Privacy Policy

Last Updated: April 2026

1. Introduction

TailorMeSwiftly.com ("we", "our", or "the Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website.

2. Information We Collect

We collect the following types of information:

  • Account Information: When you sign in with Google or LinkedIn, we receive your name, email address, and profile picture from your account.
  • Resume and Job Description Data: The resume text and job description content you provide for AI-powered tailoring. If you use the Resume Merger feature to combine multiple resumes, all uploaded resume texts are sent to Google Gemini for AI-powered merging. The merged output is stored in your browser session only.
  • News Briefing Data: Your selected news interests, briefing preferences (tone, framing, location), generated briefing content, story reactions (thumbs up/down/save), and story thread continuity data.
  • Podcast Audio: AI-narrated audio files generated from your briefings, stored for podcast feed delivery.
  • Learning Path Data: Generated learning roadmaps, skill gap analyses, study guide progress, XP scores, spaced repetition review intervals, knowledge check scores, mastery levels, streak counts, and daily challenge completions associated with your account.
  • Learning Analytics: We collect learning funnel events (e.g., path generation, skill completions, review scheduling, challenge attempts) to improve the learning experience and measure feature effectiveness.
  • Community Resources: If you submit resource links or recommendations through the community resources feature, the URLs, titles, and your user ID are stored and may be visible to other users of the same learning path.
  • Usage Data: Basic analytics about how you interact with the Service (pages visited, features used).
  • Professional Profile Data: If you use the Professional Profile Audit tool, the profile text you paste is processed by Google Gemini AI to generate audit scores and improvement suggestions. This text is sent to Google's servers for processing and is not permanently stored by us.
  • Client-Side Keyword Data: The real-time live scoring feature extracts keywords from job descriptions and scores your resume locally in your browser. No data is sent to our servers for this feature.
  • Chrome Extension Data: If you use the TailorMeSwiftly Chrome Extension, it reads the current page content of job listing pages you visit (job title, company name, listing URL, and job description) when you activate it. This data is sent to our servers to save the job to your Application Tracker. The extension does not run in the background, does not track your browsing history, and does not collect data from pages you do not explicitly save.
  • Outcomes Data: If you use the outcomes tracking feature, we collect self-reported career outcomes such as interview callbacks, job offers, job start dates, and salary data. This information is stored in our database and associated with your account.
  • Classroom & Cohort Data: If you join a cohort or classroom, your name, email, assignment completion status, and scores are visible to the cohort instructor. Instructors can view participation data for students in their cohorts.
  • Skills & Credential Data: Assessment answers, scores, and completion status are stored in our database. If you earn a micro-credential, your display name, credential title, and issue date are included on a public verification page accessible to anyone with the verification link.
  • Employer Portal Data: Employer company profiles (name, logo, industry, size, location, website, description) are stored in our database. Verified employer profiles may be publicly visible. Job postings are visible to all authenticated users.
  • Community & Peer Review Data: Discussion posts and replies you create are visible to all authenticated users. If you submit a resume for peer review, the resume content is shared with reviewers in anonymized form (stripped of personally identifiable information). Star ratings and review text you provide are stored and visible to the resume submitter.
  • News Transparency Data: We store curation logs that record which articles were shown to you and the reasons for their selection. Source diversity metrics tracking your news consumption patterns are also stored. You can manage your transparency preferences in your account settings.
  • Cloud Export Data: If you use the Google Drive export feature, we request a limited OAuth token scoped to drive.file (file creation only) to upload your resume or cover letter PDF to your Drive. This scope means we can only see files you save through TailorMeSwiftly — we have no access to any other files in your Drive. The OAuth token is session-scoped and is not persisted on our servers.
  • Gmail & Calendar Sync Data: If you connect Gmail and Google Calendar via the Email & Calendar Sync feature, we request read-only OAuth tokens (gmail.readonly, calendar.readonly) to scan for interview invites, recruiter replies, and follow-up dates. Email subjects, sender addresses, dates, and calendar event summaries matching job-related keywords are processed by Google Gemini to extract structured signals (company name, interview date, signal type). OAuth access and refresh tokens are AES-256-GCM encrypted and stored in our database. We never send emails or modify calendar events on your behalf. You can disconnect at any time from your Account Settings, which revokes the token and deletes it from our database.
  • Company Dossier Data: When you generate a Company Dossier, the company name and role title from your tracked application are sent to Google Gemini with Google Search grounding enabled to retrieve recent news and generate interview prep content. Dossier content is cached for up to 6 hours. Your viewing history and any personal notes you add are stored in our database.
  • Interview Loop Data: If you use the Interview Loop Simulator, your job title, job description excerpt, and resume excerpt are sent to Google Gemini to power multi-turn interview conversations. Full conversation transcripts, per-round scores, and aggregate feedback are stored in our database and associated with your account.
  • Offer Comparison Data: If you use the Offer Decision Engine, the offer details you enter (salary, equity, growth score, manager score, commute, benefits, etc.) are stored in our database. When you generate AI negotiation angles, a summary of your offer data is sent to Google Gemini for analysis.
  • Personal Brand Data: If you use the Personal Brand Kit, your source profile information (target role, skills, achievements, value proposition, career goal) and generated brand content (LinkedIn headline, About section, pitch, portfolio blurbs) are stored in our database. Profile data is sent to Google Gemini for content generation.

3. How We Use Your Information

Your information is used solely for the following purposes:

  • Providing the Service: Your resume and job description data are processed by third-party AI providers (Google Gemini) to generate tailored documents and interview preparation materials. Your news interests are used to fetch relevant articles via GNews and generate personalized briefings.
  • Audio Generation: Briefing text is processed by Inworld AI to generate narrated podcast audio.
  • Email Delivery: If you enable daily email briefings, your email address is shared with Resend to deliver briefing emails. We also send automated onboarding emails (tips, checklists, and feature highlights) during the first 14 days after signup to help you get the most out of the Service.
  • Learning Roadmaps: Your resume and a target job description are processed by Google Gemini to generate personalized learning paths with study guides and resource recommendations. Spaced repetition scheduling data (review intervals, ease factors, and knowledge check scores) is processed locally and stored in our database to optimize your review schedule using the SM-2 algorithm.
  • Authentication: Your Google or LinkedIn account information is used to manage your sign-in session via Supabase.
  • ATS Simulation & Recruiter View: Your resume and job description are processed by Google Gemini to simulate ATS platform parsing behavior and recruiter review patterns.
  • Professional Profile Audit: Profile text you provide is processed by Google Gemini to generate audit scores and rewrite suggestions. This data is sent to Google's servers for AI processing and is not permanently stored by us.
  • Phrase Library: AI-generated resume phrases are created by Google Gemini based on role categories and cached in your browser's session storage.
  • Chrome Extension: When you use the extension to save a job listing, the extracted job data (title, company, URL, description) is sent to Supabase to store in your Application Tracker. The extension authenticates using the same session as the main website.
  • Service Improvement: Aggregated, non-identifiable usage data helps us improve the Service.
  • Outcomes Analytics: Self-reported career outcomes are used for your personal tracking dashboard. When you belong to an organization, your outcomes data may be included in anonymized, aggregated analytics visible to organizational administrators. Individual salary data is never shared with your organization.
  • Classroom Facilitation: Student participation data (assignment completion, scores) is shared with cohort instructors to support classroom management and academic advising.
  • Credential Verification: Credential holder display names, credential titles, and issue dates are displayed on public verification pages to allow third parties to confirm credential authenticity.
  • Employer Services: Employer profiles and job postings are displayed to authenticated users to support job discovery. Verified employer profiles may be publicly indexed.
  • Community Features: User-generated posts and replies are displayed to authenticated users. Anonymized resume content is shared with peer reviewers to facilitate constructive feedback.
  • Briefing Transparency: We show you why each story was selected for your briefing, including curation logs and source diversity metrics, so you can understand and adjust your news preferences.
  • Gmail & Calendar Sync: When you connect Gmail and Google Calendar, we use read-only API access to scan email subjects and calendar events for job-related signals (interview invites, recruiter replies, follow-up dates). Matched signals are used to automatically update your Application Tracker. Email content beyond headers and calendar event summaries is not read or stored. OAuth tokens are encrypted and used solely to authenticate API requests.
  • Company Dossier: Company names and role titles are sent to Google Gemini with web search grounding to generate interview prep content including recent news, interview themes, and talking points.
  • Interview Loop Simulator: Job title, description excerpt, and resume excerpt are sent to Google Gemini to generate multi-turn interview conversations and scoring evaluations.
  • Offer Decision Engine: Offer details you enter are used for client-side scoring and comparison. When you request AI negotiation angles, a summary of your offer data is sent to Google Gemini.
  • Personal Brand Kit: Source profile data is sent to Google Gemini to generate consistent brand content (LinkedIn copy, pitch, portfolio blurbs).

4. Data Storage and Retention

  • Resume and job description content is processed transiently and is not permanently stored on our servers.
  • Generated outputs (tailored resumes, cover letters, interview questions) are stored in your browser's session storage and are cleared when you close your browser tab.
  • Your account profile information (name, email, avatar) is stored securely by our authentication provider, Supabase.
  • Email engagement data: We track which onboarding emails have been sent to your account to avoid duplicates. This data is stored alongside your user profile.
  • News briefings (text, interests, audio URLs, story reactions, and story thread data) are stored in our database for up to 90 days to support briefing history, podcast feed delivery, and story continuity tracking.
  • Podcast audio files are stored in Supabase Storage. We retain the last 10 audio files per user; older files are automatically deleted.
  • Learning paths (roadmaps, study guide progress, XP scores, spaced repetition intervals, mastery levels, streak data, daily challenge history, and community-submitted resources) are stored in our database and associated with your user account for as long as your account is active.
  • Gmail & Calendar sync tokens are AES-256-GCM encrypted and stored in our database for as long as the connection remains active. Disconnecting from Account Settings revokes the token with Google and permanently deletes it from our database. Sync activity logs are retained for 90 days.
  • Company dossier content is cached for up to 6 hours. Per-user viewing history and notes are stored for as long as your account is active.
  • Interview loop sessions (conversation transcripts, scores, and feedback) are stored for as long as your account is active.
  • Job offer data (compensation details, scores, AI negotiation angles) is stored for as long as your account is active.
  • Brand profiles and generated brand content are stored for as long as your account is active.

5. Third-Party Services

We use the following third-party services to operate:

  • Google Gemini API: Processes your text data to generate tailored documents. Subject to Google's Privacy Policy.
  • Inworld AI: Converts briefing text to speech audio for the podcast feature. Subject to Inworld AI's Privacy Policy.
  • GNews API: Fetches news articles based on your selected interests. Subject to GNews Terms.
  • Resend: Delivers daily email briefings if you opt in. Subject to Resend's Privacy Policy.
  • Supabase: Manages authentication, database, and edge function hosting. Subject to Supabase's Privacy Policy.
  • GitHub Pages: Hosts the website and serves static assets. Subject to GitHub's Privacy Statement.
  • Stripe: Processes premium subscription payments. We do not store your payment card details. Subject to Stripe's Privacy Policy.
  • Google Analytics: Collects usage data to help us improve the Service. We use Google Signals, which may collect demographic and interest data (such as age, gender, and interests) and associate it with your visitation information when you are signed into your Google account with ad personalization enabled. You can opt out of personalized advertising at Google Ads Settings or opt out of Google Analytics entirely via the Google Analytics Opt-out Browser Add-on. Subject to Google's Privacy Policy.
  • LinkedIn: Used for "Sign In with LinkedIn" authentication (via OpenID Connect) and the LinkedIn Insight Tag for ad campaign measurement. When you sign in with LinkedIn, we receive your name, email address, and profile picture. The LinkedIn Insight Tag uses cookies and pixel tracking to measure the effectiveness of our ad campaigns on LinkedIn. Subject to LinkedIn's Privacy Policy.
  • Google Identity Services: Used for "Sign In with Google" authentication. Our sign-in and signup pages load Google's client-side identity library (accounts.google.com/gsi/client) which renders Google's official sign-in button and can show a One Tap prompt if you are already signed into Google. When you complete the sign-in, Google returns a short-lived ID token to our site; we pass that token to Supabase to establish your session and never store the token itself. Google may set cookies on accounts.google.com during this flow. Subject to Google's Privacy Policy.
  • Google AdSense: Displays advertisements on the site. Google may use cookies to serve ads based on your prior visits. You can opt out of personalized advertising at Google Ads Settings.
  • Chrome Web Store: The TailorMeSwiftly Chrome Extension is distributed via the Chrome Web Store. Installation and updates are subject to Google's Privacy Policy.
  • Google Gmail & Calendar APIs: Used for the Email & Calendar Sync feature. We request read-only scopes (gmail.readonly, calendar.readonly) to scan for job-related emails and interview events. We do not send, modify, or delete any emails or calendar events. OAuth tokens are AES-256-GCM encrypted at rest in our database. Subject to the Google API Services User Data Policy and Google's Privacy Policy.

6. Cookies

We use cookies and similar technologies for:

  • Authentication: To keep you signed in during your session.
  • Preferences: To remember your theme preference (light/dark mode).
  • Analytics: Google Analytics (including Google Signals) and the LinkedIn Insight Tag (px.ads.linkedin.com) use cookies and tracking pixels to measure site usage, collect demographic and interest data, and evaluate ad performance. The LinkedIn Insight Tag may collect your IP address, browser type, and page URLs visited.
  • Advertising: Third-party advertising partners (Google AdSense) may set cookies to display relevant ads.

7. Data Sharing

We do not sell, trade, or rent your personal information to third parties. Your data is only shared with the third-party service providers listed above, strictly for the purpose of delivering the Service. Additionally:

  • Cohort Instructors: If you join a classroom cohort, your name, email, assignment completion, and scores are shared with your cohort instructor(s).
  • Organizational Administrators: If you belong to an organization, aggregated and anonymized outcomes data (not individual salary figures) may be visible to organizational admins.
  • Peer Reviewers: If you submit a resume for peer review, the resume content is shared with reviewers in anonymized form. Your name, email, and other PII are stripped before sharing.
  • Public Verification: If you earn a micro-credential, your display name, credential title, and issue date are publicly accessible via the credential verification link.
  • Authenticated Users: Discussion posts, replies, employer profiles (if verified), and job postings are visible to all authenticated users of the Service.

8. Data Security

We implement reasonable security measures to protect your information, including HTTPS encryption for all data in transit and secure authentication via Supabase. However, no method of transmission over the Internet is 100% secure.

9. Your Rights

You have the right to:

  • Access: View all data we hold about you through the Account page, learning dashboard, application tracker, and briefing history. You may also submit a formal data access request (see below).
  • Deletion: Delete your entire account and all associated data from the Account page. Deletion is immediate and cascades across all 25+ data tables, cancels Stripe subscriptions, purges podcast audio files, and removes your authentication record. This action is irreversible.
  • Correction: Edit your data directly through the platform UI. If you need assistance correcting data you cannot edit yourself, contact us.
  • Portability: Request a copy of your data in a machine-readable format (JSON or CSV) by submitting a data access request.
  • Opt-out: You can disable personalized ads through your Google account settings. You can manage cookie preferences using the cookie consent controls on the site.
  • Unsubscribe: Every email we send includes an unsubscribe link. You can opt out of onboarding and marketing emails at any time. Unsubscribing will not affect your account or access to the Service.

How to Submit a Data Access Request

Email admin@tailormeswiftly.com with the subject line "Data Access Request." Include the email address associated with your account and specify whether you are requesting access, correction, deletion, or data export. We will verify your identity and respond within 30 days.

For institutional license data requests, see our Compliance Center or Data Processing Agreement.

10. Children's Privacy

The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Student Data & FERPA

When TailorMeSwiftly is used by educational institutions under an institutional license with a signed Data Processing Agreement, the platform is configured to support the institution's FERPA (Family Educational Rights and Privacy Act) obligations. Student resume content, learning progress, and briefing preferences are encrypted in transit (TLS 1.3) and at rest (AES-256). We do not share student data with employers, recruiters, or any third parties beyond the subprocessors listed in our Compliance Center. Students retain full control of their data with self-service deletion available at any time. For institutional data handling agreements, contact us at admin@tailormeswiftly.com.

Organizational Data Sharing

When you join an organization on TailorMeSwiftly (via an invite link or admin invitation), you are presented with a consent modal before any data is shared with the organization. You must actively accept this consent before organizational data sharing begins.

Data shared with your organization:

  • Engagement metrics (e.g., login frequency, features used, activity streaks)
  • Career Readiness Score (an aggregated metric derived from platform usage patterns)
  • Aggregated usage statistics visible to organizational administrators

Data that remains private and is never shared with your organization:

  • Resume content and cover letter text
  • Interview responses and mock interview recordings
  • Job application details, saved job listings, and application tracker data

This data sharing framework is designed to comply with FERPA requirements for educational institutions. Organizations designated as FERPA-covered entities receive only the minimum data necessary for legitimate educational purposes, as defined in the signed Data Processing Agreement.

13. GDPR — European Economic Area Users

If you are located in the European Economic Area (EEA), the following disclosures apply under the General Data Protection Regulation (EU) 2016/679 ("GDPR").

Data Controller

Tailored Services LLC, operating TailorMeSwiftly.com, is the data controller for the personal data described in this Privacy Policy. Contact: admin@tailormeswiftly.com.

Lawful Basis for Processing

  • Contract performance (Art. 6(1)(b)): Processing your account data, resume content, and learning progress is necessary to provide the Service you signed up for.
  • Legitimate interests (Art. 6(1)(f)): We process usage analytics and error logs to improve the Service and maintain security. We balance these interests against your privacy rights.
  • Consent (Art. 6(1)(a)): Analytics and marketing cookies are only activated with your explicit consent via our cookie consent banner. You may withdraw consent at any time by clearing your cookie preferences.

Your Rights Under GDPR

In addition to the rights listed in Section 9, EEA residents have the right to:

  • Right to erasure (Art. 17): Request deletion of all your personal data. You can exercise this immediately via the Account page "Delete Account" button, which cascades deletion across all data tables, cancels subscriptions, purges stored files, and removes your authentication record. You may also submit a written request to the email below.
  • Right to restriction of processing (Art. 18): Request that we restrict the processing of your data in certain circumstances.
  • Right to data portability (Art. 20): Request a copy of your personal data in a structured, machine-readable format (JSON or CSV).
  • Right to object (Art. 21): Object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

Data Protection Contact

For GDPR-related inquiries, data subject access requests, or to exercise any of the rights above, contact: admin@tailormeswiftly.com with the subject line "GDPR Request."

International Data Transfers

Your data is stored and processed in the United States (AWS us-east-1 via Supabase). Transfers from the EEA to the US are conducted in reliance on the EU-U.S. Data Privacy Framework, where applicable, or Standard Contractual Clauses. Our subprocessors are listed in our Security Policy.

14. CCPA — California Residents

If you are a California resident, the following disclosures apply under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected

  • Identifiers: Name, email address, profile picture, user ID.
  • Internet or electronic network activity: Pages visited, features used, interaction logs, cookie data.
  • Professional or employment-related information: Resume text, job descriptions, cover letters, job application tracking data, career outcomes.
  • Education information: Learning path progress, skill assessments, mastery levels, spaced repetition data, credential records.
  • Inferences: ATS scores, match scores, career readiness scores derived from your data.

Your Rights Under CCPA

  • Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom it is shared.
  • Right to delete: You may request deletion of your personal information. You can exercise this immediately via the Account page "Delete Account" button, or by emailing us.
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. No opt-out is required because no sale or sharing occurs.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, service quality, or access levels for exercising these rights.

How to Submit a CCPA Request

Email admin@tailormeswiftly.com with the subject line "CCPA Request." Include the email address associated with your account and specify the right you wish to exercise. We will verify your identity and respond within 45 days, as required by law.

15. Contact

If you have questions about this Privacy Policy, please reach out via our website at TailorMeSwiftly.com or email admin@tailormeswiftly.com.

← Return to TailorMeSwiftly.com