Privacy Policy

Last updated: November 24, 2025

1. Information We Collect

Information You Provide

  • Account Information: Email address for authentication
  • Resume Files: PDF documents you upload
  • Cover Letters: Text content you write or generate using our AI
  • Recipient Information: Company names, hiring manager names, mailing addresses
  • Payment Information: Processed by Stripe (we never store card details)

Automatically Collected Information

  • Usage data (pages visited, features used)
  • Device information (browser type, operating system)
  • IP address and general location
  • Cookies for authentication and session management

2. How We Use Your Information

  • Service Delivery: Print and mail your resumes to specified recipients
  • AI Features: Generate personalized cover letters and brand designs
  • Communication: Send order confirmations, delivery updates, and support responses
  • Payment Processing: Process credit purchases via Stripe
  • Service Improvement: Analyze anonymized usage patterns to improve features
  • Security: Detect and prevent fraud, abuse, and security issues

3. Information Sharing

We share your information only as necessary to provide our services:

Service Providers

  • Postgrid: Printing and mailing partner (receives resume content and recipient addresses)
  • Stripe: Payment processor (receives payment information)
  • Supabase: Database and file storage provider
  • Resend: Email delivery service (receives your email address)
  • Google Places API: Address autocomplete (receives partial addresses you type)
  • Vercel: Hosting provider
  • Anthropic: AI model provider for cover letter and brand generation

We Never Share

  • Your personal information with advertisers or marketers
  • Your resume content with anyone except the specified mail recipient and printing partner
  • Data with third parties for their own purposes

4. Data Retention

  • Resumes: Stored indefinitely until you delete them
  • Sent Packets: Order history retained for 2 years for support and tracking purposes
  • Account Data: Retained while your account is active
  • Payment Records: Retained for 7 years for tax and legal compliance

5. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information in your dashboard
  • Deletion: Delete your account and associated data (except legally required records)
  • Portability: Export your data in a machine-readable format
  • Objection: Object to certain data processing activities

To exercise these rights, contact us at privacy@ballista.io

6. Data Security

  • All data transmitted over encrypted connections (HTTPS/TLS)
  • Files stored in secure cloud storage with access controls
  • Authentication tokens stored in httpOnly cookies
  • Regular security audits and updates
  • Employee access limited to necessary personnel only

7. International Users

Ballista is based in the United States. By using our Service, you consent to the transfer and processing of your data in the US. We comply with applicable data protection laws including GDPR for EU users and CCPA for California residents.

8. Children's Privacy

Ballista is not intended for users under 18. We do not knowingly collect information from children. If you believe a child has provided us with personal information, contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or dashboard notification. Continued use of the Service after changes constitutes acceptance.

10. Contact Us

Questions or concerns about privacy? Contact us at:
Email: privacy@ballista.io