Privacy Policy

Hamster AI (“we”, “our”, “us”) operates the Hamster AI resume builder service. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service.

Our service is provisioned in eu-west-1 (EU West — Ireland) to keep EU user data within the European Economic Area.

• Account data: your name and email address, collected via OAuth sign-in (Google, Apple, or LinkedIn).
• Resume files: PDF or DOCX files you upload. These are stored securely in Supabase Storage and used solely to generate tailored application documents.
• Job descriptions: text you paste into the app for tailoring.
• Generated documents: tailored resumes and cover letters we produce on your behalf, stored so you can download and refine them.
• Usage data: application and version history, chat messages with Hamster AI, and ATS/review scores.
• Payment data: billing is handled entirely by Stripe. We store only a Stripe customer ID and subscription status — we never see your card details.

• To provide and improve the resume-building service.
• To process AI analysis via Anthropic Claude (resume parsing, tailoring, scoring).
• To manage your subscription and billing via Stripe.
• To send transactional emails (e.g. receipts) where necessary.

Lawful basis: contract performance — processing is necessary to deliver the service you signed up for.

We share data only with the following sub-processors, each under a Data Processing Agreement (DPA):

• Supabase — database and file storage (eu-west-1)
• Anthropic — AI resume analysis and generation
• Stripe — payment processing
• Google Cloud Platform — document rendering service (Cloud Run)
• Vercel — web hosting and serverless functions

We retain your data for as long as your account is active. You can delete your account at any time from the Account page, which permanently erases all your data including uploaded resumes, generated documents, chat history, and your authentication record.

If you are located in the EU/EEA, you have the following rights:

• Right of access: request a copy of your personal data.
• Right to rectification: correct inaccurate data.
• Right to erasure: permanently delete your account and all associated data via the Account page, or by emailing us.
• Right to data portability: request your data in a structured, machine-readable format.
• Right to object: object to processing based on legitimate interests.

To exercise any right, use the Account page self-service deletion or email us at privacy@hamsterai.com. We will respond within 30 days.

We use only essential session cookies required for authentication. We do not use tracking, analytics, or advertising cookies.

All data is encrypted in transit (TLS) and at rest. Access to production systems is restricted to authorised personnel and automated pipelines using IAM roles and short-lived tokens.

We may update this policy occasionally. We will notify you of material changes via email or a prominent notice in the app before the changes take effect.

Questions? Email privacy@hamsterai.com.