Privacy Policy

Last updated: March 24, 2026

ATS CV Checker ("we", "us", "our") is a free Chrome browser extension and web application that helps job seekers optimize their resumes for Applicant Tracking Systems. We are an independent project operated by an individual developer. This Privacy Policy explains what data we collect, how we use it, where it goes, and what rights you have. We believe in being straightforward: your resume is your personal data, and we treat it with care.

1. Summary of Key Points

Here is a quick overview before you read the full policy:

  • Your CV profile is stored on your device in Chrome's local storage. It does not leave your browser unless you explicitly trigger AI generation.
  • ATS scoring and keyword analysis run entirely in your browser. No resume data is transmitted for these features.
  • AI generation sends data to our server and then to OpenAI. We do not store your data after processing.
  • We use Google Analytics (GA4) on our marketing website to understand how visitors find us. The extension itself does not include analytics.
  • We do not sell your data. Ever. To anyone.
  • No account is required for core features.
  • Email marketing requires explicit opt-in. We only send emails if you check the consent box and confirm via email (double opt-in). Every email includes a one-click unsubscribe link.

2. Data Stored Locally on Your Device

ATS CV Checker uses Chrome's chrome.storage.local API to store your data directly on your device. This includes:

  • Your CV profile (work experience, education, skills, certifications, contact information, and other resume sections)
  • Saved job descriptions and ATS analysis results
  • Generated CVs and cover letters
  • Extension settings and preferences

This data never leaves your device unless you explicitly use a feature that requires server processing (see Section 3). It is not synced to any cloud service by default. If you uninstall the extension or clear your browser data, this local data is permanently deleted.

We cannot access, read, or recover your locally stored data. You are in full control of it.

3. Data Sent to Our Server

When you use the AI CV generation or cover letter generation features, the following data is transmitted to our server for processing:

  • The job description text from the page you are viewing
  • The CV profile sections relevant to the generation request (e.g., work experience, skills, education)

How we handle this data:

  • Your data is used solely to process your generation request and return the result.
  • We do not store, log, or persist your CV data or job descriptions on our servers after the request is completed.
  • We do not use your data to train any AI models.
  • The generated result is returned to your browser and stored locally on your device.
  • Data is transmitted over HTTPS (TLS encryption) in transit.

What is NOT sent to our server:

  • ATS score calculations (run entirely in your browser)
  • Keyword gap analysis (run entirely in your browser)
  • Your browsing history or activity on job sites
  • Any data from websites you visit that are not job descriptions you actively analyze

4. Third-Party Services

4.1. OpenAI API

AI CV and cover letter generation is powered by the OpenAI API (GPT-4o). When you use these features, your request data (job description and relevant CV sections) is forwarded from our server to OpenAI for processing. Important details:

  • We use OpenAI's API under their API Data Usage Policy, which states that data sent through the API is not used to train OpenAI's models.
  • OpenAI may retain API inputs and outputs for up to 30 days for abuse and misuse monitoring, after which it is deleted. Zero-day retention may apply under their updated policies.
  • OpenAI's data handling is governed by their Privacy Policy.

4.2. Google Analytics (GA4)

Our marketing website (www.atscvchecker.pro) uses Google Analytics 4 (GA4) to understand how visitors find and interact with our website. GA4 may collect:

  • Pages visited and time spent on pages
  • Referring website or search query
  • General geographic location (country/region level)
  • Browser type and device category
  • Anonymized IP address (GA4 does not store full IP addresses)

GA4 uses cookies and similar technologies to collect this data. You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on or by adjusting your browser's cookie settings.

Important: Google Analytics is used only on the marketing website. The Chrome extension itself does not contain any analytics, tracking scripts, or telemetry.

Google's data handling is governed by their Privacy Policy.

4.3. Resend (Email Service)

If you opt in to marketing emails, we use Resend to deliver emails. Resend receives your email address and first name for delivery purposes only. Resend does not use your data for their own marketing. Their data handling is governed by their Privacy Policy.

4.4. Hosting

Our backend server is hosted on Railway. Standard server logs (IP addresses, request timestamps, HTTP headers) may be temporarily stored by our hosting provider as part of normal infrastructure operations. These logs are not used for user profiling and are automatically rotated.

5. Optional Account

You can use the core features of ATS CV Checker without creating an account. If you choose to create an account for the web application:

  • We store your email address and a securely hashed password (bcrypt) in our database.
  • Account data is used solely to authenticate you and enable profile sync across devices.
  • We do not share your account information with third parties.
  • A session token (JWT) is stored in your browser's local storage for authentication. This is not a tracking cookie.
  • You may delete your account and all associated data at any time by contacting us.

5a. Email Communications

If you create an account and opt in to email communications, we may send you:

  • Onboarding emails — a short sequence of 4 emails over 21 days helping you get the most out of the product.
  • Weekly stats emails — a summary of your ATS analysis activity, missing skills, and tips to improve your resume.
  • Product updates — announcements about new features relevant to your job search.

Your consent is required:

  • Marketing emails require explicit opt-in via an unchecked checkbox during registration.
  • We use double opt-in: after checking the box, you receive a confirmation email. Only after clicking the confirmation link will you receive marketing emails.
  • Every marketing email includes a one-click unsubscribe link that immediately stops all marketing emails.
  • You can also withdraw consent at any time through your account settings.

What we collect for email:

  • Email address (from your account)
  • First name (for personalization)
  • Consent timestamp and IP address (for GDPR compliance records)
  • Consent version (which version of the consent text you agreed to)

Email service provider: We use Resend to send emails. Resend processes your email address solely to deliver our emails. Their data handling is governed by their Privacy Policy. Resend servers are located in the United States.

We do not share your email with any other third party for marketing purposes.

6. Cookies and Tracking Technologies

The Chrome extension does not use cookies. It uses Chrome's chrome.storage.local API for data persistence, which is not a cookie and is not accessible by websites.

The marketing website uses cookies through Google Analytics (GA4) for website analytics as described in Section 4.2. These are:

  • _ga — Used to distinguish unique visitors. Expires after 2 years.
  • _ga_[ID] — Used to maintain session state. Expires after 2 years.

Additionally, if you arrive via a referral link, a referral_code cookie is set for 7 days to attribute your registration to the person who referred you. This cookie contains only the referral code (no personal data) and is deleted after 7 days or after you register.

You may control cookies through your browser settings. Blocking cookies will not affect the functionality of the Chrome extension.

7. Data Retention

  • Local data (your CV profile, saved jobs, generated documents): Remains on your device until you clear it, reset the extension, or uninstall it. We have no access to this data and cannot delete it remotely.
  • AI generation requests: Not stored. Data is processed in memory and discarded after the response is returned.
  • Account data (if you create an account): Retained until you delete your account. Upon account deletion, all associated data is permanently removed from our servers within 30 days.
  • Server logs: Automatically rotated by our hosting provider. Typically retained for no more than 30 days.
  • Email marketing consent: Retained until you unsubscribe or delete your account. Consent records (timestamp, IP, version) are kept for GDPR compliance even after unsubscribe.
  • Email delivery data: Email send/delivery status retained for 90 days for debugging. No email content is stored.
  • Google Analytics data: Retained according to Google's data retention settings. We have configured GA4 with the default retention period of 14 months.

8. We Do Not Sell Your Data

We do not sell, rent, lease, trade, or otherwise disclose your personal data to third parties for monetary or other valuable consideration. This applies to all users regardless of location. We have never sold user data and have no plans to do so.

We do not share your data for advertising, profiling, or marketing purposes with any third party. The only third-party data sharing is the operational processing described in Section 4 (OpenAI for AI generation, Google for website analytics).

9. Lawful Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following lawful bases as defined by the General Data Protection Regulation (GDPR):

  • Contract performance (Article 6(1)(b)): Processing your CV data and job descriptions when you use AI generation features is necessary to provide the service you requested.
  • Legitimate interest (Article 6(1)(f)): Server logging for security, fraud prevention, and service stability. We have assessed that these interests do not override your fundamental rights.
  • Consent (Article 6(1)(a)): Google Analytics cookies on our marketing website, and marketing email communications. You may withdraw consent for analytics by adjusting your cookie settings, and for emails via the one-click unsubscribe link in every email or through your account settings.

10. Your Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the GDPR:

  • Right of access (Article 15) — You may request a copy of the personal data we hold about you.
  • Right to rectification (Article 16) — You may request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17) — You may request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing (Article 18) — You may request that we limit how we use your data.
  • Right to data portability (Article 20) — You may request your data in a structured, machine-readable format.
  • Right to object (Article 21) — You may object to processing based on legitimate interest.
  • Right to withdraw consent (Article 7(3)) — Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@atscvchecker.pro. We will respond within 30 days, as required by the GDPR. If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

Practical note: Since the vast majority of your data is stored locally on your device using chrome.storage.local, you already have direct control over it. You can view, export, or delete your local data at any time through the extension without contacting us.

11. Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights:

  • Right to know — You may request that we disclose what personal information we collect, use, and share about you.
  • Right to delete — You may request deletion of your personal information.
  • Right to opt out of sale or sharing — We do not sell or share your personal information as defined by the CCPA/CPRA. There is nothing to opt out of.
  • Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at support@atscvchecker.pro. We will verify your identity and respond within 45 days as required by the CCPA.

Categories of personal information collected in the preceding 12 months:

  • Identifiers (email address, if you create an account)
  • Professional information (resume content, only when you use AI generation)
  • Internet activity (website analytics via Google Analytics on our marketing site)

We do not collect sensitive personal information as defined by the CPRA. We do not use or disclose personal information for purposes other than providing the service.

12. Your Rights Under LGPD (Brazilian Users)

If you are located in Brazil, the Lei Geral de Protecao de Dados (LGPD) grants you the following rights:

  • Confirmation and access — You may confirm whether we process your data and request access to it.
  • Correction — You may request correction of incomplete, inaccurate, or outdated data.
  • Anonymization, blocking, or deletion — You may request anonymization or deletion of unnecessary or excessive data.
  • Data portability — You may request transfer of your data to another service provider.
  • Deletion — You may request deletion of personal data processed with your consent.
  • Information about sharing — You may request information about which third parties have access to your data.
  • Revocation of consent — You may revoke consent for data processing at any time.

To exercise your LGPD rights, contact us at support@atscvchecker.pro. Our lawful basis for processing under the LGPD is the execution of a contract or preliminary procedures related to a contract (Article 7, V) when you use our AI generation features, and consent (Article 7, I) for website analytics.

13. Data Security

We implement reasonable technical and organizational measures to protect your data:

  • All data in transit is encrypted using HTTPS (TLS 1.2+).
  • Passwords are hashed using bcrypt with appropriate cost factor.
  • Authentication tokens (JWT) are signed and time-limited.
  • Our server infrastructure is managed by Railway, which provides enterprise-grade security controls.
  • AI generation data is processed in memory and not persisted to disk or database.

No system is perfectly secure. While we take reasonable precautions, we cannot guarantee absolute security of your data during transmission or storage.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
  • If the breach is likely to result in a high risk to your rights and freedoms, we will notify affected users directly without undue delay (GDPR Article 34).
  • Notifications will include the nature of the breach, likely consequences, measures taken or proposed to address it, and contact information for further inquiries.

Since most user data is stored locally on your device and not on our servers, the risk of a server-side breach affecting your resume data is minimal for users who do not have accounts.

15. International Data Transfers

When you use AI generation features, your data may be processed by servers located in the United States (our hosting provider Railway and OpenAI are US-based companies). For users in the EEA, UK, or Brazil, this constitutes an international data transfer.

We rely on the following mechanisms to ensure adequate protection:

  • OpenAI's compliance with applicable data protection frameworks
  • Railway's infrastructure security measures and data processing agreements
  • The transient nature of the processing (data is not stored after request completion)

If you do not wish your data to be processed outside your jurisdiction, you may choose not to use the AI generation features. All other features (ATS scoring, keyword analysis) operate entirely in your browser.

16. Children's Privacy

ATS CV Checker is designed for adult job seekers and is not intended for use by children. We do not knowingly collect personal data from anyone under the age of 13 (as required by the U.S. Children's Online Privacy Protection Act, COPPA) or under the age of 16 (as required by the GDPR for certain EU member states).

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@atscvchecker.pro and we will promptly delete it.

17. Chrome Extension Permissions

The ATS CV Checker Chrome extension requests certain browser permissions to function. Here is what each permission is used for:

  • activeTab — To read job description content from the page you are actively viewing, only when you interact with the extension.
  • storage — To save your CV profile, settings, and generated documents locally on your device.
  • sidePanel — To display the extension's interface in Chrome's side panel.
  • Host permissions (job sites) — To detect when you are on a supported job platform (LinkedIn, Indeed, etc.) and activate the ATS analysis widget.

We request only the permissions necessary for the extension to function. We do not access your browsing history, read your email, or monitor your activity on non-job-site pages.

18. Do Not Track Signals

The extension does not track you in any way, so Do Not Track signals are not applicable to it. On our marketing website, we respect browser Do Not Track (DNT) signals by not loading analytics scripts when DNT is enabled.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes:

  • We will update the "Last updated" date at the top of this page.
  • For material changes that affect how we handle your data, we will make reasonable efforts to notify you (e.g., through the extension's update notes on the Chrome Web Store).
  • Continued use of ATS CV Checker after changes are posted constitutes your acceptance of the updated policy.

We encourage you to review this page periodically.

20. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your data, please contact us:

We aim to respond to all privacy-related inquiries within 30 days. For GDPR, CCPA, and LGPD requests, we will respond within the timeframes required by the applicable law.