Privacy Policy
<!-- PLACEHOLDERS — the founder MUST fill these before publishing: TeeWiz d.o.o. — full registered company name (the Croatian d.o.o.) [REGISTERED_ADDRESS] — registered business address info@teewiz.ai — general / privacy contact inbox info@teewiz.ai — data-protection contact (may equal info@teewiz.ai if no DPO is appointed) tailr.us.com — production domain (e.g. tailr.us.com) -->Last updated: 23 June 2026
This Privacy Policy explains what personal data Tailr collects, why, who processes it on our behalf, and the rights you have under the EU General Data Protection Regulation (GDPR).
We are an engineering tool, and we treat your data like engineers who would be furious to find their own CV used badly: minimal collection, clear purpose, no quiet model-training, no selling.
1. Who we are (Controller)
The data controller is TeeWiz d.o.o., a company organised under the laws of the Republic of Croatia.
- Registered address: [REGISTERED_ADDRESS]
- Privacy contact: info@teewiz.ai
- General contact: info@teewiz.ai
- Website: https://tailr.us.com
If we have appointed a Data Protection Officer, you can reach them at info@teewiz.ai.
2. What Tailr does
Tailr is a Chrome/Edge browser extension plus a backend service. You paste or upload your CV once, and when you are looking at a job posting you click "Tailor." The extension sends the job-posting text and your stored CV to our backend, which calls Anthropic's Claude API to re-order, re-weight, and re-phrase your existing CV content for that role. We then compile a PDF on our servers and return it to you.
We do not write a new CV for you, and the model is instructed never to invent experience, employers, or credentials.
3. What data we collect
| Category | Examples | Source |
|---|---|---|
| CV content | Your uploaded/pasted CV, the structured version we derive from it, and each tailored output | You |
| Job-posting text | The text of the job posting you choose to tailor against, plus the job URL/host | The page you are on, when you click "Tailor" |
| Account data | Email address, authentication identifiers, plan status | You / sign-in |
| Billing metadata | Subscription/PAYG status, trial dates, Stripe customer reference, invoice records | You + Stripe |
| Usage & cost metadata | Number of tailors, token counts, per-request cost, timestamps, model used, ATS-validation result | Generated automatically |
| Product analytics | Funnel events (e.g. "tailor clicked", "PDF downloaded"), app version, surface, browser — only if you accept analytics | Generated automatically, consent-gated |
| Diagnostics | Error reports and performance traces (we scrub CV/job content from these) | Generated automatically |
The extension requests only the minimum browser permissions (activeTab, scripting, storage, tabs). It reads job-posting text only on the tab you are actively using when you click Tailor — it does not run on every site and has no broad page access. The tabs permission lets the background worker see the active tab's URL (not its content) to show a "job detected" badge.
4. Why we use it and on what lawful basis
| Purpose | Data used | Lawful basis (GDPR Art. 6) |
|---|---|---|
| Generate tailored CVs (the core service) | CV content, job-posting text | Contract — Art. 6(1)(b) |
| Account, authentication, support | Account data | Contract — Art. 6(1)(b) |
| Billing, trials, subscriptions, fraud/chargeback handling | Billing & usage metadata | Contract + legal obligation (tax/accounting) — Art. 6(1)(b), 6(1)(c) |
| Enforce spend caps, abuse limits, security | Usage metadata, diagnostics | Legitimate interests — Art. 6(1)(f) |
| Product analytics (improve the funnel) | Analytics events | Consent — Art. 6(1)(a) |
| Transactional email (trial-ending, receipts) | Account & billing data | Contract — Art. 6(1)(b) |
Analytics never fire before you accept the consent banner. You can withdraw analytics consent at any time without affecting the service.
5. Processors and sub-processors
We do not sell your data. We share it only with the processors below, each under a GDPR-compliant Data Processing Agreement, strictly to run the service.
| Processor | Role | Data it sees |
|---|---|---|
| Anthropic (Claude API) | Generates the tailored CV | Your CV content + the job-posting text |
| Supabase | Database, authentication, file storage | Account data, CV content, generated PDFs, usage metadata |
| Stripe | Payments & subscriptions | Billing metadata, payment details (Stripe is the card processor — we never store card numbers) |
| Resend | Transactional email delivery | Email address, message content |
| PostHog (EU) | Product analytics (consent-gated) | Analytics events, pseudonymous identifiers |
| Sentry | Error monitoring | Diagnostic/error data (CV & job content scrubbed) |
| Axiom | Application logging | Operational logs (CV & job content scrubbed) |
| LaTeX compile host (Railway container) | Server-side PDF compilation | The rendered CV document, transiently, to produce the PDF |
| Vercel | Application hosting | Request data in transit |
No model training. The CV content and job-posting text we send to Anthropic are processed only to generate your output. Under our commercial terms with Anthropic, your data is not used to train Anthropic's models. We do not use your CV or job-posting content to train any model of our own either.
A current sub-processor list is maintained at https://tailr.us.com/legal/subprocessors (or on request to info@teewiz.ai). We will give notice of material changes before a new sub-processor begins processing.
6. International transfers
Some processors (e.g. Anthropic, Stripe) may process data outside the European Economic Area, including in the United States. Where that happens, transfers are protected by appropriate safeguards under GDPR Chapter V — primarily the European Commission's Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework. You can request a copy of the relevant safeguards from info@teewiz.ai. PostHog analytics is hosted in the EU.
7. Retention and deletion
- CV profiles and tailored CVs / PDFs: kept while your account is active so you can re-use and re-tailor them. Deleted within 30 days of account deletion (or when you delete the item).
- Job-posting text: retained with the generation it produced; removed on the same schedule, or sooner if you delete the generation.
- Billing records: retained as required by Croatian/EU tax and accounting law (typically up to 11 years for invoices), then deleted.
- Analytics events: retained up to 12 months, then aggregated or deleted; removed if you withdraw consent.
- Diagnostics/logs: retained up to 90 days.
- Backups: purged on a rolling cycle; deleted data ages out of backups within the cycle window.
When you delete your account, we delete or irreversibly anonymise your personal data except where law requires us to keep specific records (e.g. invoices).
8. Your rights
Under GDPR you have the right to: access your data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict or object to processing; data portability (receive your data in a structured, machine-readable format); and to withdraw consent for analytics at any time.
- Self-service: you can export your CV data and delete your account from your dashboard at https://tailr.us.com/settings.
- By request: email info@teewiz.ai. We respond within 30 days.
- You also have the right to lodge a complaint with a supervisory authority — in Croatia, the Agencija za zaštitu osobnih podataka (AZOP), azop.hr.
9. Security
CV and job-posting content travel over TLS. Your Anthropic API access is server-side only — our API key never reaches the browser/extension. Database access is protected by row-level security keyed to your account, so one user cannot read another's data. PDFs are stored in access-controlled storage. We scrub CV and job content from error reports and logs. Access to production data is restricted to personnel who need it.
10. Children
Tailr is not directed at children under 16 and we do not knowingly collect their data.
11. Changes to this policy
We may update this policy. Material changes will be announced in-app or by email before they take effect, with the "Last updated" date revised above.
12. Contact
Questions or requests: info@teewiz.ai · TeeWiz d.o.o., [REGISTERED_ADDRESS].