Privacy Policy

When you use Gradr we store the following in our database (Supabase / PostgreSQL):

• Account identity — your Google account email, full name, and avatar URL, supplied by Google at sign-in.
• Profile— any CV text, target roles, preferred tools, work preference, location, compensation targets, and “what to avoid” fields that you fill in during onboarding or Settings.
• Encrypted API key — your Anthropic API key, encrypted at rest with AES-256-GCM before being written to the database. Only a 4-character suffix is kept unencrypted (so we can show you which key is saved).
• Evaluations & pipeline — every job URL you evaluate, the extracted job description, the score Claude returns, and the pipeline status you assign it.
• Portal config & scan history — the companies you track, the filters you configure, and the list of job URLs we have scanned on your behalf.

We do not collect payment information. Gradr is free; you pay Anthropic directly for API usage.

• To authenticate you and keep you signed in.
• To build the prompt we send to Claude so it can score a job posting against your background. Your profile and CV are included in this prompt.
• To render your dashboard, pipeline, scan history, and tailored CV outputs.
• To enforce per-account rate limits on scans.

We do not sell your data, we do not use it for advertising, and we do not train machine-learning models on it.

Gradr relies on the following processors:

• Google (Sign-In)— we receive your email, name, and avatar from Google’s OAuth flow. See Google’s privacy policy.
• Supabase hosts our database and authentication. Your data is stored on their infrastructure. See Supabase’s privacy policy.
• Anthropic (Claude) — when you run an evaluation or generate a CV, your profile and the job description are sent to Anthropic through your own API key. The request is billed to your Anthropic account and is subject to their data policies. See Anthropic’s privacy policy.
• Vercel hosts the Gradr web app and serves the front-end. Standard web-request logs (IP, user-agent, timestamp) are retained by Vercel for operational purposes.

Gradr’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google account data solely to let you sign in to Gradr.

• Your Anthropic API key is encrypted at rest with AES-256-GCM.
• Row-level security is enabled on every user-owned table; a user can only read and write their own rows.
• All traffic to Gradr is served over HTTPS.

No system is perfectly secure. If you discover a vulnerability, email privacy@gradr.tech.

• Access & export — you can see every evaluation, filter, company, and scan-history row in the app itself.
• Update — your profile and CV are editable in Settings.
• Delete your API key — remove it at any time from Settings.
• Delete your account — email privacy@gradr.tech and we will wipe every row associated with your user id within 30 days.

Evaluations, scan history, and profile data are retained for as long as your account exists. If you delete your account, everything keyed on your user id is deleted. Request logs held by our hosting providers follow their own retention schedules.

Gradr is not intended for anyone under 16. We do not knowingly collect data from children.

We will update the “Last updated” date above whenever this document changes. Material changes will be flagged in-app before they take effect.

Questions about this policy or a data request? Email privacy@gradr.tech.