Last updated: March 16, 2026
GetShortlisted ("we", "us", "our") operates the website getshortlisted.de and provides an AI-powered CV and cover letter generation service. We are committed to protecting your personal data in compliance with the EU General Data Protection Regulation (GDPR) and German data protection laws (BDSG).
We collect the following personal data when you use our service:
Account data: name, email address, and password hash when you create an account. If you sign in with Google, we receive your name, email, and profile picture from Google.
CV data: when you upload your CV, we extract and store structured information including your name, contact details, work experience, education, skills, certifications, and languages. The original file is processed and not permanently stored. Only the extracted structured data is retained.
Generation data: job titles, company names, and job descriptions you submit, along with the tailored CVs and cover letters we generate for you.
Payment data: subscription tier and billing cycle. All payment processing is handled by Stripe. We do not store credit card numbers, bank account details, or other financial data on our servers.
Usage data: generation counts, timestamps, and basic analytics to improve our service.
We use your data exclusively for the following purposes:
To provide the service: parsing your CV, generating tailored applications, calculating ATS scores, and delivering downloadable documents.
To manage your account: authentication, subscription management, and usage tracking.
To process payments: via Stripe, our payment processor.
To improve our service: aggregated, anonymized usage data helps us improve generation quality.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
All data is stored in EU data centers (Frankfurt, Germany) using encrypted databases. We use industry-standard security measures including HTTPS encryption, hashed passwords (bcrypt), and secure API communication. Access to production databases is restricted to essential personnel only.
We use the following third-party services to operate GetShortlisted:
Anthropic (Claude AI): processes your CV text and job descriptions to generate tailored content. Data is sent via encrypted API calls and is not used by Anthropic to train their models.
Stripe: processes subscription payments. Stripe's privacy policy applies to payment data.
Neon (PostgreSQL): hosts our database in EU (Frankfurt) data centers.
Vercel: hosts our website. Vercel processes requests through their global network but does not store personal data.
Google OAuth: if you choose to sign in with Google, Google shares your basic profile information with us.
Under the GDPR, you have the following rights:
Right of access: request a copy of all personal data we hold about you.
Right to rectification: request correction of inaccurate data.
Right to erasure: request deletion of all your data. You can delete your account at any time from Settings, which permanently removes all data.
Right to data portability: request your data in a machine-readable format.
Right to object: object to certain types of processing.
Right to withdraw consent: withdraw consent at any time by deleting your account.
To exercise any of these rights, contact us at the email listed on our Contact page.
We retain your data for as long as your account is active. When you delete your account, all personal data, profile data, generated documents, and subscription records are permanently deleted within 30 days. Anonymized, aggregated statistics may be retained.
We use only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The "Last updated" date at the top reflects the most recent revision.
If you have questions about this Privacy Policy or your data, please visit our Contact page.