Privacy Policy

1. Who We Are

F* ATS is operated by an individual operator based in the Czech Republic. We act as the data controller for all personal data collected through f-ats.app. For data protection enquiries, contact us at: privacy@f-ats.app

2. What Data We Collect

Account data: When you register, we collect your email address, name (if provided via Google OAuth), and account creation date.

Authentication data: If you use Google Sign-In, Google provides us with your email address and public profile name. We do not receive or store your Google password.

Resume and job description content: The text you paste into the service is processed by our AI to generate optimised output. This content is stored in your account history so you can retrieve past results.

Usage data: We record how many AI optimisations you have run this month to enforce free tier limits. We may log anonymised usage statistics.

Payment data: Payments are processed by Stripe. We do not store your card details. We receive and store your Stripe customer ID and subscription status.

Technical data: Standard server logs including IP address, browser type, and access times, used for security and service operation.

3. How We Use Your Data

We use your data for the following purposes:

• To provide and operate the service (legal basis: performance of a contract).
• To enforce subscription limits and verify payment status (legal basis: performance of a contract).
• To send transactional emails such as password resets and subscription confirmations (legal basis: performance of a contract).
• To improve and maintain the service through anonymised usage analytics (legal basis: legitimate interests).
• To comply with legal obligations where required (legal basis: legal obligation).

We do not use your resume content or personal data to train AI models. We do not sell your data to third parties. We do not serve advertisements.

4. AI Processing of Your Content

When you submit a resume and job description, this content is sent to the Google Gemini API for AI processing. Google processes this data as a data processor on our behalf. Google's use of data submitted to the Gemini API for business customers is governed by their API Terms of Service, which prohibits Google from using this data to train their models.

We recommend that you do not include highly sensitive personal information (such as national identity numbers, financial account details, or medical information) in content you submit to the service.

5. Data Storage and Security

Your data is stored in Supabase, hosted on Amazon Web Services (AWS) infrastructure. All data is encrypted at rest using AES-256 and in transit using TLS. Supabase is SOC 2 Type 2 certified.

We implement technical and organisational security measures including:

• Row-level security ensuring users can only access their own data.
• JWT-based authentication with short expiry tokens.
• Server-side API key management — secret keys are never exposed to the browser.
• Two-factor authentication on all administrative accounts.

Despite these measures, no system is completely secure. We cannot guarantee absolute security of your data and accept no liability for security breaches beyond our reasonable control.

6. Data Retention

We retain your account data and optimisation history for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it for legal or tax compliance purposes.

Server logs are retained for a maximum of 90 days.

7. Third-Party Services

We use the following third-party services to operate the platform:

• Supabase (Supabase Inc.) — database, authentication, and server functions. Hosted on AWS.
• Google Gemini API (Google LLC) — AI content generation.
• Stripe (Stripe Inc.) — payment processing.
• Vercel or Netlify — website hosting.

Each of these processors has its own privacy policy and data processing terms. By using our service you acknowledge that your data may be processed by these third parties as described above.

8. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights:

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may request correction of inaccurate data.
• Right to erasure ("right to be forgotten") — you may request deletion of your personal data.
• Right to restriction of processing — you may request that we limit how we use your data.
• Right to data portability — you may request your data in a machine-readable format.
• Right to object — you may object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@f-ats.app. We will respond within 30 days. You also have the right to lodge a complaint with the Czech Office for Personal Data Protection (UOOU) at uoou.cz.

9. Cookies

We use essential cookies only — specifically authentication tokens required for you to stay logged in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. Children

The service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at privacy@f-ats.app and we will delete it promptly.

11. International Data Transfers

Our service providers (including Supabase on AWS and Google) may process data outside the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the platform. The date at the top of this policy indicates when it was last updated. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, requests, or complaints — email privacy@f-ats.app, or use our contact form. Website: f-ats.app