Privacy policy
Last updated: 13 June 2026
What we collect
- Account data: email, full name, password hash (managed by Supabase Auth).
- Profile data you enter: canton, monthly quota, and (optionally) your AHV number. AHV is encrypted at rest with AES-256-GCM.
- Applications you log, including company, position, dates, and status.
- Files you upload: screenshots, PDFs, CVs, cover letters, and your signature PNG.
- System logs with request IDs and redacted error metadata.
What we don’t collect
- No third-party analytics or tracking cookies.
- No advertising identifiers.
- Screenshots are never sent to third parties; the AI extraction runs server-side.
Where data lives
Data is stored in Supabase (PostgreSQL + Storage) hosted in the EU (Frankfurt). All transport is TLS. Backups are encrypted at rest.
AI processing of your data
bRAVo uses Anthropic Claude to power several features: cover letter generation, job description classification, and condensation of long job descriptions before generation. When you use these features, the following content is sent to Anthropic for processing:
- The text content of the CV you have uploaded.
- The text content of any reference letters you have uploaded.
- The text of the job description for the application you are working on.
- A small set of metadata to track usage and prevent abuse (the application id, the language and length you picked, the role classification path).
Processing happens on Anthropic infrastructure in the United States. Because the United States does not have a Swiss adequacy decision, the transfer relies on Standard Contractual Clauses (SCCs), the legal mechanism that allows transfers to non-adequate countries under the revised Swiss FADP and the GDPR. Anthropic acts as our processor under a Data Processing Addendum. Anthropic is the active AI provider for these features; if we change provider we will update this policy to name the new one before any data is sent to it.
Your right to refuse. You can disable AI features at any time in Settings › Privacy. With AI features off, cover letters can no longer be generated and the long-JD cleaner is skipped, but every other feature in bRAVo continues to work and no further data is sent to Anthropic.
Sub-processors
We use the following third-party processors to operate bRAVo. Each handles only the data needed for its purpose, under a data processing agreement. Transfers to countries without a Swiss/EU adequacy decision rely on Standard Contractual Clauses (SCCs).
| Processor | Data shared | Purpose | Location | Safeguard |
|---|---|---|---|---|
| Supabase | Account data, applications, uploaded files | Database & file storage | EU (Frankfurt) | EU hosting; DPA |
| Anthropic | CV / reference text, job descriptions | AI features (see above) | United States | SCCs; DPA |
| OpenAI | Company & position text (no candidate PII) | Email-to-application matching (embeddings) | United States | SCCs; DPA |
| Stripe | Name, email, billing details | Payments & subscriptions | United States | SCCs; DPA |
| Resend | Recipient email, subject, message body | Transactional & application email | United States | SCCs; DPA |
| Upstash | Email address and IP address (rate-limit keys) | Abuse prevention / rate limiting | United States / regional | SCCs; DPA |
| Sentry | Redacted error metadata and your user id | Error monitoring | United States | SCCs; DPA |
| Vercel | Request data needed to serve the app | Application hosting | EU compute (Frankfurt); US control plane | SCCs; DPA |
Your AHV number is never sent to any AI provider and is encrypted at rest. We do not use any advertising or cross-site tracking processors.
Your rights
- Export: Download a full JSON copy of your data from Settings → Account.
- Delete: Permanently delete your account and all related files from Settings → Account. No recovery after deletion.
- Correct: Edit any field in Settings at any time.
Browser extension
The bRAVo browser extension can, at your explicit request, fetch a document from your account and attach it to a file upload field on a job application page in your current browser tab. Documents are fetched from our servers only when you click the Attach button in the extension; they are not cached on your device. Every Attach and Download action from the extension is logged on our servers with a timestamp, your user id, the document id, your source IP, and (when you inject into a page) the destination tab URL. Extension audit logs are retained for 90 days.
Once a document leaves the extension and enters a third-party job portal (Greenhouse, Workday, LinkedIn, and so on), it is governed by that portal's privacy policy. bRAVo has no control over how the destination portal stores, shares, or retains documents you attach.
Extension assistant
In Settings › Privacy you can turn the browser extension assistant on or off with a single toggle. When on, the extension shows auto-detect badges and an assistant overlay on apply pages so you can capture an application or attach a document. When off, the extension stays silent on every page. Proofs are only ever captured when you act — there is no background page watching.
When a capture happens, we store a short signal record (the URL, page title, and a ~2,000-character sample of the visible text, plus a confidence bucket) for 60 days to tune detection, then wipe it automatically. Aggregate quality statistics, not linked to your browsing, are kept for product monitoring.
Data retention
- Applications, proofs, submitted reports, and email bodies are kept for as long as your account is open — RAV evidence has a legal retention duty — and are removed when you delete your account or the specific item.
- Soft-deleted applications and proofs are purged after 7 days; draft (unsubmitted) reports after 90 days; auto-filtered emails after 30 days.
- Security logs: extension audit logs and password-reset audit events are kept 90 days; extension-capture raw signals 60 days.
- Account-deletion records: when you delete your account we keep a pseudonymised record (a keyed hash of your email plus a coarse activity summary, no readable identity) for up to 12 months to detect signup abuse. Lawful basis: our legitimate interest in preventing fraud and abuse.
Who is responsible
The controller responsible for your personal data is bRAVo GmbH, Dufourstrasse 90, 8008 Zürich, Switzerland. You can reach us at support@usebravo.ch or through the in-app feedback form. Full company-registration details are listed in our Imprint. For details on the cookies we set, see our Cookie policy.