plainlybeta
pricingSign in

Privacy Policy

Last updated: 2026-04-20

This Privacy Policy explains what information Plainly ("the Service", "we") collects about you, how we use it, and what your rights are.

The Service is operated by kRicha, a natural person located in Ukraine. The Service is currently in beta and is provided free of charge.

Contact: [email protected]

1. Information we collect

We collect the following:

  • Account data: your email address (used for sign-in and product communication), your chosen UI language, your account plan, the timestamp of your last consent acknowledgement.
  • Structured CV data: the parsed, edited, and user-confirmed JSON representation of your CV. This is derived from the file you upload or the text you paste.
  • Master Brief: the markdown document you optionally write in your settings. It is stored as you wrote it.
  • Job descriptions and match analyses: text you paste and the results we generate from it.
  • Feedback you send us: the message, its category, and optionally your email if you asked us to follow up.
  • Audit events: metadata about your actions in the Service (what feature was used, when, whether it succeeded). These entries contain no CV or Brief content.
  • Error reports: if the Service errors, technical details about the error are sent to Sentry. Our configuration automatically redacts any values that look like CV or Brief content before the report is sent.

2. Information we do not collect

  • We do not store your original uploaded file. It is held in memory for up to 30 minutes during parsing, then discarded.
  • We do not store the raw extracted text from your file. It is held for up to 30 minutes and discarded.
  • We do not store the rendered DOCX files you download. They are generated on demand and not retained on our servers.
  • We do not use tracking cookies. We do not run analytics scripts on pages that display your CV or Brief. Our marketing pages use Umami, a cookieless analytics provider.

3. How we use your information

  • To provide the Service: parse your CV, let you edit it, export it, match it against job descriptions, and produce tailored versions of it.
  • To apply rate limits and abuse controls against your account.
  • To contact you about service-critical matters (sign-in links, important changes).
  • To respond to feedback you send us.
  • To generate aggregate, non-identifying analytics about Service use (which templates are popular, distribution of match scores). These analytics never contain identifiable CV content.

4. Third-party processors

We use the following third parties to operate the Service. Your data is transmitted to them only as necessary:

  • Anthropic (United States) — processes your CV JSON, Master Brief, and job description text to produce parsing, tone extraction, match analysis, and tailoring results. Anthropic's API retention policy applies to the content we send them. See Section 5 on the limits of our ability to retract this data.
  • Resend (United States) — sends transactional email (sign-in links, important account notices).
  • Sentry (European Union / United States) — receives error reports with CV-shaped content redacted before transmission.
  • Umami (Umami Software, Inc., EU data region) — privacy-first analytics on our marketing pages only. Umami is cookieless and does not track you across sites. It records aggregate page views, referrer, approximate country, and device class (desktop / mobile / tablet) derived from an anonymized, hashed identifier. No personal data is stored. Umami is not loaded on any page you see after signing in.
  • Telegram Bot API (operated by Telegram) — delivers feedback you submit to us. The operator of the Service receives these notifications on a private Telegram chat. You may submit feedback anonymously; your email is included only if you opted in.
  • Our hosting provider — runs the server and database. Data at rest is encrypted by the provider.

5. Anthropic and the limits of deletion

This section is important. Read it carefully before you submit any CV.

We will delete your data from our database when you ask us to. You can do this yourself at any time from the Settings page, or by writing to [email protected].

We cannot delete data from Anthropic that we have already sent them for processing. Once your CV JSON or Master Brief has been transmitted to Anthropic's API, Anthropic's own retention and deletion policies govern that copy of the content. We do not control those policies. Anthropic publishes them; we recommend you read them.

This is why we:

  • ask for your consent before your first parse;
  • never store your original upload file or raw extracted text;
  • do not transmit content to Anthropic that we have not been directly instructed to process.

If you withdraw consent or delete your account, your data is removed from our systems promptly. Anthropic's copy, if any remains at the time of your request, is outside our control.

6. Retention

  • Account data: kept until you delete your account.
  • Structured CV data, Master Brief, job descriptions, matches: kept until you delete them individually or delete your account.
  • Audit events: kept for 90 days, then removed. Account deletion audit events are retained indefinitely in anonymised form (we keep a hash of your email for legal record of the deletion, not the email itself).
  • Feedback: kept indefinitely unless you ask us to delete it.
  • Error reports in Sentry: retained per Sentry's default policy.

7. Your rights

Under the General Data Protection Regulation and Ukrainian data-protection law, you have the right to:

  • Access — request a copy of your data. Export it yourself from Settings, or ask us.
  • Rectify — correct inaccurate data. You can edit all of it directly in the app.
  • Erase — delete your data. The Settings page includes a full-account delete. You can also delete individual CVs.
  • Restrict — ask us to stop processing specific data. Write to [email protected].
  • Port — receive your data in a machine-readable format. The Settings export is a JSON + ZIP bundle.
  • Object — object to processing. Write to [email protected].
  • Withdraw consent — you can withdraw your consent to LLM processing at any time by deleting your account. You cannot withdraw consent for processing that has already occurred.
  • Lodge a complaint — you may complain to the Ukrainian data-protection authority if you believe your rights have been violated.

8. Children

The Service is not directed at persons under 18. Do not use the Service if you are under 18. If we learn that we have collected data from a person under 18, we will delete it.

9. Security

Data is transmitted over HTTPS. Passwords are not used (the Service uses email magic links). Your database row is accessible only to the operator. Third-party processors are selected in part for their security posture.

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify affected users by email within 72 hours of discovery.

10. Changes to this policy

We may update this policy. Material changes result in a bump to the consent version; the next time you perform a parse, you will be asked to acknowledge the current wording. The "last updated" date at the top of this page reflects the most recent change.

11. Contact

[email protected]