Privacy Policy

Last updated: August 25, 2025

GDPR Global CCPA/CPRA

Plain‑English Summary

Utmosst helps you create and manage job‑search materials. We only collect what we need to provide the service, we don’t sell your data, and you stay in control. The legal version is below.

Who we are

Data controller & contact

Utmosst ("we", "us", "our") operates utmosst.com and related services (the "Service").

Data Controller: Utmosst UG (haftungsbeschränkt), Cologne, Germany. If this entity name changes, the newest details in our legal imprint apply.

Contact: privacy@utmosst.com

What we collect

Categories of personal data

Category	Examples	Purpose	Retention
Account & Identifiers	Name, email, password hash, user ID, auth provider IDs	Account creation, authentication, security, communications	For your account’s lifetime + up to 90 days after deletion for backups/logs
Profile & Job Data	Resumes/CVs, cover letters, LinkedIn import, job history, skills, preferences	Generate documents, track applications, provide coaching & insights	Until you delete the items or close your account
Content You Provide	Prompts, notes, goals, interview answers, attachments	Deliver AI features and personalization you request	Until you delete the items or close your account
Usage & Device Data	IP, device/browser type, pages viewed, timestamps, performance/diagnostics	Security, analytics, service improvement, fraud prevention	Up to 24 months (aggregated or anonymized thereafter)
Payments	Billing name, email, subscription status (card data handled by our payment processor)	Process payments, prevent fraud, manage subscriptions	As required for accounting/tax and processor policies
Support	Support tickets, chat messages, email threads	Help you troubleshoot and resolve issues	Up to 24 months after ticket closure

How we use data

Purposes & legal bases (GDPR Article 6)

Provide the Service you request (create documents, track applications, coaching). Legal basis: Contract (Art. 6(1)(b)).
Improve & secure the Service (analytics, troubleshooting, preventing abuse). Legal basis: Legitimate interests (Art. 6(1)(f)).
Communicate about updates, security alerts, and transactional emails. Legal basis: Contract/legitimate interests.
Marketing (only with your consent where required; unsubscribe anytime). Legal basis: Consent (Art. 6(1)(a)).
Compliance with legal obligations (tax, accounting, law enforcement requests). Legal basis: Legal obligation (Art. 6(1)(c)).

AI & third‑party processing

Vendors and international transfers

To deliver AI features, we may process your prompts and content with reputable AI infrastructure providers (e.g., model hosts or API vendors). We use data processing agreements and, where transfers leave the EEA/UK, appropriate safeguards such as Standard Contractual Clauses.

We do not sell personal data. We share it only with processors acting on our instructions, or when required by law.

International users

We may process and store data in countries outside your own. Where we transfer personal data out of the EEA/UK, we rely on lawful transfer mechanisms (e.g., Standard Contractual Clauses) and implement appropriate safeguards.

Changes to this policy

We may update this policy to reflect changes to our practices, technologies, or legal requirements. We will post the updated version here and update the “Last updated” date. If changes are material, we will provide additional notice.

Categories of processors we use