← Back to home

Privacy Policy

Last updated: 7 March 2026

Table of Contents

  1. Who We Are
  2. What Data We Collect
  3. Why We Collect Your Data
  4. How We Store Your Data
  5. Third-Party Services
  6. Cookies and Tracking
  7. Your Data Protection Rights
  8. How to Exercise Your Rights
  9. Data Retention
  10. Children's Privacy
  11. Changes to This Policy
  12. Contact Us

1. Who We Are

Katalyst is a web platform operated at getkatalyst.dev. We provide tools for job seekers and freelancers, including an AI-powered CV builder, job application tracker, interview preparation tools, invoice generator, expense tracker, tax calculator, and proposal generator.

For the purposes of applicable data protection laws, including the UK GDPR, EU GDPR, and the Data Protection Act 2018, Katalyst is the data controller responsible for your personal data.

2. What Data We Collect

We collect and process the following categories of personal data:

Account Information

  • Name, email address, and profile picture — provided when you create an account via our authentication provider (Clerk)

CV and Career Data

  • Personal details you enter into your CV (name, address, phone number, professional links)
  • Work experience, education history, skills, and certifications
  • Cover letters and professional summaries

Job Application Data

  • Companies and roles you are tracking, application status, and interview notes
  • STAR stories and interview preparation materials

Financial and Business Data

  • Invoice details, expense records, client contact information, and proposal content
  • Bank details for display on your invoices (sort code, account number, account name)
  • Business name, address, VAT number, and related settings

AI Usage Data

  • Content sent to our AI features (such as CV bullet points, job descriptions, and proposal briefs) in order to generate suggestions
  • Usage counts and feature usage records

Usage Analytics

  • Pages visited, features used, and interactions within the platform — collected via PostHog analytics

Payment Information

  • Payment processing is managed entirely by Stripe. We never see, receive, or store your payment card numbers. Stripe provides us with your subscription status, billing email, and transaction history.

3. Why We Collect Your Data

We process your personal data for the following purposes:

  • To provide the service: Creating and storing your CVs, tracking job applications, generating invoices, managing expenses, and all other platform functionality
  • To provide AI features: Sending relevant content to our AI provider to generate suggestions, enhancements, and analysis
  • To process payments: Managing your subscription, processing upgrades and cancellations via Stripe
  • To improve the product: Understanding how features are used so we can make the platform better
  • To communicate with you: Sending account-related emails such as billing confirmations, security alerts, and service updates
  • To send marketing communications: Only if you have explicitly opted in, and you can unsubscribe at any time

Our lawful bases for processing under applicable data protection law are: performance of a contract (providing the service you signed up for), legitimate interests (improving the product and preventing fraud), and consent (marketing communications and optional analytics).

4. How We Store Your Data

  • Your data is stored in Supabase (PostgreSQL database) with servers located in the European Union
  • All data is encrypted at rest and in transit using TLS 1.2 or higher
  • Bank details stored for invoice display are additionally encrypted at the application level using AES-256 encryption
  • Row Level Security (RLS) is enforced at the database level, ensuring that users can only ever access their own data
  • Payment card data is handled entirely by Stripe, which is PCI DSS Level 1 compliant — the highest level of payment security certification
  • We do not store passwords. Authentication is handled by Clerk using industry-standard security practices

5. Third-Party Services

We use the following third-party services to operate Katalyst. Each service only receives the minimum data necessary to perform its function:

  • Clerk (authentication) — Processes your name, email address, and profile picture to manage your account and sign-in sessions
  • Stripe (payments) — Processes payment card details and billing address for subscription payments. Stripe is PCI DSS Level 1 compliant
  • Anthropic / Claude (AI features) — Receives CV content, job descriptions, and other relevant text when you use AI-powered features such as bullet point enhancement, summary generation, and proposal drafting. Anthropic does not store user prompts or outputs for the purpose of training AI models
  • PostHog (analytics) — Receives anonymised usage data to help us understand how features are used. PostHog is hosted in the EU
  • Vercel (hosting) — Serves the application and handles web requests
  • MailerLite (email marketing) — Receives your email address only if you explicitly opt in to marketing communications

6. Cookies and Tracking

We use a minimal number of cookies:

Essential Cookies

  • Clerk session cookies — Required for authentication and keeping you signed in. These cannot be disabled as they are necessary for the service to function.

Analytics Cookies

  • PostHog — Used to collect anonymised usage data. These are optional and can be declined via our cookie consent banner. If you decline, no analytics cookies are set and no usage data is collected.

We do not use advertising cookies. We do not use third-party tracking cookies. We do not sell or share your data with advertisers.

7. Your Data Protection Rights

Under applicable data protection laws (including GDPR), you have the following rights:

  • Right of access — You can download a copy of all your personal data at any time from your Settings page
  • Right to rectification — You can edit and update your personal data at any time within the platform
  • Right to erasure — You can delete your account from your Settings page. This permanently and immediately removes all of your data from our systems
  • Right to data portability — You can export all of your data in JSON format from your Settings page
  • Right to object — You can opt out of analytics data collection via the cookie consent settings
  • Right to restrict processing — You can request that we restrict the processing of your data by contacting us
  • Right to withdraw consent — Where we rely on your consent (such as marketing emails or analytics), you can withdraw that consent at any time by updating your preferences

8. How to Exercise Your Rights

Most rights can be exercised directly within the platform:

  • Download your data: Go to Settings and click "Download My Data"
  • Delete your account: Go to Settings and click "Delete My Account". This will permanently delete all your data, cancel any active subscription, and remove your authentication account
  • Update your information: Edit your details directly in the relevant section of the platform

For any other requests, or if you need assistance, contact us at privacy@getkatalyst.dev. We will respond to your request within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Data Retention

We retain your personal data for as long as your account is active and you continue to use the service. When you delete your account, all of your data is permanently deleted from our systems immediately. We do not soft-delete or archive your data — it is fully removed. Stripe may retain transaction records in accordance with their own data retention policies and legal obligations.

10. Children's Privacy

Katalyst is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information as quickly as possible. If you believe a child under 16 has provided us with personal data, please contact us at privacy@getkatalyst.dev.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. If we make significant changes, we will notify you by email or through a prominent notice within the platform. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this privacy policy or how we handle your personal data, please contact us: