Privacy Policy

Last updated: June 2026

Cover Letter Tailor ("we", "us", "our") is operated as a solo micro-tool business. This policy explains what information we collect, why we collect it, and how it is used. We keep things simple because we have no reason to do otherwise.

1. What we collect and why

Information you provide directly

• Email address and password — required to create a paid account. Your password is stored as a one-way bcrypt hash; we cannot read it.
• Resume and job description text — submitted when you use the tool to generate a cover letter. This text is sent to the AI model to produce your output and then discarded. We do not store it, log it, or use it for any other purpose.
• Payment information — handled entirely by Stripe. We never see or store your card details.

Information collected automatically

• Usage analytics — we use Google Analytics 4 to understand how the site is used. This includes pages visited, session duration, approximate geographic location (country and city), device type, browser, and screen size. GA4 sets cookies (_ga, _ga_*) in your browser to distinguish sessions.
• Session recordings and heatmaps — we use Microsoft Clarity to record anonymised session replays and generate heatmaps showing how users navigate the site. Clarity does not capture the content of text fields (your resume or job description). It sets its own cookies.
• Account analytics identifier — for signed-in users, we send a pseudonymous identifier (your internal account number, formatted as User_[number]) to Google Analytics. This lets us understand usage patterns by account type (e.g. free vs paid). This identifier contains no personal information and cannot be used to identify you outside our system.
• Server logs — our web server logs standard request data (IP address, timestamp, endpoint accessed) for security and abuse prevention. Logs are not shared and are retained for 30 days.

2. Cookies

We use cookies set by Google Analytics 4 and Microsoft Clarity for analytics purposes, and a session cookie to keep you signed in. We do not use advertising cookies or sell data to advertisers. By using this site you consent to these cookies. You can disable cookies in your browser settings, which will prevent analytics tracking but will not affect the tool's core functionality.

3. How we use your information

• To operate the service — generate cover letters, manage your account, process payments.
• To send transactional emails — account verification, password resets, payment confirmations. We do not send marketing emails.
• To understand how the tool is used — so we can improve it. Analytics data is reviewed by the site owner only.
• To prevent abuse — rate limiting and fraud detection.

4. Who we share data with

We use a small number of third-party services to operate the site. Each receives only the data necessary for their function:

• Anthropic — receives your resume and job description text to generate the cover letter. Anthropic's API usage policy prohibits using submitted data for model training without consent.
• Stripe — processes payments. Receives your email address and payment details. Governed by Stripe's Privacy Policy.
• Google Analytics 4 — receives anonymised usage data and the pseudonymous account identifier described above. Governed by Google's Privacy Policy. You can opt out using Google's opt-out browser add-on.
• Microsoft Clarity — receives anonymised session recording and heatmap data. Governed by Microsoft's Privacy Statement.
• Resend — sends transactional emails on our behalf. Receives your email address for this purpose only.
• Hetzner — hosts the server infrastructure. Data is stored in Germany (EU).

We do not sell your data. We do not share it with advertisers.

5. Data retention

• Account data — retained while your account is active. If you wish to delete your account and associated data, contact us at [email protected].
• Resume and job description text — not retained. Discarded immediately after generation.
• Analytics data — retained by Google Analytics for 14 months (default setting). Clarity retains session data per their standard policy.
• Server logs — 30 days.
• Payment records — retained by Stripe per their legal obligations.

6. Your rights

You can request access to, correction of, or deletion of your personal data at any time by emailing [email protected]. We will respond within a reasonable time. If you are located in the EU or UK, you have additional rights under GDPR, including the right to lodge a complaint with your local supervisory authority.

7. Security

Passwords are hashed using bcrypt. All data in transit is encrypted via HTTPS. We take reasonable technical measures to protect your data, though no system is completely secure.

8. Children

This service is not directed at children under 16. We do not knowingly collect data from children.

9. Changes to this policy

If we make material changes to this policy, we will update the date at the top of this page. Continued use of the service after changes are posted constitutes acceptance of the updated policy.

10. Contact

Questions about this policy: [email protected]