CoverSentry
Check
Write
Blog Jobseeker Data Terms Privacy

Table of Contents

Privacy Policy for CoverSentry

1. Introduction

CoverSentry ("we", "our", or "us") operates the website https://coversentry.com/ (the "Service").

This Privacy Policy outlines how we collect, use, and protect personal and non-personal information when you use our Service. We comply with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA), as well as similar privacy regulations.

If you have any questions regarding this policy, please contact us via email at info@coversentry.com.

Dutch Chamber of Commerce (kvk) number: 95387641

2. Information We Collect

2.1 Analysis Data

  • Analysis Data includes information contained within cover letters submitted for our AI detection service. This data is temporarily processed in-memory solely to provide our Service and is discarded immediately after analysis. We do not store cover letters or related details on our servers, hard drives, logs, backups, caching systems, or any other storage devices.
  • Uploading any other types of documents, such as identification documents, financial records, or unrelated files, is prohibited and falls outside the Service's intended scope.
  • No content from cover letters or resumes is stored in operational logs, backups, caches, or any other storage medium. Our operational logs contain only usage-related data (e.g., timestamps, request identifiers, analysis results). For security and operational purposes, we incorporate IP addresses into our request identifier system, following the format "IP-UUID," which allows us to track request patterns, implement rate limiting, and maintain system security while keeping user data isolated. While these identifiers can potentially associate multiple requests from the same source, they are never linked to the actual content of your cover letters, which remains transient and is discarded immediately after processing. These logs are retained for up to one year as described in Section 8 and are used solely for legitimate operational purposes including security monitoring, troubleshooting, and preventing abuse.

2.2 Account Data

When you create an account via Firebase, we collect and store:

  • Email address (stored both in Firebase and in our internal database for account identification and customer support)
  • Display name
  • Account settings and preferences
  • Authentication tokens

This information is stored securely and used solely for account management, service delivery, and to administer payment for premium features.

2.3 Generation-Related Data

When you use our Cover Letter Generation service, we process:

  • Resume/CV text that you upload or paste
  • Job descriptions you provide
  • Additional notes or information you may include
  • Company name and position title you may include

Important: This data is processed in our memory but also sent to third-party AI providers (such as OpenAI, Anthropic, or Google) for processing. We use the paid, commercial API services of these providers, which include data protection terms stating that information submitted through these APIs is not used to train or improve their models.

User Responsibility for Personal Information: You are solely responsible for removing and redacting any personal, sensitive, or confidential information (including names, addresses, phone numbers, identification numbers, etc.) from any content you submit for Generation. While we take measures to protect your data, the most effective way to prevent personal information from being processed is to remove it before submission. We explicitly disclaim responsibility for any personal information you choose to include in your submissions despite our recommendations against doing so. If you do not remove personal data from your submission, that information may be processed by third-party providers (e.g., OpenAI).

2.4 Usage Data

Usage Data refers to data on how the Service is accessed and used. This may include:

  • Access Logs: Timestamps of tool usage, authentication attempts, and other service interactions
  • IP Addresses: To protect against abuse and ensure service integrity (e.g., with IP-based rate limiting) and to provide localized experiences such as displaying prices in your local currency.
  • Geographic Location: General location data (country level only) derived from IP addresses using GeoIP databases to provide regionally appropriate pricing and currency options.
  • Device Information: General device type information (desktop, mobile, tablet) derived from user agent data to help us understand how users access our service across different platforms and optimize accordingly.
  • Analysis Results: Statistical information such as AI detection scores (e.g., "2025-03-26 10:05:13, 127.0.0.1-02cd0172-444f-433f-adb6-e3de81dd8994, Human, 0.995")
  • Generation Metadata: Input/output token counts (e.g., "2025-03-26 10:05:13, 127.0.0.1-02cd0172-444f-433f-adb6-e3de81dd8994, generation, 482, 258")
  • Session Duration Data: When you visit our website, we generate a random anonymous session identifier (UUID) and track the duration of your visit on each page. This information is collected through browser events that detect when you leave a page. The data helps us understand user engagement, identify usability issues, and improve the overall experience of our service. Session identifiers are not connected to personal information. The collected data includes:
    • A randomly generated session identifier that changes with each page load
    • The specific page URL you visited
    • The duration of time spent on each page (measured in seconds)
  • Generation Usage: Records of generation service usage and credit consumption
  • Payment Information: Billing records for premium features (handled securely through our payment processor)

Purpose of Collection:

Usage Data is collected to improve service functionality, maintain security, prevent misuse of the platform, and provide location-specific services such as displaying prices in your local currency. Analysis results are anonymized and do not contain identifiable information about users. Generation-related information only retains metadata of the query (such as input or output token amounts), not the query or output content itself.

Retention and Removal: Usage Data is retained for up to one year and can be erased upon request before the end of the retention period.

2.5 Legal Basis for Processing

We process your data based on the following legal grounds:

  • Performance of Contract: To provide our services to you
  • Legitimate Interests: To improve our Service, prevent system abuse, monitor usage for functionality, security, and billing purposes
  • Consent by Action: When you submit content for analysis or generation, you implicitly consent to the necessary processing of that content
  • Legal Obligation: Where we need to comply with a legal or regulatory obligation

3. How We Use Collected Information

We use the information collected for the following purposes:

  • Cover Letter Analysis: To determine whether a cover letter was AI-written or human-generated. All submissions undergo the same in-memory processing, with results returned and files discarded immediately.
  • Cover Letter Generation: To create personalized cover letters based on your resume/CV and job information using third-party AI services.
  • Account Management: To create and maintain your account, verify your identity, and provide access to premium features.
  • Service Improvement: To analyze usage patterns, troubleshoot issues, and enhance service functionality.
  • Customer Support: To identify your account, troubleshoot issues, and provide personalized assistance when you contact us, using your email to link support inquiries with your usage history.
  • Security: To detect and prevent fraudulent activity, unauthorized access, and other potential breaches.
  • Usage Tracking: To monitor service usage for operational purposes and to enforce reasonable usage limits.
  • Critical Communications: To contact you regarding essential service announcements such as security incidents, service termination, or information about substantial unused credit balances only in the context of service termination or significant changes affecting your ability to use these credits. These communications are considered necessary to fulfill our obligations to you and may be sent even if you have opted out of other types of communications.

4. Data Processing and Security

We ensure the highest standards of security during data transmission and processing:

  • All communications between users and our servers are encrypted using HTTPS.
  • Data is processed on secure servers located in the Netherlands, hosted by Hostkey.
  • For the Analysis service, our AI model is hosted locally, and all processing happens on our own servers without sending any cover letters to third-party providers. Cover letters are analyzed on our server and are discarded immediately after processing.
  • For the Generation service, data is securely transmitted to third-party AI providers via their commercial APIs, which have their own security measures in place.
  • All submitted data is processed with the highest security standards. However, we assume no responsibility for processing files that do not meet our intended purpose requirements, and such files may be subject to immediate disposal.

5. Third-Party Services

5.1 Infrastructure Provider

We utilize Hostkey for hosting our servers and ensuring the security and reliability of our Service. Hostkey has access to operational data necessary for maintaining our infrastructure but does not have access to cover letter content, CVs, or other data you submit.

We also use GeoIP databases (such as MaxMind's GeoLite2) to determine the approximate geographic location based on IP address, but only when logged-in users interact with pricing-related features. This location detection is used solely to provide location-specific services such as displaying prices in the user's local currency and is processed at the country level only. While we do not separately store detailed geographical coordinates, we do store IP addresses as mentioned in section 2.4, which theoretically can be used to determine approximate location. Users who do not interact with premium pricing features are not subject to this geographic location processing.

5.2 AI Generation Providers

For our Generation service, we may utilize the following third-party AI providers:

  • OpenAI: Provider of GPT models
  • Anthropic: Provider of Claude models
  • Google: Provider of Gemini models

These services receive the content you submit (such as CVs and job descriptions) to generate cover letters. We only use the paid, commercial API versions of these services, which include contractual terms stating that data submitted through these APIs is not used to train or improve their models.

Our relationship with these providers is strictly commercial: we pay them for their API services, and they provide us with text generation capabilities in return. Their business model for these commercial API services is based on receiving payment for computational resources used, not on collecting or utilizing user data. This arrangement helps ensure that your data is used solely for the purpose of fulfilling your specific request and not for other commercial purposes.

5.3 Authentication System

We use Firebase (operated by Google) to handle user authentication. Firebase collects and processes account information according to their privacy policy. We only receive and store information necessary for account management and service provision.

5.4 Payment Processors

For premium features, we use secure third-party payment processors. These processors collect and handle payment information according to their own privacy policies. While we do not store your full payment card details on our servers, we do maintain records of transactions, order history, and billing information as required by accounting and tax regulations. You may access your order history through your account settings or by contacting us directly.

6. Cookies, Logging, and Tracking Technologies

We use session cookies to manage user authentication. These cookies:

  • Expire after a period of inactivity
  • Do not collect personal information beyond session management

For logged-in users, we may use persistent cookies to remember your login status and preferences.

We also implement session duration tracking that measures how long users spend on our pages. When you visit our site, a random session identifier is generated, and when you navigate away, we record the time spent on that page. This data is anonymous and helps us improve our service.

We utilize browser local storage to remember your preferences, such as whether you have seen or dismissed pop-up offers, which is stored on your device and does not contain personal information beyond these display preferences.

No third-party tracking technologies (e.g., analytics or ad trackers) are used on our website. However, we may internally log user interactions with the Service, such as tool usage and authentication attempts, for purposes of service monitoring, security, and usage analysis as outlined in Section 2.4 (Usage Data). These logs are securely stored for a limited duration and are used solely for internal purposes to maintain and improve the platform.

6.1 Browser Local Storage

To enhance your user experience, we temporarily store the text you enter in our form fields (such as resume text, job descriptions, and company information) in your browser's local storage. This data:

  • Is stored only on your device and never transmitted to our servers
  • Automatically expires after 25 minutes of inactivity
  • Is immediately cleared when you successfully generate a cover letter
  • Is cleared when you log out of your account

This temporary storage serves to protect your work if your browser closes unexpectedly or if you need to temporarily navigate away during the cover letter creation process. It allows you to seamlessly resume your work without losing valuable information you've already entered.

You maintain full control over this data as it exists only on your device. No personal information from these form fields is ever stored on our servers or used for any purpose other than providing you with a convenient and uninterrupted service experience.

7. User Rights

7.1 Data Subject Rights

As a user of our Service, you have the following rights:

  • Right to Access: You can request information about what data we hold about you.
  • Right to Rectification: You can request corrections to your data if it is inaccurate or incomplete.
  • Right to Erasure: You can request deletion of your data (including account information, usage logs, and payment history) at any time.
  • Right to Restrict Processing: You can request the restriction of processing your data under certain circumstances.
  • Right to Object to Processing: You can object to the processing of your data for specific reasons.
  • Right to Data Portability: You can request the transfer of your data to another service provider in a structured, commonly used, and machine-readable format.

Since we do not store cover letter content, CVs, or generated letters, these rights primarily apply to account information and usage logs.

Exercising Rights: To exercise any of these rights, please contact us via email at info@coversentry.com. We will respond to requests within a reasonable timeframe, typically within 30 days.

8. Data Retention

  • Analysis and Generation Data: Content submitted for these services is deleted immediately after processing and is not retained.
  • Account Data: Maintained for as long as you have an active account. If you wish to delete your account and associated data, please contact us at info@coversentry.com, and we will process your request to suspend your account and erase your data within 30 days.
  • Operational Data: Usage logs (e.g., timestamps, IP addresses, analysis results, session duration data) are retained for one year. This data helps us monitor service usage, prevent misuse of the platform, and for security purposes. After this period, logs are automatically deleted unless required for legal reasons or upon a user's request.
  • Payment Information: Billing records are maintained as required by tax and accounting laws.

9. International Data Transfers

Our servers are located in the Netherlands. When you use our Service from outside the European Union, your information may be transferred to and processed in the Netherlands.

For the Generation services, your data may be transferred to third-party AI providers located in other countries, including the United States. These transfers are conducted in compliance with applicable data protection laws and rely on appropriate safeguards such as standard contractual clauses or adequacy decisions where available.

10. Automated Decision-Making and Profiling

We use machine learning models to:

1. Analyze cover letters to determine the likelihood of them being AI-generated or human-generated

2. Generate new cover letters based on provided information

These automated processes are essential to providing our Service. No additional profiling is conducted beyond these specific functions, and all results are provided directly to you without being stored or linked to your identity beyond your current session.

11. Data Breach Notification

In the event of a personal data breach, we will notify affected users via email within 72 hours of discovering the breach, if feasible. Where required, we will also notify the relevant supervisory authority in accordance with applicable data protection laws. We will take immediate steps to mitigate the breach and prevent any further unauthorized access.

We maintain robust security measures to prevent data breaches, but in the unlikely event one occurs, we are committed to transparent and prompt communication.

12. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children. If we become aware that personal data (such as account information or usage logs) from a person under 18 has been inadvertently processed, we will take steps to delete such information promptly.

13. Accessibility

We are committed to ensuring that our Privacy Policy is accessible to all users, including those with disabilities. The policy is available in formats compatible with screen readers and other assistive technologies. If you require the Privacy Policy in a different format, please contact us at info@coversentry.com.

14. Compliance with Data Protection Laws

14.1 GDPR Compliance

As a service based in the European Union, we comply with the General Data Protection Regulation (GDPR). This includes:

  • Processing data lawfully, fairly, and transparently
  • Collecting data for specified, explicit, and legitimate purposes
  • Minimizing the data we collect
  • Ensuring data accuracy
  • Storing data only as long as necessary
  • Maintaining appropriate security measures

14.2 CCPA and CPRA Compliance

We comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) by providing transparency regarding data processing and allowing users to access, correct, or delete their data, as applicable.

  • Categories of Personal Information Collected:
    • Account information (email, display name)
    • Usage data (IP address, timestamps)
    • Content you provide for analysis or generation (processed temporarily)
  • Sources of Personal Information:
    • Direct collection from you when you use our Service
    • Authentication providers (Firebase)
    • Payment processors when you purchase premium features
  • Business or Commercial Purpose for Collecting Personal Information:
    • To provide the Service you request
    • To manage your account
    • To maintain security and prevent abuse
    • To process payments for premium features
  • Categories of Third Parties with Whom Personal Information is Shared:
    • Hostkey for infrastructure hosting
    • AI providers (OpenAI, Anthropic, Google) for generation services
    • Firebase for authentication
    • Payment processors for premium feature purchases
  • Do Not Sell My Personal Information:
    • We do not sell, rent, or lease personal information of our users. Therefore, a "Do Not Sell My Personal Information" link is not applicable.
  • Transparency and Security:
    • No content retention: Personal data submitted for analysis or generation is not stored for post-processing
    • Security measures: We employ robust encryption and secure infrastructure to protect personal information during processing

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and for registered users, we may notify you via email. Your continued use of the Service after such modifications constitutes acceptance of the updated terms.

16. Contact Information

If you have any questions regarding this Privacy Policy or need to exercise your rights, please contact us via email at info@coversentry.com.

Effective Date: April 2025