1. Information We Collect
When you use Elcano, we collect:
- Account data: Email address, display name (when you create an account via Supabase Auth)
- Analysis results: Dimension scores, role matching results, detected job family and seniority level — structured data only
- Usage data: Number of analyses performed per billing period
- Payment data: Managed by Stripe — we store only your Stripe customer ID, never your card details
2. What We Do NOT Collect or Store
- We never store raw resume text. Your resume is processed in real-time and discarded after analysis.
- We never log resume content in server logs or error reports.
- If LLM (AI) processing is used, only a one-way hash of the input is stored for auditing — the original text cannot be recovered.
3. How We Use Your Data
- To provide and improve resume analysis results
- To maintain your analysis history (Pro subscribers)
- To enforce usage limits on the free tier
- To send transactional emails (subscription confirmations, usage warnings) via Resend
- To process payments via Stripe
4. Data Storage and Security
Your data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) ensuring you can only access your own data. All data is encrypted at rest and in transit (TLS). Our API server runs on DigitalOcean with HTTPS enforced.
5. Third-Party Services
- Supabase: Authentication and database
- Stripe: Payment processing
- Anthropic (Claude) / OpenAI: AI-powered analysis enrichment — only structured summaries are sent, never full resume text for narrative generation
- Resend: Transactional email delivery
6. Data Retention
Analysis results are retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting tyler@mizudev.com. Deletion cascades through all tables — profiles, analysis runs, LLM generation records, and usage counters.
7. GDPR Rights (EU/EEA Users)
If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
- Right to access your personal data
- Right to rectification (correct inaccurate data)
- Right to erasure ("right to be forgotten") — you can delete your account directly from the app
- Right to restrict processing
- Right to data portability (export your data)
- Right to object to processing
- Right to withdraw consent at any time
- Right to lodge a complaint with a supervisory authority
To exercise any of these rights, use the in-app "Delete Account" feature or email elcanoteam@gmail.com.
8. CCPA Rights (California Users)
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of the sale of personal information — We do NOT sell your personal information
- Right to non-discrimination for exercising your CCPA rights
9. International Data Transfers
Your data may be processed in the United States, where our service providers (Supabase, Stripe, Anthropic, OpenAI) maintain their servers. We rely on standard contractual clauses and the data processing agreements of our service providers to ensure adequate protection of your personal data in accordance with applicable data protection laws.
10. Children's Privacy
Elcano is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal information, please contact us so we can promptly delete it.
11. AI Processing Disclosure
Elcano uses third-party AI services to power its analysis and generation features:
- Your resume text is sent to Anthropic (Claude) and/or OpenAI for analysis
- For narrative generation, we send structured signals (scores, dimensions) — not raw resume text
- For cover letter, resume generation, and interview prep features, resume text IS sent to the LLM
- LLM providers process data under their own data processing agreements
- No resume text is permanently stored by Elcano
12. Your Rights
You have the right to access, correct, export, or delete your personal data. For specific rights based on your location, see Section 7 (GDPR Rights) for EU/EEA users and Section 8 (CCPA Rights) for California users. To exercise these rights, use the in-app "Delete Account" feature or contact us at the email addresses below.