anthropic's current data policy, API inputs are not used to train Anthropic's models and are retained for up to thirty (30) days for trust and safety purposes, after which they are deleted. We do not control Anthropic's retention practices.

3.4 Captcha and DNS.We use services provided by Cloudflare, Inc. (“Cloudflare”), specifically the Turnstile bot-prevention service on authentication pages and DNS services for revectro.com. Cloudflare processes connection metadata and captcha challenge tokens in the ordinary course of providing these services.

3.5 Transactional email.When the Service sends transactional emails (e.g., account verification, password reset), delivery is performed by Resend, Inc. (“Resend”). Such emails contain only the information necessary to complete the relevant action.

3.6 Source code.The Service's source code is hosted on GitHub (GitHub, Inc., a subsidiary of Microsoft Corporation). The source code does not contain User information.

3.7 No additional disclosures. We do not sell, rent, lease, license, or otherwise transfer User information to any third party except as described in this Section 3 or where required by law.

4.1 We employ commercially reasonable technical and organizational measures to protect User information, including: bcrypt password hashing with a cost factor of 12; TLS encryption of all traffic between Users, the Service, the database, and third-party processors; per-User authorization checks at the database query layer to prevent cross-account data access; HttpOnly and Secure session cookies; and storage of credentials and secrets in environment configuration rather than in source code.

4.2 No method of transmission or storage is one hundred percent secure. While we strive to protect User information, we cannot guarantee its absolute security.

5.1 We retain information for as long as the User maintains an active account. Upon a User's request to close their account, we will delete the User's account and all associated content from the Service's primary database within fourteen (14) days. Cascading deletion removes all derived records.

5.2 Backups of the database may persist for additional time as part of routine operational practice. We do not access backup data except to restore from operational failure.

5.3 We have no control over information retained by Anthropic, Cloudflare, Resend, Vercel, GitHub, or Neon under their respective policies. We direct Users to the published policies of those processors for further detail.

6.1 A User may at any time: (a) review the information associated with their account by signing in; (b) edit or correct information through the Service's interface; (c) export materials they have created (e.g., revised résumés); (d) request export or deletion of their account by contacting us at the address in Section 12.

6.2 Where applicable law grants Users additional rights with respect to their personal information, we will honor such rights to the extent required by law upon Users' written request.

The Service is not directed to children under the age of thirteen (13). We do not knowingly collect information from children under thirteen. If we learn that we have inadvertently collected such information, we will delete it promptly.

The Service uses only the cookies strictly necessary to operate the authentication system: a session-token cookie set upon sign-in and cleared upon sign-out, and a CSRF-protection cookie. The Service does not use cookies for advertising, tracking, or analytics.

The Service is operated from the United States. By using the Service, Users located outside the United States acknowledge and agree to the transfer of their information to, and processing within, the United States.

We may modify this Policy at any time at our sole discretion. We will indicate revisions by updating the “Effective date” at the top. For material changes, we will provide reasonable notice to signed-in Users prior to the changes taking effect. Continued use of the Service after such notice constitutes acceptance of the revised Policy.

The Service is provided on an “AS IS” and “AS AVAILABLE” basis. We make no representations or warranties with respect to the Service or the information processed thereby, except as expressly stated in this Policy.

For questions about this Policy or requests under Section 6, contact: privacy@revectro.com

This document, together with the Terms of Service, constitutes the entire understanding between Users and Revectro with respect to the collection and use of information by the Service. Where any provision of this Policy is found unenforceable, the remaining provisions remain in full force.