Skip to main content

Privacy Policy

Effective date: March 1, 2026

1. Overview

Retold (“we,” “our,” or “us”) operates the website https://www.retold.dev and the Retold application (the “Service”). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over your data.

By using the Service you agree to the practices described in this policy. If you do not agree, please do not use the Service.

Note: This policy is a working draft and has not yet been reviewed by legal counsel. It will be updated to reflect any additional legal requirements before the Service is publicly launched.

2. Information We Collect

2.1 Account information

When you sign in via Google, GitHub, or LinkedIn OAuth, we receive your name, email address, and profile picture URL from that provider. We do not receive or store your OAuth provider password.

2.2 Resume and job-description content

You may upload or paste resume text and job descriptions into the Service. This content is stored in our database and in Amazon Web Services (AWS) S3 for file uploads (PDF, DOCX). It is also transmitted to Anthropic’s API (see section 4) to generate tailored output.

2.3 Tailored resume output

The AI-generated tailored resumes, cover letters, and keyword match scores produced by the Service are stored in our database and associated with your account.

2.4 Payment information

Paid plan subscriptions are handled by Stripe. We do not store your full card number, CVV, or bank account details. We store only your Stripe customer ID and current subscription status.

2.5 Usage analytics

We use PostHog to collect anonymized product analytics (pages visited, features used, error rates). PostHog is configured in server-side mode; no third-party JavaScript analytics runs in your browser.

2.6 Log data

Our hosting provider (Railway) may log standard server access logs including IP address, browser user-agent, and request timestamps. These logs are retained for up to 30 days for security and debugging purposes.

2.7 AI improvement data

When you use AI-powered features (resume tailoring, bullet rewriting, cover letter generation, skill extraction, or gap analysis), we log the prompts sent to and outputs received from the AI model, along with behavioral signals that indicate output quality (for example, whether you copied, edited, or regenerated the output).

This interaction data is used to improve Retold’s AI models. Before any interaction data is used for model training, it is fully anonymized: all email addresses, phone numbers, names, and company names are stripped and replaced with generic placeholders (e.g., “[CANDIDATE]”, “[COMPANY]”). The anonymized data cannot be linked back to you or any individual.

You may opt out of AI improvement data collection at any time from your account settings. Opting out stops all future interaction logging for your account. See section 6 for details on your rights.

3. How We Use Your Information

  • To authenticate your identity and maintain your account.
  • To provide the core Service: generating AI-tailored resumes, keyword match scores, ATS analysis, and cover letters.
  • To process subscription payments and manage your billing status.
  • To send transactional emails (e.g., password reset, billing receipts) if and when email features are enabled.
  • To understand how the Service is used in aggregate and improve its features and reliability.
  • To comply with legal obligations and enforce our Terms of Service.
  • To improve the quality of our AI features by training models on anonymized interaction data (see section 2.7). All personally identifiable information is removed before data is used for training. You may opt out of this at any time from your account settings.

    • We do not sell your personal information to third parties.

    4. Third-Party Service Providers

    We share data with the following sub-processors only to the extent necessary to operate the Service:

    ProviderPurposeData sent
    AnthropicAI text generation (Claude API)Resume text, job descriptions
    StripePayment processingEmail, subscription metadata
    Amazon Web Services (S3)File storage for uploaded resumesResume file contents
    PostHogProduct analyticsAnonymized usage events
    RailwayApplication hosting and infrastructureAll application traffic (server-side)
    Google / GitHub / LinkedInOAuth sign-inEmail, name (returned to us)

    Anthropic’s API usage is subject to their Privacy Policy. By default, Anthropic does not use API inputs and outputs to train models.

    5. Data Retention

    We retain your account data and resume content for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us at privacy@retold.dev.

    AI interaction logs (see section 2.7) are retained in our database for up to 90 days, after which they are archived and removed from the primary database. Anonymized training datasets exported from these logs may be retained indefinitely, as they cannot be linked back to an individual.

    Anonymized, aggregated analytics data may be retained indefinitely as it cannot be linked back to an individual.

    6. Your Rights

    Depending on your jurisdiction, you may have the right to:

    • Access — request a copy of the personal data we hold about you.
    • Correction — request that inaccurate data be corrected.
    • Deletion — request that your account and associated data be permanently deleted.
    • Portability — request an export of your resume content and tailored outputs in a machine-readable format.
    • Objection — object to the processing of your data for analytics purposes.
    • AI training opt-out — disable the collection of AI interaction data for model training at any time from your account settings. Opting out stops future data collection and excludes your existing interaction data from training exports.

    To exercise any of these rights, email privacy@retold.dev. We will respond within 30 days.

    7. Cookies and Tracking

    The Service uses a single session cookie (“authjs.session-token”) to maintain your authenticated session. No advertising or third-party tracking cookies are set. We do not use fingerprinting or cross-site tracking technologies.

    8. Security

    We use industry-standard measures including TLS encryption in transit, encrypted storage for secrets, and access controls to protect your data. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

    9. Children’s Privacy

    The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

    10. Changes to This Policy

    We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Material changes will be communicated via an in-app notice or email. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

    11. Contact

    Questions, requests, or complaints about this Privacy Policy should be directed to:

    Retold

    privacy@retold.dev

    https://www.retold.dev