Privacy Policy

Last updated: April 19, 2026

Haplos.ai ("Haplos," "we," "us") provides AI-assisted resume optimization. This policy explains what data we collect, how we use it, and the choices you have. We try to keep it plain and short. Questions go to support@haplos.ai.

1. What we collect

  • Account data: name, email, and a hashed password you create.
  • Resume and job content: resumes you upload, job descriptions you paste, and tailored outputs we generate for you.
  • Billing data: payment records handled by Stripe. We store the Stripe customer ID and transaction metadata, not card numbers.
  • Usage and device data: IP address, browser type, pages viewed, and interactions such as resume generations and credit purchases. This is collected only if you accept analytics (see section 4).

2. How we use it

  • Deliver the service: generate tailored resumes, score ATS fit, manage credits.
  • Process payments and send receipts through Stripe.
  • Send transactional email (verification codes, billing confirmations).
  • Measure product usage in aggregate so we can improve reliability and the signup-to- purchase flow.
  • Prevent abuse, debug issues, and meet legal obligations.

We do not sell your personal data. We do not train third-party AI models on your resume content.

3. Who we share it with

  • OpenAI: we send prompts that include your resume text and a job description to generate tailored output. OpenAI processes this data under its API data policy and does not use API content to train its models.
  • Supabase: database and auth hosting (resume records, user accounts, transaction history).
  • Google Cloud Platform: application hosting (Cloud Run, Artifact Registry, Secret Manager).
  • Stripe: payment processing and billing portal.
  • SendGrid: transactional email delivery.
  • Google Analytics 4: product analytics, only if you accept (see section 4).

4. Analytics and cookies

We use Google Analytics 4 (measurement ID G-2J9D98VZTT) to measure product usage: page views, sign-ups, credit purchases, and the flow between them. We run GA4 with Google Consent Mode v2 in default-denied state. This means:

  • Before you choose, no analytics or advertising storage is set and no identifying data is sent to Google. GA4 only receives cookieless pings used for aggregate modeling.
  • If you click Accept all in the banner, we grant analytics and advertising storage. GA4 then sets cookies (typically _ga,_ga_*) that expire after 2 years.
  • If you click Reject all, no cookies are set and no identifying data leaves your browser.
  • You can change your choice any time via the Privacy settings link in the footer. Consent is stored in your browser under the key haplos-consent-v1.

Events we track include page_view, sign_up, begin_checkout, and purchase. Events never include your name, email, resume contents, or job description text.

5. Data retention

  • Account, resume, and tailored-output data: kept while your account is active.
  • Billing records: 7 years (required for tax and accounting).
  • GA4 event data: 14 months, then deleted (GA4 default user-and-event retention).
  • Deleted on request: resume content and account data when you email support@haplos.ai and ask for deletion.

6. Your rights

Under GDPR, CCPA, and similar laws you can ask us to:

  • See what personal data we have about you.
  • Correct it.
  • Delete your account and associated resume data.
  • Export your data in a portable format.
  • Withdraw analytics consent at any time (use the footer Privacy settings link).

Email support@haplos.ai and we will respond within 30 days.

7. Security

Traffic is encrypted in transit with TLS. Secrets live in Google Cloud Secret Manager. Passwords are hashed with bcrypt. We follow the principle of least privilege for database and storage access. No system is bulletproof, but we treat your resume content the way we treat our own.

8. Children

Haplos is not directed to children under 16. We do not knowingly collect data from them. If you believe a child has created an account, email us and we will remove it.

9. International transfers

Our infrastructure runs in the United States (Google Cloud us-central1). If you use Haplos from outside the US, your data is transferred to and processed in the US under standard contractual clauses with our sub-processors.

10. Changes to this policy

If we make a material change, we will update the "Last updated" date and, for significant changes, notify you by email or in-app banner before the change takes effect.

11. Contact

Haplos.ai — AI Solutions Lab LLC. Email support@haplos.ai for privacy questions, data requests, or to withdraw consent.