Caddie AI ← Back home

Privacy Policy

Last updated: 8 July 2026

1. Who this covers

This policy covers the hosted version of Caddie AI at app.caddie.careers (“the Service”, “we”, “us”). Caddie AI's engine is also published as MIT-licensed open source — if you run it yourself on your own machine or infrastructure instead of using our hosted Service, this policy doesn't apply: your data never leaves your own setup except to the AI provider you configure.

2. What we collect

DataWhy
Email address, and a hashed password (or your Google account ID, name and email if you sign in with Google)Create and secure your account
Your base CV and cover letter, job descriptions you paste or fetch, and the drafts, edits and scoring criteria you create in the appThe core of the Service — matching, scoring and drafting only work by processing this content
Application status, notes, and the edits you make to draftsTo track your pipeline and let the app learn your preferences over time
Billing status and a Stripe customer/subscription IDTo run the free trial and paid plan. We never see or store your card details — Stripe handles those directly
Basic technical data (IP address, timestamps, error logs)Security, abuse prevention, and debugging

We don't run any advertising or analytics trackers on the Service. The only cookie we set is a signed, HTTP-only session cookie used to keep you logged in.

3. How your CV and job data are processed

To score a role and draft a CV, cover letter or screening answers, the relevant text (your CV, the job description, your stated preferences) is sent to our LLM routing provider, OpenRouter, which forwards it to an underlying model provider to generate a response. This is the only way the AI features work. We don't use your data to train models, ours or anyone else's.

Fetching a job posting you paste a link to means we (or a headless browser we run) request that page from the job board or employer's site, the same as if you'd opened it yourself.

4. Who we share data with

We don't sell your data. We share it only with the vendors that run parts of the Service on our behalf, each bound to use it only to provide their service to us:

We may also disclose data if required by law, or to protect the security of the Service.

5. Data retention

We keep your account data, documents and drafts for as long as your account is active, so the Service can keep working the way you left it. If you'd like your account and data deleted, email us (below) and we'll delete it, other than what we're required to keep for legal, tax or fraud-prevention reasons.

6. Security

Passwords are hashed (bcrypt) and never stored in plain text. Data is stored per-account in an isolated Postgres database, transferred over HTTPS, and the session cookie is signed and, in production, marked Secure. No system is 100% secure, but we don't do anything by half — if you find an issue, please tell us.

7. Your rights

Depending on where you live, you may have the right to access, correct, export or delete your personal data, or to object to or restrict its processing. Email us (below) and we'll act on it. Since Caddie AI's engine is open source, you always have the option of self-hosting instead, which keeps your data under your own control entirely.

8. International transfers

Our infrastructure and the vendors listed above may process data outside your country of residence. Where required, we rely on the vendor's own safeguards (e.g. standard contractual clauses) for cross-border transfers.

9. Children

The Service is intended for people applying to jobs and isn't directed at children. We don't knowingly collect data from anyone under 16.

10. Changes to this policy

If this policy changes materially, we'll update the date above and, for significant changes, let existing account holders know by email.

11. Contact

Questions, requests, or anything else: privacy@caddie.careers

See also the Terms of Service. Caddie AI's engine is MIT-licensed.