Privacy Policy
Last updated: August 25, 2025
Plain‑English Summary
Utmosst helps you create and manage job‑search materials. We only collect what we need to provide the service, we don't sell your data, and you stay in control. The legal version is below.
Who We Are
Utmosst ("we", "us", "our") operates utmosst.com and related services (the "Service").
Data Controller: Utmosst UG (haftungsbeschränkt), Cologne, Germany. If this entity name changes, the newest details in our legal imprint apply.
Contact: privacy@utmosst.com
What We Collect
Categories of personal data we process:
| Category | Examples | Purpose | Retention |
|---|---|---|---|
| Account & Identifiers | Name, email, password hash, user ID, auth provider IDs | Account creation, authentication, security, communications | For your account's lifetime + up to 90 days after deletion for backups/logs |
| Profile & Job Data | Resumes/CVs, cover letters, LinkedIn import, job history, skills, preferences | Generate documents, track applications, provide coaching & insights | Until you delete the items or close your account |
| Content You Provide | Prompts, notes, goals, interview answers, attachments | Deliver AI features and personalization you request | Until you delete the items or close your account |
| Usage & Device Data | IP, device/browser type, pages viewed, timestamps, performance/diagnostics | Security, analytics, service improvement, fraud prevention | Up to 24 months (aggregated or anonymized thereafter) |
| Payments | Billing name, email, subscription status (card data handled by our payment processor) | Process payments, prevent fraud, manage subscriptions | As required for accounting/tax and processor policies |
| Support | Support tickets, chat messages, email threads | Help you troubleshoot and resolve issues | Up to 24 months after ticket closure |
How We Use Data
Purposes & legal bases (GDPR Article 6):
- Provide the Service you request (create documents, track applications, coaching). Legal basis: Contract (Art. 6(1)(b)).
- Improve & secure the Service (analytics, troubleshooting, preventing abuse). Legal basis: Legitimate interests (Art. 6(1)(f)).
- Communicate about updates, security alerts, and transactional emails. Legal basis: Contract/legitimate interests.
- Marketing (only with your consent where required; unsubscribe anytime). Legal basis: Consent (Art. 6(1)(a)).
- Compliance with legal obligations (tax, accounting, law enforcement requests). Legal basis: Legal obligation (Art. 6(1)(c)).
AI & Third‑Party Processing
To deliver AI features, we may process your prompts and content with reputable AI infrastructure providers (e.g., model hosts or API vendors). We use data processing agreements and, where transfers leave the EEA/UK, appropriate safeguards such as Standard Contractual Clauses.
Important: We do not sell personal data. We share it only with processors acting on our instructions, or when required by law.
Data Security Measures
We implement industry‑standard security measures to protect your personal data:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3
- Encryption at Rest: Sensitive data stored in our databases is encrypted using AES-256
- Access Controls: Role-based access controls ensure only authorized personnel can access your data
- Regular Security Audits: We conduct regular security assessments and penetration testing
- Monitoring & Incident Response: Continuous monitoring for security threats with established incident response procedures
No method of transmission or storage is 100% secure; we work continuously to improve protections and respond to emerging threats.
International Users
We may process and store data in countries outside your own. Where we transfer personal data out of the EEA/UK, we rely on lawful transfer mechanisms (e.g., Standard Contractual Clauses) and implement appropriate safeguards.
Transfer Safeguards:
- • Standard Contractual Clauses (SCCs) for EEA/UK transfers
- • Adequacy decisions where applicable
- • Binding Corporate Rules for intra-group transfers
- • Additional technical and organizational measures
Data Breach Notification
In the unlikely event of a data breach that affects your personal data, we will notify you and relevant authorities as required by applicable law. We will provide information about the nature of the breach, the data affected, and steps we're taking to address it.
Changes to This Policy
We may update this policy to reflect changes to our practices, technologies, or legal requirements. We will post the updated version here and update the "Last updated" date. If changes are material, we will provide additional notice via email or prominent notice on our website. Your continued use of the Service after such changes constitutes acceptance of the updated policy.
Questions About Privacy?
We're here to help. Contact our privacy team if you have any questions about how we handle your data or to exercise your privacy rights.
Contact: privacy@utmosst.com