Privacy & Trust

Your career history is some of the most personal data you have. ArcLucid is built so that your trust isn't something you have to take on faith - it's enforced by how the product works.

We hold your email and a secured hash of your password - used only to sign you in. We hold an encrypted blob of your CV data that we cannot decrypt; the key is derived from your password in your browser and never reaches our servers. Your CV data leaves your browser only as ciphertext (to sync across your devices) or briefly as plaintext to the AI provider for inference. If you lose your password you can reset it by email - but your CV data is recoverable only if you remember the recovery phrase you set at signup.

How it works

We cannot read your CV

Your CV, skills, analyses, and chats are encrypted on your device before they ever reach us. We store an opaque blob of ciphertext - we hold no key that can unlock it.

The key is yours alone

The key that decrypts your data is derived from your password inside your browser and never leaves it. Not in our database, not in our logs, not anywhere we can reach.

The AI sees it only to help you

When AI analyses your CV, the relevant text is sent for that single inference and is never logged or retained. That is the only moment your data exists as plaintext outside your device.

The honest trade-off

Real privacy has a cost: because we genuinely cannot read your data, we also cannot recover it for you. If you forget your password and your recovery phrase, your CV data is gone for good. This is the same trade-off as a password manager - and it is the price of a guarantee that actually holds.

Your rights, your control

Export everything

One click decrypts all of your data on your device and downloads it as a readable file. Because only you hold the key, only you can produce it.

Delete everything

One click permanently erases your account, your encrypted data, your keys, and our usage counters - and hands you a deletion receipt. After that, the email simply has no account.

See every AI decision

Every time AI touches your data we record the model, the version, and a fingerprint of what went in and came out - fingerprints only, never the content - so you can see what happened.

Informed consent, up front

Before you add anything, we show you plainly what we collect, where it goes, and on what basis - and record your agreement. No fine print, no surprises.

These mechanics are designed to honour your rights under GDPR (access & erasure) and equivalent laws, and the transparency duties of the EU AI Act for AI that assesses people.

Verifiable, not just promised

A privacy promise is only as good as the code behind it. Ours is checked automatically: every data field, every place data is stored, and every outside service is inventoried and tested in our codebase, so the promise can't quietly drift as the product grows. A full read of our database cannot reconstruct a single field of anyone's CV.