Privacy Policy
Last updated: 19 July 2026
1. Introduction
Zentrivas ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service.
2. Data We Collect
Information You Provide
- Account data: Name, email address, phone number, location, address.
- CV data: Uploaded CV files and their parsed content (work experience, skills, education).
- Cover letters: Templates and AI-generated content.
- Application data: Job titles, company names, application status, recruiter emails.
Information We Collect Automatically
- Usage data: Pages visited, features used, application counts.
- Device data: Browser type, operating system, IP address.
- Email logs: Send status, timestamps (not email content after delivery).
3. How We Use Your Data
- To provide and maintain the Service (CV parsing, job search, email sending).
- To generate AI-powered cover letters tailored to your profile.
- To send job applications on your behalf to prospective employers.
- To track and display your application pipeline.
- To manage your subscription and billing.
- To improve and optimize the Service.
- To communicate with you about your account or the Service.
4. Legal Basis for Processing (GDPR)
- Contract performance: Processing necessary to deliver the Service you subscribed to.
- Legitimate interests: Service improvement, fraud prevention, analytics.
- Consent: AI processing of your CV data, marketing communications.
5. Data Sharing
We do not sell your personal data. We share data only with:
- Prospective employers: Your CV and cover letter when you initiate an application.
- Service providers: Payment processing (Stripe), email delivery (Resend), AI services (for cover letter generation), job search APIs.
- Legal requirements: When required by law or to protect our rights.
6. Google User Data & Gmail Access
When you choose to connect your Google account to send job applications, Zentrivas requests the following Google OAuth scopes:
- https://www.googleapis.com/auth/gmail.send — to send job application emails to employers on your behalf, from your own Gmail address, only when you initiate or schedule an application.
- https://www.googleapis.com/auth/userinfo.email — to identify which Gmail address is connected.
We access this data solely to provide the email-sending feature you request. Specifically:
- We only send emails you create or approve. We do not read, index, or store the contents of your mailbox, and we request no read or receive scopes.
- We store only the OAuth tokens required to send on your behalf and the connected email address, encrypted at rest. You can disconnect at any time in Settings, which revokes and deletes these tokens.
- We do not use Google user data for advertising, and we do not sell it or transfer it to third parties, except as necessary to provide the feature, to comply with applicable law, or as part of a merger or acquisition where this policy continues to apply.
- We do not allow humans to read your Google user data unless we have your affirmative consent for specific messages, it is necessary for security purposes (such as investigating abuse), it is required to comply with applicable law, or the data has been aggregated and anonymized for internal operations.
Zentrivas's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
7. Data Retention
- Account data: Retained while your account is active, deleted within 30 days of account deletion.
- Application data: Retained for 12 months after the application date, then anonymized.
- Email logs: Retained for 90 days for troubleshooting, then purged.
- CV files: Deleted within 7 days of removal from the platform.
8. Your Rights
Under GDPR and UK data protection law, you have the right to:
- Access: Request a copy of your personal data.
- Rectification: Correct inaccurate data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Portability: Receive your data in a machine-readable format.
- Restriction: Limit how we process your data.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent.
To exercise these rights, contact us at privacy@zentrivas.com or use the data export feature in Settings.
9. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS) and at rest.
- Row-level security on database tables.
- Secure secret management for API keys.
- Regular security reviews and updates.
10. International Transfers
Your data may be processed in countries outside the UK/EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable.
11. Cookies
We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.
12. Children's Privacy
The Service is not intended for users under 18. We do not knowingly collect data from minors.
13. Changes to This Policy
We may update this Policy from time to time. We will notify you of material changes via email or in-app notification.
14. Contact & Complaints
Data Controller: Zentrivas
Email: privacy@zentrivas.com
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.