Privacy Policy

1. Introduction

Welcome to preparAItor (“Service”), operated by CHW-Services GmbH (“Company,” “we,” “us,” or “our”). We are committed to protecting your personal information and your right to privacy in accordance with the Swiss Federal Data Protection Act (FADP), the EU General Data Protection Regulation (GDPR), and the EU Artificial Intelligence Act (Regulation (EU) 2024/1689).

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. If you do not agree with this privacy policy, please do not access the Service.

Data Controller: CHW-Services GmbH acts as the data controller for all personal data processed through the preparAItor Service. This means we determine the purposes and means of processing your personal data. Our sub-processors (listed at Sub-processors) act as data processors on our behalf, processing data only according to our documented instructions.

2. Information We Collect

2.1 Personal Information You Provide

Account Registration:

• Email address (required)
• Password (encrypted)
• Display name
• First and last name
• Language and timezone preferences
• Age confirmation
• Terms of Service acceptance

Profile Information:

• Professional summary
• Contact information (phone, LinkedIn, GitHub, portfolio URLs)
• Location information (city, country, postal code)

User Preferences:

• Theme preference (light/dark)
• UI language and document generation language (EN, DE, FR, IT)
• Document tone preference (formal, confident, friendly)
• Swiss orthography preference (ss vs ß)
• Data retention period preferences (generation history: 1, 7, or 30 days; interview sessions: 30, 90, or 180 days; application tracker entries are kept for 365 days)
• Email and in-app notification preferences
• Bulk download format preferences (PDF documents, Editable Word documents, Plain-text documents)

CV/Resume Data:

• Employment history (companies, positions, dates, descriptions)
• Educational background (institutions, degrees, fields of study, dates)
• Skills and competencies (hard and soft skills)
• Projects and achievements
• Languages and proficiency levels
• References (if provided)
• Raw text extracted from CV analysis
• File metadata (name, type, size, upload date, analyzer version)

Job Application Data:

• Job titles and descriptions
• Company information
• Application requirements
• Application deadlines

Interview Practice Data:

• Interview session transcripts (encrypted at rest)
• AI-generated interview questions and candidate responses
• Voice interview audio (transient): when you use the voice interview feature, your microphone audio is streamed to Google Vertex AI for real-time speech recognition and is not stored — only the resulting encrypted transcript is retained
• Session metadata and timing

Payment Information:

• Stripe customer ID
• Subscription details
• Transaction history
• Billing address (if provided)
• Note: We do not store credit card numbers or banking information directly

Cloud Sync Preferences:

• Google Drive connection status and OAuth tokens (encrypted)
• OneDrive connection status and OAuth tokens (encrypted)

2.2 Information Automatically Collected

Device and Browser Information:

• IP address, browser type and version, screen resolution, operating system
• Language preferences, time zone, cookie and JavaScript status
• Device/browser fingerprint (a hashed visitor ID combining canvas, audio, font, timezone and similar browser-API signals) — computed locally in your browser using the open-source FingerprintJS library and used for signup throttling, account-abuse prevention, and post-signup abuse-cluster detection
• WebGL support — for compatibility checking
• Touch capability — for UI optimization

Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR / Art. 31(1)(c) FADP) in preventing fraud, abuse of free credits, restoring anti-abuse usage limits after deletion and re-registration, and ensuring service compatibility. The device fingerprint is computed entirely in your browser and is not transmitted to any third party — only the resulting hashed visitor ID is sent to our servers. We store limited signup security metadata such as hashed visitor ID, IP address, user agent, timezone/language and sign-in provider for abuse investigation and account-integrity checks.

Usage Information:

• Pages visited, features used, generation history
• Click patterns, form interaction timing, session duration
• Error logs

Authentication & Security:

• Login timestamps, last activity time, security events
• reCAPTCHA assessments, App Check tokens

Cookie Notice Acknowledgement:

• Notice version, acknowledgement timestamp, and ID (UUID)
• Stored in browser localStorage only, to avoid re-showing the notice on every visit

2.3 Information from Third Parties

OAuth Providers (Google): Email address, display name, profile photo URL.

OAuth Providers (Microsoft): Email address, display name, OneDrive access permissions.

Payment Processor (Stripe): Payment confirmation, subscription status, transaction details.

3. How We Use Your Information

3.1 Service Provision (Legal Basis: Contract Performance)

• Create and manage your account
• Process your CV and job information through AI systems
• Generate customized application documents using AI
• Store your documents and templates
• Track your usage and credits
• Perform web searches to enrich company information
• Conduct interview practice sessions with AI-generated questions

3.2 Service Improvement (Legal Basis: Legitimate Interest)

• Analyze usage patterns
• Improve AI model accuracy (using anonymized data only)
• Develop new features, fix bugs, optimize performance

3.3 AI Processing

We use artificial intelligence (Google Gemini models via Vertex AI on Google Cloud) to:

• Process and analyze your CV and job descriptions
• Generate customized application documents
• Perform web searches to enrich company information
• Extract relevant information from job postings
• Generate interview practice questions tailored to job requirements
• Analyze candidate responses during interview practice sessions

Important: AI processing is limited to generating, extracting, structuring, and suggesting content for your review. It does not make decisions about you. You can request human review of AI-generated content (see section 12.3). Google does not use your data submitted through Vertex AI to train its foundation models, as confirmed in the Google Cloud Data Processing Addendum.

User-controlled data minimization: You control what personal data you provide for AI processing. If you want to use the Service without sharing direct identifiers or sensitive personal details such as your real first name, last name, email address, postal address, date of birth, or similar information, remove or replace them in your CV before uploading and use placeholders in your profile information. When DOCX output is available to you, you can customize downloaded documents locally before sending them. The same applies to interview practice: if you do not mention personal identifiers during a session, they are not included in the AI request. For meaningful results, your CV and job inputs still need to contain the professional information required for the task, such as work history, education, skills, projects, and relevant experience.

3.4 EU AI Act Transparency (Regulation (EU) 2024/1689, Article 50)

In compliance with the EU Artificial Intelligence Act, we disclose the following:

• AI system purpose: preparAItor uses AI to generate job application documents (cover letters, emails, interview Q&A, job summaries) and to conduct AI-powered interview practice sessions based on user-provided CV data and job descriptions.
• AI provider and models: We use Google Gemini models accessed via the Vertex AI API (Google Cloud). AI processing takes place in europe-west3 (Frankfurt, Germany).
• AI-generated content: All documents generated by our Service are produced by AI and are clearly labeled as such within the application interface. Users are responsible for reviewing and editing AI-generated content before submitting it to prospective employers.
• User control: Our AI system is a content-generation and drafting tool. It does not make decisions about you, determine your suitability for a job, make hiring decisions, or replace your judgment. You retain full control over whether to use, modify, or discard any AI-generated output.
• Risk classification: preparAItor is not classified as a high-risk AI system under Annex III of the EU AI Act. It is a user-facing productivity tool that assists with document drafting; it does not perform recruitment, candidate screening, ranking, scoring, or automated filtering on behalf of employers.
• Limitations: AI-generated content may contain inaccuracies, contextual misinterpretations, or outdated information from web searches. See our Terms of Service section 10.1 for full disclaimers.

3.5 Communication

• Send service-related emails (account confirmation, password reset, document ready notifications)
• Notify about account activity
• Provide customer support
• Send billing notifications
• Alert about security issues

3.6 Business Operations

• Process payments, prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations

3.7 Marketing (with consent)

• Send promotional emails, inform about new features
• Share tips and best practices, conduct user surveys

4. How We Share Your Information

4.1 Service Providers

Firebase (Google): User authentication, database storage (Firestore), file storage (Cloud Storage), App Check. preparAItor does not use Firebase Analytics or Firebase Performance Monitoring. Location: europe-west6 (Zurich, Switzerland).

Google Vertex AI (Google Cloud): Document generation using Google Gemini models, content analysis, web search for company enrichment (grounding), interview question generation and response analysis. Location: europe-west3 (Frankfurt, Germany). Google does not use your data to train its AI models. Under the Google Cloud Data Processing Addendum and the Vertex AI Service Specific Terms, customer data submitted via the Vertex AI API is not used by Google to improve or train Google’s foundation models. AI requests are generated from the user-submitted CV, job, and interview content needed for the selected feature; identifiers may be included where necessary for the user-requested document or output.

Google Cloud KMS: Field-level encryption for sensitive content where KMS-backed encryption is used, such as CV content and interview data. OAuth tokens are encrypted separately with AES-256-GCM using a secret-managed application encryption key. Location: europe-west6 (Zurich, Switzerland).

Google Drive: Cloud file synchronization for generated documents (only when explicitly enabled by user).

Microsoft OneDrive: Cloud file synchronization for generated documents (only when explicitly enabled by user).

Stripe: Payment processing, subscription management, customer portal access, transaction records. Stripe acts as an independent data controller for payment data it processes.

Brevo (formerly Sendinblue): Transactional email delivery (account confirmation, password reset, billing reminders). Marketing emails only with explicit consent. No CV or document content is sent via email.

reCAPTCHA (Google): Bot detection and security assessment.

4.2 Legal Requirements

We may disclose your information if required by law, including court orders, government requests, law enforcement requirements, and legal proceedings.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4.4 Aggregated Information

We may share aggregated, anonymized information that cannot identify you with third parties for research or service-improvement purposes.

4.5 Your Consent

We may share your information with your explicit consent for specific purposes.

5. Data Security

5.1 Security Measures

• HTTPS / TLS encryption for all data transmission (HSTS enforced)
• Field-level encryption using AES-256-GCM for sensitive content such as CV content and interview data, with encryption keys managed by Google Cloud KMS where KMS-backed encryption is used
• Firebase Authentication for secure password handling and session management
• Firebase security rules with role-based access control
• Firebase App Check API protection enforced via reCAPTCHA Enterprise
• OAuth tokens encrypted at rest (AES-256-GCM) with user-bound authenticated data using a secret-managed application encryption key
• Strict Content Security Policy and browser security headers, including an explicit frame-ancestors allowlist and X-Content-Type-Options
• Regular security audits
• Geographic restrictions to European data centers where possible
• Encryption at rest in all data centers
• Rate limiting and anti-abuse protections on all API endpoints

5.2 Data Breach Response

In the event of a data breach:

• We will notify affected users within 72 hours via email
• We will notify the Swiss FDPIC within 72 hours
• We will notify relevant EU supervisory authorities if EU residents are affected
• We will document the breach and take immediate steps to minimize harm

6. Data Retention

6.1 User-Configurable Retention

• Generation history (cover letters, emails, generated documents): 1, 7, or 30 days — default 30 days, capped at 30 days
• Interview sessions (transcripts, summaries): 30, 90, or 180 days — default 90 days, capped at 180 days
• Application tracker entries: fixed 365-day retention from import (not user-configurable)
• Temporary upload blobs (raw CV/job PDFs): deleted within minutes of processing; in any case removed within 1 hour by an automated sweep and within 1 day by storage lifecycle rules
• Automatic deletion after the configured period
• You can change generation-history and interview-session retention at any time in your account preferences

6.2 Fixed Retention Periods

• Consent records: retained for compliance proof while the account exists and generally for 3 years after account deletion where required for GDPR/FADP accountability
• Security logs: 180 days
• Email logs: 90 days
• Deletion audit records: 90 days; these may include account email, requester IP address and user agent, deletion timing, deletion summary, and Stripe customer ID where present
• Anti-abuse account-deletion records: 180 days; these may include email, Google user ID, Stripe customer ID where present, prior usage/credit snapshot, IP address, user agent, and suspicious-pattern flags
• Signup security metadata used for abuse-cluster detection: retained as account-security metadata and not covered by generation-history retention
• Error logs: 30 days
• Pending checkout sessions: automatically cleaned up after expiration
• Payment records: transaction metadata retained by our payment processor (Stripe) per their retention policies

6.3 Account Deletion

You can delete your account at any time through your account settings. Deletion requires multi-language confirmation (typing “DELETE”, “LÖSCHEN”, “ELIMINA”, or “SUPPRIMER”). Deletion is immediate and irreversible — there is no grace period and no recovery window. When you confirm:

• Core account content is permanently deleted right away (account profile, CVs, parsed jobs, generated documents, tracker entries, interview sessions, summaries, custom templates), subject to the limited compliance, billing, security, and anti-abuse records described in this Policy
• Active Stripe subscriptions are cancelled as part of the same flow, so no further charges will occur
• A deletion confirmation email is sent
• A deletion audit record is retained for 90 days and may include the account email, requester IP address and user agent, deletion timing, deletion summary, and Stripe customer ID where present
• Anti-abuse account-deletion records are retained for 180 days to prevent repeated free-credit or lifetime-session abuse after delete-and-recreate cycles
• Consent records may be retained for compliance proof, and signup security metadata may remain available for account-integrity and abuse-cluster investigation
• Billing records and transaction metadata held by Stripe are retained per their policies and applicable tax law
• Anonymized, aggregated usage data may be retained for service improvement
• Files already synced to your own Google Drive or OneDrive remain in your cloud storage; revoke our OAuth access from your Google/Microsoft account if you want to sever that connection too

Export anything you need to keep before you confirm — nothing can be recovered after deletion.

7. Your Privacy Rights

7.1 Access and Portability

You have the right to access your personal information, download your data in a portable format, view generation history, export your CV information, and request a complete copy of all your data by emailing admin@preparaitor.ch.

Note: Complete data access requests may take up to 30 days.

7.2 Correction and Update

You can update your profile information, correct inaccurate data, modify your preferences, and change notification settings.

7.3 Deletion

You can request deletion of individual documents, specific data points, or your entire account. Some data may be retained for legal compliance.

7.4 Restriction and Objection

You can restrict processing of your data, object to certain uses, and opt-out of marketing communications. preparAItor does not collect analytics data, so there is nothing to disable in that category.

7.5 Consent Withdrawal

You can withdraw consent for marketing communications, non-essential cookies, and promotional emails.

Cannot Opt-Out From: Essential cookies, AI processing (core service functionality), storage of public job offer data, and basic usage tracking for security and billing. These are fundamental to providing our Service.

8. Cookie Policy

Scope: This Cookie Policy applies to the preparAItor application available at app.preparaitor.ch. The public landing page at preparaitor.ch does not set any cookies or use tracking technologies.

preparAItor uses only cookies and local storage that are strictly necessary to provide the service you requested. We do not run Google Analytics, Firebase Analytics, Firebase Performance Monitoring, advertising pixels, or any other tracking tool. There is nothing to opt in or out of, and no consent toggles — because there is nothing tracking you.

8.1 What is stored, and why

• Sign-in (Firebase Auth, IndexedDB): keeps you signed in across browser sessions. Cleared when you sign out or delete your account.
• Bot protection (reCAPTCHA via Firebase App Check): short-lived tokens and Google-side cookies on google.com/recaptcha used to block automated abuse. Required for the app to function.
• Cross-tab sign-out signalling (localStorage): a transient flag that lets other open tabs know you signed out in this tab.
• Payment processing (Stripe): Stripe.js sets its own cookies (__stripe_mid, __stripe_sid) but only during the checkout flow and only on pages where you are actively paying.
• Theme, UI language, and user settings (localStorage): so the app remembers your preferred light/dark mode, interface language, and saved settings between visits. First-party, never transmitted.
• Cookie notice acknowledgement (localStorage): so we don’t re-show the notice on every visit.

All of the above fall under the “strictly necessary for a service the user requested” exemption from the ePrivacy Directive’s consent requirement, as interpreted by CNIL (France) and the ICO (UK).

8.2 Google Sign-In

If you choose to sign in with Google, Google sets its own cookies on accounts.google.com during the OAuth flow, under Google’s own privacy policy. preparAItor does not control these cookies and cannot read them. Using email sign-in instead avoids this entirely.

8.3 AI processing consent

Processing of your CV, job descriptions, and interview-practice content by Google Gemini (Vertex AI) requires explicit consent. By accepting this Privacy Policy at sign-up you give that consent — there is no separate AI consent modal, and the cookie notice does not cover it. The full scope of AI processing (purposes, models, region, EU AI Act transparency, purpose limitation, and Google’s contractual no-training guarantee under the Vertex AI Service Specific Terms) is set out in sections 3.3, 3.4 and 4.1 of this Policy. You can withdraw your consent at any time by deleting your account; without AI processing the core service cannot function.

8.4 How to manage this

You can re-read the cookie notice at any time from Settings → Preferences → Privacy → Show cookie notice. Because nothing tracks you, there is nothing to disable. To remove what is stored locally, use your browser’s Clear site data control — this will sign you out and reset your theme/language preferences.

9. Children’s Privacy

Our Service is not intended for children under 16 (in accordance with GDPR Article 8). We do not knowingly collect personal information from children. If we discover that a child under 16 has provided us with personal information, we will delete it immediately.

10. International Data Transfers

10.1 Data Processing Locations

Primary Data Centers:

• Firebase Services: europe-west6 (Zurich, Switzerland)
• AI Processing (Google Gemini / Vertex AI): europe-west3 (Frankfurt, Germany)
• Document Generation (Cloud Run): europe-west6 (Zurich, Switzerland)
• Rate Limiting & KMS: europe-west6 (Zurich, Switzerland)

Third-Party Processing:

• Stripe: European data centers (primary), with potential US processing
• Google OAuth/reCAPTCHA: Global infrastructure, nearest data center
• Microsoft OAuth (OneDrive): European data centers (primary)
• Brevo Email Delivery: European data centers

10.2 Transfer Safeguards

For any transfer of personal data outside Switzerland or the EEA, we implement the following safeguards:

• Standard Contractual Clauses (SCCs): Executed with all processors and sub-processors where required
• Transfer Impact Assessment (TIA): We have conducted a Transfer Impact Assessment in accordance with the Schrems II ruling (CJEU C-311/18) for all data flows to processors that may involve non-EEA processing. Our assessment considers the legal framework of the recipient country, supplementary technical measures (encryption, pseudonymization), and the practical likelihood of government access to transferred data. The TIA is reviewed annually.
• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Compliance with FADP and GDPR transfer provisions
• Data localization to European data centers (Zurich, Frankfurt) as default
• Regular security and compliance audits

11. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information is collected and if it is sold or disclosed, the right to say no to sale, the right to equal service and price, and the right to delete personal information. We do not sell personal information to third parties.

12. Swiss and European Privacy Rights (FADP/GDPR)

12.1 Your Rights

Right to access, rectification, erasure, restrict processing, data portability, object to processing, withdraw consent, not be subject to decisions based solely on automated processing where applicable, and lodge a complaint with supervisory authorities.

12.2 Legal Basis for Processing

• Contract Performance: Account management, service delivery, AI document generation
• Legitimate Interest: Security, fraud prevention, service improvement
• Consent: Marketing communications, AI model improvement (anonymized data only)
• Legal Obligation: Tax records, compliance

12.3 AI-Assisted Processing and No Automated Decision-Making (Art. 13(2)(f) / Art. 22 GDPR)

Our Service uses automated processing to generate and structure content for you. This processing does not make decisions about you. It includes:

• Document generation: AI generates draft cover letters, emails, and other application documents based on your CV data and job descriptions. This is the core functionality of the Service and is based on your explicit consent and contract performance.
• CV analysis: AI extracts structured information (skills, experience, education) from uploaded CV documents so you can review, correct, and reuse it.
• Interview practice: AI generates tailored interview questions and provides feedback on your responses for self-practice. It does not assess your employability or decide any outcome.
• Job matching signals: AI may highlight relevant skills or possible experience gaps based on job requirements. These are informational prompts for your review and do not constitute a binding decision.

No automated decision-making: preparAItor does not make decisions about you, make hiring decisions, reject applications, rank or score candidates for employers, screen candidates on behalf of employers, or send automated decisions to third parties. The AI output is content for you to review, edit, use, or discard. It does not have legal or similarly significant effects within the meaning of GDPR Article 22(1).

Your controls for AI-generated content:

• Request human review of any AI-generated content by contacting admin@preparaitor.ch
• Provide feedback about AI-generated outputs
• Report any output you believe is inaccurate, biased, or unfair
• Request an explanation of how a particular output was generated
• Request correction or regeneration where appropriate
• We aim to respond to human review requests within 5 business days

12.4 Supervisory Authorities

Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, CH-3003 Bern — www.edoeb.admin.ch

EU: Your local data protection authority. A directory of EU/EEA supervisory authorities is maintained by the European Data Protection Board (edpb.europa.eu/about-edpb/about-edpb/members_en).

12.5 Geographic Scope

preparAItor is primarily designed for the Swiss job market. During registration, users confirm that they are residents of Switzerland or acknowledge that the Service is primarily designed for the Swiss job market. We extend FADP and GDPR-equivalent privacy protections to all users regardless of their location. Users outside Switzerland use the Service at their own discretion and are responsible for compliance with their local data protection regulations.

13. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices and encourage you to read their privacy policies.

14. Changes to This Privacy Policy

We may update this policy from time to time. We will notify you by posting the new policy, updating the “Last Updated” date, and sending email notification for material changes.

15. Data Processing Addendum

For business customers requiring a DPA, contact admin@preparaitor.ch. Our standard DPA includes FADP and GDPR compliance terms, Standard Contractual Clauses, security obligations, audit rights, and a sub-processor list.

16. Records of Processing Activities

In compliance with FADP and GDPR Article 30, we maintain records of all processing activities. These records are available to supervisory authorities upon request.

17. Privacy by Design

• Purpose-limited AI requests: AI requests are generated from the CV, job, and interview content needed for the feature you choose to use. Because application documents may require identity or contact details, we do not claim that all personal identifiers are automatically stripped or pseudonymized before Vertex AI processing.
• Encryption by default (Cloud KMS for KMS-backed sensitive fields, separate AES-256-GCM encryption for OAuth tokens, HTTPS for transit)
• Retention controls for generated documents, interview sessions, uploads, and temporary processing files
• Data Protection Impact Assessment (DPIA): Conducted in accordance with GDPR Article 35 for our AI-based CV and document-generation processing. The processing is automated, but it is content generation for user review and does not involve automated decision-making under GDPR Article 22. The DPIA is reviewed annually or whenever significant changes are made to our AI processing pipeline.
• Security testing and audits
• No use of Vertex AI customer prompts or outputs to train Google foundation models, as stated in the Google Cloud Data Processing Addendum
• Aggregated or anonymized data only for internal service improvement where applicable

A summary of our DPIA findings is available upon request to supervisory authorities. The assessment covers the necessity and proportionality of AI processing, risks to data subjects, and the safeguards we implement (encryption, purpose limitation, retention controls, user review, and human review on request).

18. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

For data access requests: admin@preparaitor.ch (up to 30 days processing time)
For FADP/GDPR inquiries: admin@preparaitor.ch
For CCPA inquiries: admin@preparaitor.ch

You may also submit data requests through your account settings.