Privacy Policy

Effective date: April 8, 2026

1. Introduction

Gridpass (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you use our Service at gridpass.ai. By using Gridpass, you agree to the practices described in this policy.

2. Information We Collect

Information you provide directly:

  • Account information: Name and email address when you create an account.
  • Resume content: Text you paste or PDF files you upload for analysis.
  • Job descriptions: Text you paste for comparison against your resume.
  • Payment information: Processed entirely by Stripe. We never see or store your credit card details.

Information collected automatically:

  • Usage data: Pages visited, features used, and scan counts.
  • Device information: Browser type, operating system, and IP address.
  • Cookies: Session tokens for authentication. We do not use advertising or tracking cookies.

3. How We Use Your Information

  • To provide, operate, and improve the Service
  • To process payments and manage your subscription
  • To send transactional emails (account creation, password reset, billing)
  • To monitor usage and prevent abuse
  • To respond to support requests
  • To comply with legal obligations

We do not use your resume content to train AI models, sell data to third parties, or serve advertising.

4. How We Store and Protect Your Data

We take data security seriously:

  • Pay-as-you-go users: Your resume and job description are analyzed in memory and never written to our database. Once results are returned, the content is gone.
  • Pro users: If you choose to save analyses, your resume content and full analysis results are encrypted using AES-256-GCM with a unique key derived from your account using HKDF. This means we are technically unable to read your stored resume data — only you can decrypt it.
  • All data: Transmitted over HTTPS/TLS. Stored in a SOC 2-compliant PostgreSQL database (Neon).
  • Passwords: Hashed using bcrypt before storage. We never store passwords in plain text.

5. PDF Processing

When you upload a PDF resume, it is processed entirely in your browser using client-side JavaScript. The raw PDF file is never uploaded to our servers — only the extracted text is sent for analysis.

6. Third-Party Services

We use the following third-party services to operate Gridpass:

  • Anthropic (Claude): Powers our AI resume analysis. Resume and job description text is sent to Anthropic's API for processing. Anthropic's data handling is governed by their privacy policy.
  • Stripe: Handles all payment processing. We never store credit card information.
  • Neon: Our database provider. Data is stored in a SOC 2-compliant environment.
  • Vercel: Our hosting provider. Handles web traffic and serverless functions.
  • Resend: Used to send transactional emails.

We do not sell, rent, or share your personal information with any other third parties for marketing purposes.

7. Data Retention

  • Account data: Retained for as long as your account is active.
  • Saved resumes (Pro): Retained until you delete them or delete your account.
  • Payment records: Retained as required by law and by Stripe.

When you delete your account, your unique encryption key is permanently destroyed, making all stored resume data irrecoverable — even by us. Account data is deleted within 30 days.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Export your data in a portable format

To exercise any of these rights, contact us at support@gridpass.ai. We will respond within 30 days.

9. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising, analytics tracking, or third-party cookies. You can disable cookies in your browser settings, but this may prevent you from signing in.

10. Children's Privacy

Gridpass is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service. The effective date at the top of this page will always reflect the most recent version.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at:

Gridpass
support@gridpass.ai

Terms of ServiceBack to Gridpass
Privacy Policy — Gridpass | Gridpass