Privacy Policy

Arcenly ("we", "us", "our") is the controller of your personal data. Our service is available at arcenly.app. For any questions about this Privacy Policy or your personal data, contact us at privacy@arcenly.app.

BY USING THE SERVICE, YOU CONFIRM THAT (I) YOU HAVE READ AND AGREE TO THIS PRIVACY POLICY, AND (II) YOU ARE OVER 16 YEARS OF AGE. If you do not agree, you must not use the Service.

2.1 Data you give us

• Identity & contact data — your name and email address, provided when you sign in via Google or Apple.
• Resume & career data — employment history, education, skills, certifications, and any other professional information you enter into the builder.
• Uploaded files — PDFs you upload (e.g. a LinkedIn export) for parsing. These are processed in real time and not stored permanently.
• Communications — messages and information you send us through support channels.

2.2 Data provided by third parties

• Google sign-in — when you choose to sign in with Google, we receive your name, email address, and profile picture from your Google account. You can revoke this access at any time via your Google Account Permissions page.
• Apple sign-in — when you choose to sign in with Apple, we receive your name and email address (or Apple's relay address if you chose to hide your email).

2.3 Data we collect automatically

• Device & technical data — IP address, browser type, device type and model, operating system version, system language, and time zone.
• Usage data — pages visited, features and buttons clicked, session duration, how often you use the service, and which resume sections you interact with.
• Cookies & identifiers — session tokens (required for authentication) and analytics identifiers. See Section 3.6 for details.
• Referral data — the URL or source that referred you to Arcenly (e.g. a search engine or social media link).

3.1 To provide the Service

We use your account and resume data to operate the builder, generate your resumes and cover letters, and save your work. To host your data and run the Service we use:

• Supabase (database, authentication, and file storage) — hosted on AWS infrastructure with encryption at rest and in transit. Supabase Privacy Policy.
• OpenAI API — your resume content is sent to OpenAI solely to generate AI-written bullet points, summaries, and cover letter text. We use OpenAI's API with data-usage opt-out settings, meaning your data is not used to train OpenAI's models. OpenAI Privacy Policy.

3.2 To authenticate you securely

We use Supabase Auth, which supports Google OAuth 2.0 and Apple Sign-In, to verify your identity and maintain your session. No passwords are stored by Arcenly.

3.3 To process your payments

Paid subscriptions are handled entirely by Lemon Squeezy, our Merchant of Record. When you subscribe, you enter your payment details directly on Lemon Squeezy's secure checkout — we never see, collect, or store your full card number. We receive only a confirmation of payment, your plan type, and subscription status. Lemon Squeezy Privacy Policy.

3.4 To provide customer support

We process your messages and account data to respond to support enquiries. This includes emails sent to our support address.

3.5 To analyse and improve the Service

We use analytics to understand how users interact with Arcenly so we can fix bugs, improve features, and make product decisions. We use privacy-friendly analytics tools that collect anonymised or pseudonymised data about page views, feature usage, and session behaviour.

3.6 Cookies

We use the following cookies:

• Essential / session cookies — set by Supabase Auth to maintain your logged-in session. Without these the Service cannot function. These are not optional.
• Analytics cookies — used to collect anonymised usage statistics. You can opt out via your browser's cookie settings or by enabling Do Not Track.

You can control cookies through your browser settings: Chrome — Firefox — Safari — Edge.

3.7 To enforce our Terms and prevent fraud

We may use your data to enforce our Terms of Service, detect and prevent fraudulent or unauthorised use of the Service, and comply with legal obligations.

If you are based in the EEA or UK, we rely on the following legal bases under GDPR:

• Contract performance — providing the Service, processing payments, and supporting your account.
• Legitimate interests — analytics and service improvement, fraud prevention, and communicating with you about your account. Our legitimate interests do not override your rights.
• Legal obligation — when required by applicable law.
• Consent — for non-essential cookies and marketing communications (where applicable). You may withdraw consent at any time.

We do not sell your personal data. We share data only with the following categories of third parties, strictly to operate the Service:

• Infrastructure & auth — Supabase (AWS-hosted)
• AI content generation — OpenAI
• Payment processing — Lemon Squeezy (Merchant of Record)
• Analytics — privacy-friendly analytics provider (anonymised data only)
• Law enforcement / public authorities — when required by law or valid legal process.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

You have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — update or correct inaccurate data (most data can be edited directly in the app).
• Deletion — request permanent deletion of your account and all associated data. You can do this from the Settings page or by emailing us. Data is deleted within 30 days.
• Restriction — ask us to limit how we use your data.
• Objection — object to processing based on legitimate interests.
• Portability (EEA/UK) — request your data in a machine-readable format.
• Supervisory authority (EEA/UK) — lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@arcenly.app. We will respond within 30 days.

Arcenly is not directed at anyone under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us immediately at privacy@arcenly.app and we will delete it promptly.

Your data may be transferred to and processed in countries outside your own, including the United States, where our infrastructure providers (Supabase/AWS, OpenAI) operate. Where we transfer personal data from the EEA or UK to third countries, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or adequacy decisions.

We retain your personal data for as long as your account is active or as necessary to provide the Service. If you delete your account, all your resumes, cover letters, and personal data are permanently deleted within 30 days. We may retain certain data longer where required by law (e.g. billing records).

California residents have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal data we collect and share, the right to delete your personal data, and the right to opt out of the sale of personal data. We do not sell your personal data.

To exercise your California privacy rights, email privacy@arcenly.app with the subject line "California Privacy Request" and include your state of residence. We will respond within 45 days.

We honour browser-level Do Not Track (DNT) signals for our own analytics. When DNT is enabled, we disable non-essential analytics cookies. Note that third-party services (e.g. Supabase, Lemon Squeezy) may not respond to DNT signals — refer to their privacy policies for details.

We may update this Privacy Policy from time to time. For material changes, we will notify you by email or via an in-app notice at least 14 days before the change takes effect. The "Last updated" date at the top of this page always reflects the most recent version. Continued use of the Service after changes constitutes acceptance of the updated policy.

For questions, requests, or concerns about this Privacy Policy or your personal data:

• Email: privacy@arcenly.app
• Support: support@arcenly.app

We aim to respond to all privacy-related enquiries within 30 days.