How It Works
A full account of how your CV is processed, why your personal data never reaches any AI system, and how three independent models produce output that reads like it was written by a human professional.
The Problem with Most CV Tools
Before explaining what we do, it is worth being precise about what the rest of the industry does - and why it is a real problem.
CVs contain dense personal data
A CV is one of the most information-rich documents a person produces. It contains your full name, residential address, phone number, email, employment history with dates and employer names, educational institutions and graduation years, professional certifications, and in many cases your LinkedIn profile, GitHub handle, or personal website. Taken together, this constitutes a detailed personal profile that can be used to identify, contact, or profile you without your knowledge.
What typically happens when you upload a CV to an AI tool
Most AI-powered CV platforms send your raw document - or the full extracted text including all personal identifiers - directly to an AI API. That request is logged. Under the default data usage policies of most major AI providers, request data may be retained and used to improve their models unless you are on an enterprise plan with a specific data processing agreement in place. Even where logging is disabled, the data transits infrastructure you do not control and may be retained for abuse monitoring or legal compliance purposes.
Platform-side storage
Beyond the AI provider, most CV platforms store uploaded documents server-side, build user profiles linked to those documents, and in some cases share or sell aggregated career data with third parties including recruiters and data brokers. This happens with or without meaningful consent, often buried in terms of service. Under GDPR, CCPA, and equivalent frameworks, this is legally constrained - but constraint is not prevention, and enforcement is slow.
Why this matters beyond compliance
The issue is not only regulatory. When your name is attached to your career history and passed through third-party systems, you lose control over how that data is used, who sees it, and how long it persists. A tool designed to help you get a job should not simultaneously build a data asset from your professional life. We consider that a fundamental conflict of interest.
Our Privacy Architecture
The system is designed around a single principle: no personal identifier should ever reach an AI API. This is not a statement of intent - it is enforced technically before any network call is made.
Step 1 - Text extraction without storage
When you upload your CV, the file is received by a stateless server-side function. Text is extracted from the PDF in memory. The original file is never written to disk, never stored in a database, and is discarded immediately after text extraction completes. There is no file storage, no document database, no user account linking your CV to you.
Step 2 - PII stripping before any AI call
Before the extracted text is passed to any AI model, it is run through a local redaction function. This runs server-side, before any outbound API request. The following are identified and removed:
- EMAILAll email addresses matching standard RFC 5321 patterns are replaced with
[EMAIL_REDACTED]. - PHONEPhone numbers in French and North American formats - including country code variants - are replaced with
[PHONE_REDACTED]. - LINKSAll HTTP/HTTPS URLs - including portfolio sites, GitHub profiles, and personal websites - are replaced with
[LINK_REDACTED]. LinkedIn profiles are additionally matched by a secondary pattern to catch partially formatted references. - NAMEThe candidate name is inferred heuristically from the first non-empty line of the document. If it matches the pattern of a personal name - two to four words, no digits, not a section heading - it is extracted and replaced with
[NAME_REDACTED].
Step 3 - Only anonymized professional content reaches AI
What is passed to the AI models is your professional experience: roles held, responsibilities, skills, and career trajectory - with all personal identifiers replaced by neutral tokens. The AI models receive no information that could be used to identify, contact, or profile you. From the perspective of the AI API, it is processing an anonymous professional profile against a job description.
What we do not do
We do not store your CV file, the text extracted from your CV, the job description you submitted, or any content that passes through the processing pipeline. We do not link your account to any submission content — your email address and credentials are not associated with the text of any document you upload or the professional history it describes. We do not log the content of AI processing requests. We do not sell or share any user data with recruiters, data brokers, or analytics platforms under any circumstances. We do not use your submissions to fine-tune or train any AI model. The processing pipeline is stateless: your source material is discarded when the request completes and cannot be recovered once it has left memory.
What We Do Store
We are precise about what we do not retain. We should be equally precise about what we do. The following is a complete account.
Account credentials
When you create an account, we store your name, email address, and a hashed version of your password. The password is processed through bcrypt before storage — it is a one-way hash and cannot be read, reversed, or recovered in its original form by anyone, including us. Your email is used solely for authentication. It is not used for marketing, not passed to third parties, and is not associated with any content you submit for processing.
Your generated outputs
When a processing request completes, the outputs — the enhanced CV suggestions, the cover letters, and the role title you specified — are stored against your account with a timestamp.
This is retained for your benefit, not ours. The purpose is practical: outputs are long and easy to close before copying in full; applications across multiple roles accumulate and are difficult to track manually; you may want to return to what was written for a role you are reconsidering. Your stored outputs are accessible only to you. We do not read them, search them, use them to evaluate or improve any model, or share them with any third party for any reason. They exist as a record of work produced on your behalf, available for your reference whenever you need it.
What the stored output does not include
The stored record is the finished output only. It does not include your CV file, the text extracted from your CV, your personal identifiers, or the job description you submitted. The processing pipeline that produced the output was stateless: the source material was discarded when the request completed and cannot be reconstructed from what is retained. What is stored is the equivalent of a document you produced — the generated text, associated with a role title and a date. Nothing about how it was made is kept.
Aggregate usage counts
We record the total number of CVs processed and cover letters generated across the platform. These are aggregate counts only — a running total, not a log of individual activity. They are not associated with specific accounts, do not include any content, and are used solely to understand usage volume and system load. There is no per-user activity tracking, no behavioural logging, and no analysis of the content produced.
The Triple-Model System
Three independent AI models are applied in sequence, each serving a distinct function. No single model both generates and evaluates its own output - that separation is intentional.
The system is built on the principle that a model optimized for creative generation is not well-suited to detecting its own weaknesses. Each stage corrects for the limitations of the previous one.
Anthropic - Analysis and Initial Drafting
Claude (Anthropic) performs the primary analysis of your anonymized CV against the job description. It identifies which aspects of your experience are most relevant to the role, maps transferable skills, and produces the initial cover letter and CV improvement suggestions.
Claude is chosen for this stage because of its ability to reason carefully about context and to produce writing that is specific rather than generic. The model is instructed to anchor every statement to documented evidence in the CV - no self-assessments, no fabricated metrics, no language that could not be defended in an interview. The output of this stage is a structured draft that is then passed directly to Stage 2 for critique.
OpenAI - Critical Review as Hiring Manager
GPT-4 (OpenAI) receives the draft from Stage 1 alongside the original job description and is asked to evaluate it from the perspective of a senior hiring manager reading the document cold. It does not know it is reviewing AI-generated content - it is instructed to evaluate the material on its own merits.
This model identifies generic phrases that lack substance, arguments that are not supported by the CV, mismatches between the candidate's documented seniority and the claims being made, and sections that answer questions the job description is not asking. Where the draft fails these tests, it is rejected and Stage 1 is asked to rewrite. This loop continues until the critique passes, or a maximum iteration threshold is reached.
The adversarial framing is intentional. A model that generated the draft cannot reliably self-critique it. A separate model, given a distinct role and no awareness that it is reviewing AI output, applies a different evaluation frame.
Google AI - Authenticity and AI-Pattern Detection
Gemini (Google AI) performs the final pass. Its sole function is to identify patterns that typically signal AI-generated text and to verify that none are present in the approved draft. This is not a surface-level check - it applies a structured evaluation across seven dimensions, each of which must pass before the output is delivered.
The rationale for using a third, separate model for this stage is that AI detection works best when the evaluator has not seen or been involved in the generation process. Google's Gemini approaches the text as a reader, not as its author.
The Authenticity Checklist
Before the cover letter is delivered, it must clear seven independent tests. If any test fails, the draft is revised. This checklist is what Stage 3 - Google AI - evaluates against.
Each criterion targets a specific failure mode that is common to AI-generated professional writing. Passing all seven means the output would not reveal itself as machine-generated under careful reading by an experienced recruiter.
1. Language authenticity
No sentence may plausibly appear in a generic template. Vague adjectives that are not grounded in context are removed. Verbs must describe real, documented actions - built, led, analyzed, shipped, reduced - not abstract qualities. Motivational or promotional language of any kind fails this test.
2. Cliche and buzzword elimination
A defined list of banned phrases is checked - including "excited to apply," "passionate about," "results-driven," "dynamic," and equivalents. Corporate buzzwords are permitted only if they appear explicitly in the job description itself, in which case mirroring them is intentional and justified. Filler phrases that add tone but no information are removed regardless of context.
3. Evidence density
Every claim must be anchored to a concrete role, responsibility, or documented outcome from the CV. Self-assessments such as "strong leader" or "strategic thinker" that are not supported by a specific example are flagged and removed. Metrics are only included if they were provided in the original CV or clearly stated in the job description - fabricated numbers fail this test unconditionally.
4. Human reading test
Each paragraph must answer a genuine hiring-manager question: why this role, why this person, why does the experience transfer. The letter must read as written by a professional reflecting on work already done - not as a pitch selling untested potential. No sentence should exist solely because it sounds professional. If a sentence cannot be explained in terms of what it communicates to a hiring manager, it is cut.
5. Structural naturalness
The opening must be factual and specific, not ceremonial. A common AI failure mode is an opening that expresses enthusiasm before establishing any substance. Transitions between paragraphs must follow logical reasoning, not formulaic connectors. The closing must be restrained and professional - not eager, not emotional, not overconfident.
6. CV alignment
Nothing in the cover letter may contradict or inflate the CV. No tool, responsibility, or role may appear in the letter that is absent from the source document. Seniority and scope of experience must match what is documented. This check prevents the common failure mode where a generative model extrapolates confidently beyond what the candidate has actually done.
7. Final specificity test
If the company name were removed from the letter, it must still sound specific - not like a document that could be sent to any employer in the same sector. A hiring manager reading it should be able to point to every sentence and identify what it proves. If the letter were read aloud, it must not reveal itself as AI-generated. This is the final constraint, and it is the hardest to satisfy: it requires that the letter sound like a person, not a language model approximating one.
Technical Notes
Implementation details relevant to specific input types and processing edge cases.
Scanned and image-based PDFs
Some CVs are saved as image-based PDFs - scans of printed documents, or exports from design tools that do not embed selectable text. For these files, optical character recognition is applied server-side to extract readable text before the standard processing pipeline begins. The raw image data is not transmitted to any AI provider. Only the OCR-extracted text, after PII stripping, continues to the analysis stage.
Stateless processing pipeline
The CV processing pipeline itself is stateless. Each request is handled by an independent server function that holds no state between calls. The uploaded file, the extracted text, the redacted content, and the intermediate AI inputs are all in-memory only and are discarded when the function returns. Two requests running simultaneously share nothing. The stateless account credentials and generated outputs described above are stored separately, in a distinct layer, and are not part of the processing pipeline at any point.
AI provider data policies
API calls to Anthropic, OpenAI, and Google AI are made under terms that prohibit the use of API request data for model training by default. However, because PII stripping is applied before any API call, the data reaching these providers is already anonymized. Even in a scenario where an API provider logged request content, there would be no personal identifiers in that log - only professional experience described in abstract terms.
What the output contains
The cover letter and CV suggestions returned to you contain your real name and contact details - but these are reinserted from what was stripped locally, not from what was processed by the AI. The AI output is anonymous; personal information is added back in your browser after the AI response is received. This means your identity is never part of the AI processing chain at any point.