Privacy Policy

Introduction

This Privacy Policy explains how Narrative Pro ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our AI-powered career narrative platform at narrativepro.app (the "Service").

Data Controller: Narrative Pro is the data controller responsible for your personal data. For questions about this policy or to exercise your data rights, contact us at privacy@narrative-pro.com.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Service Providers and Data Processing

We use the following third-party service providers as data processors to deliver the Service:

• Anthropic (Claude AI) — Processes your input text to generate professional narrative statements. Content you submit for narrative generation is sent to Claude's API for processing. Anthropic's privacy policy is available at anthropic.com/privacy.
• Supabase — Provides database hosting and authentication services. Your account information, narratives, resumes, and conversation history are stored in Supabase's infrastructure. Supabase's privacy policy is available at supabase.com/privacy.
• Stripe — Processes all payment transactions. We do not store your credit card details; they are handled entirely by Stripe's PCI-DSS compliant infrastructure. Stripe's privacy policy is available at stripe.com/privacy.
• Netlify — Hosts our website and manages web traffic. Collects standard technical information (IP addresses, request logs) for service operation.

Information We Collect

We collect the following categories of information:

Account Information

• Email address and authentication credentials
• Display name and profile information you provide during onboarding
• Account preferences and consent settings

Career Content (User-Provided)

• Career narratives, accomplishments, and work history you share with the AI
• Conversation history with our AI assistant
• Resume content including job titles, employers, education, and skills
• AI-generated narrative statements and quality grades
• Vault entries and organizational tags

Billing Information

• Subscription plan and billing cycle (stored by us)
• Payment card details and billing address (stored by Stripe only — we never see your full card number)
• Transaction history and invoices

Technical Information (Automatically Collected)

• IP address, browser type and version, operating system
• Device identifiers and screen resolution
• Pages visited, time spent, and interaction patterns
• Referral source and session identifiers
• Cookie and local storage identifiers

Legal Basis for Processing

Under the GDPR and similar data protection laws, we process your personal data on the following legal bases:

• Contract Performance: Processing your account data, career content, and AI-generated narratives is necessary to deliver the Service you signed up for.
• Consent: Marketing communications and optional analytics are based on your consent, which you can withdraw at any time via your account settings.
• Legitimate Interest: We process technical data and usage analytics to maintain security, prevent fraud, debug issues, and improve the Service.
• Legal Obligation: We may process data as required to comply with applicable laws, regulations, or legal proceedings.

How We Use Your Information

We use your information to:

• Provide, operate, and maintain the Service
• Process your content through AI to generate career narratives
• Grade and analyze narrative quality
• Store and organize narratives in your Career Vault
• Generate and export resumes from your vault content
• Process payments and manage subscriptions
• Send transactional emails (account verification, password resets, billing receipts)
• Send marketing communications (with your consent)
• Monitor and improve service performance and security
• Respond to support requests and communicate about the Service
• Comply with legal obligations

AI Processing and Model Training

When you use Narrative Pro, the career content you share is sent to Anthropic's Claude AI for processing. This includes accomplishments, work history, and context you provide during AI conversations. The AI generates narrative statements, quality grades, and structured career content based on your input.

Regarding AI model training: We do not use your personal career content to train or fine-tune AI models. Anthropic's API terms provide that data submitted via their API is not used for model training. We may use aggregated, anonymized usage patterns (e.g., which features are most popular, average narrative quality scores) to improve the Service, but this data cannot be linked back to any individual user.

Automated decision-making: Our AI assigns quality grades (A–F) to generated narratives. These grades are advisory and do not restrict your access to any feature of the Service. You may edit, override, or disregard any AI-generated grade or content.

Sensitive Personal Data

The career information you provide (job titles, employers, accomplishments) may constitute sensitive personal data. We treat all career content with the highest level of security and confidentiality.

Please do not submit the following types of information through the Service: Social Security numbers (SSNs) or national ID numbers, financial account or credit card numbers, protected health information (PHI), passwords or security credentials for other services, or any information about individuals who have not consented to its processing. If you inadvertently submit such information, contact us immediately for removal.

Default Consent Settings

When you create an account, the following settings are configured by default:

• AI Processing: Enabled — required to deliver the core Service features (narrative generation, grading, resume building).
• Marketing Communications: Enabled for users in jurisdictions where opt-out consent is sufficient. For users in the EU/EEA/UK, marketing consent is requested separately and is not pre-selected.
• Analytics & Performance: Enabled to help us improve the Service. You can disable this at any time.

You can change these settings at any time through your account settings page. We respect your choices and will process changes without undue delay.

Data Protection and Security

We implement industry-standard technical and organizational measures to protect your data, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Password hashing using Argon2 with unique salts
• Row-level security (RLS) on all database tables
• Regular security audits and dependency scanning
• Access controls limiting employee access to personal data

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, describing the nature of the breach, the likely consequences, and the measures taken to address it.

Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
• Analytics Cookies: Help us understand how users interact with the Service. You can disable these in your account settings.
• Preference Cookies: Store your display preferences (e.g., theme selection). You can disable these in your browser.

We do not use third-party advertising or marketing tracking cookies. You can manage cookie preferences through the cookie consent banner or your browser settings. We do not currently respond to Do Not Track (DNT) browser signals, as there is no industry-wide standard for compliance.

Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request that we limit the processing of your data
• Objection: Object to processing based on legitimate interest or for direct marketing
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
• Automated Decisions: Request human review of any solely automated decision that significantly affects you
• Opt-Out of Marketing: Unsubscribe from marketing emails at any time via the link in each email or your account settings

To exercise any of these rights, email us at privacy@narrative-pro.com. We will respond within 30 days (or 45 days for complex requests under CCPA).

Data Retention

We retain personal data as follows:

• Account data: Retained for the lifetime of your account plus 30 days after deletion to allow for recovery
• Career content (narratives, resumes, conversations): Retained until you delete them or close your account
• Payment records: Retained for 7 years as required by tax and financial regulations
• Server and access logs: Retained for 90 days for security and debugging purposes
• Backups: Purged within 30 days of data deletion from primary systems

When data is no longer required, it is permanently deleted or irreversibly anonymized.

International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. When we transfer data outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other appropriate safeguards to ensure your data remains protected to the standards required by applicable law.

Children's Privacy

The Service is intended for users aged 16 and older (or 13 and older in jurisdictions where permitted). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will promptly delete it.

GDPR and CCPA Compliance

For EU/EEA/UK users (GDPR): You have all the rights described in "Your Rights" above. You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your data is being processed unlawfully.

For California users (CCPA/CPRA): In addition to the rights above, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt out of the "sale" or "sharing" of personal information — we do not sell or share your personal information as defined by the CCPA
• Non-discrimination for exercising your privacy rights

We have not sold personal information of consumers in the preceding 12 months.

Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policy of every site you visit.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date below. For significant changes that affect how we process your personal data, we will also notify you by email. Your continued use of the Service after receiving notice of changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: privacy@narrative-pro.com
• General Support: support@narrative-pro.com