← Back to GhostPen

Privacy Policy

Last updated: April 19, 2026

The short version

  • You upload a resume; we use it to write cover letters and resume revisions for you.
  • We do not sell your data, and we do not advertise to you.
  • We send the parts of your data that are needed to Anthropic (Claude) to generate text. Anthropic processes it and does not retain it for model training under our agreement.
  • You can delete your account and all associated data at any time from your billing page.
  • The browser extension only reads job-posting content from job sites you visit, and only when you ask it to.

What we collect

Account data. Your name, email, hashed password (or OAuth identifier from Google), and the date you signed up.

Resume and profile data. The resume text and metadata you upload, your contact info if you provide it, and any photos or links you choose to attach.

Job and application data. Job descriptions you paste or scrape, the cover letters and tailored resumes we generate for you, and the applications you track (company, role, status, your notes).

Usage data.Counts of cover letters and resume rewrites you've generated this month, credit balance, and subscription tier. We log token counts per AI call to monitor cost.

Payment data. Handled entirely by Stripe. We never see your card number; we only receive a customer ID and a webhook event when a charge succeeds or fails.

Browser extension data. When you click the GhostPen button on a supported job site, the extension reads the visible job title, company, location, and description from that page and sends it to ghostpen.us along with your session cookie. The extension does not read or transmit any other browsing activity.

How we use it

  • To generate cover letters and resume revisions for you.
  • To save your applications and let you find them later.
  • To enforce your monthly allowance, credit balance, and subscription status.
  • To detect and prevent abuse (account creation rate-limiting, IP-based signup caps, duplicate-application warnings).
  • To answer support requests you send us.

Who we share it with

  • Anthropic — for AI generation. We send your resume and the job description (or guidance text). Anthropic does not retain this for model training under our API terms.
  • Vercel — application hosting and serverless function execution.
  • Neon — managed PostgreSQL where your account, resumes, applications, and cover letters are stored.
  • Stripe — billing and subscription management.
  • Google — only if you sign in with Google OAuth, in which case Google verifies your identity to us.

We do not sell or rent your personal data to anyone, ever.

How long we keep it

We keep your data while your account is active. If you delete your account, your resumes, applications, cover letters, and profile data are removed within 30 days. Anonymized usage logs (token counts, error rates) may be retained longer to support engineering and billing reconciliation.

Your rights

You can:

  • Download a copy of your data — email [email protected].
  • Delete your account from the billing page, which removes all stored data.
  • Correct any inaccurate information in your profile or resumes.
  • Opt out of any non-essential email at any time.

Residents of California (CCPA) and the EEA/UK (GDPR) have the same rights, exercised the same way.

Security

Passwords are hashed with bcrypt. Sessions use HttpOnly secure cookies. All traffic is HTTPS. Database connections are encrypted in transit. We follow standard web-application security practices and respond to disclosed vulnerabilities promptly.

Children

GhostPen is not intended for users under 16. Don't use the service if you're under 16, and don't upload anyone else's resume on their behalf without their permission.

Changes

If we make a material change to this policy, we'll update the date at the top and, where appropriate, notify you by email or in-app banner before it takes effect.

Contact

Questions or requests: [email protected]