Back to NDORFlow

NDORFlow Legal

Privacy Policy

Last updated 28 April 2026

NDORFlow Limited ("NDORFlow", "we", "us") respects your privacy. This Privacy Policy explains what personal data we collect when you use NDORFlow, how we use and share it, how long we keep it, and the rights you have over it. It applies to all visitors and registered users of the Service.

1. Who is the data controller?

NDORFlow is the controller of your personal data. You can contact our privacy team at support@ndor.app.

2. What data we collect

2.1 Account data

  • Email address, display name, password hash, workspace membership.
  • Plan, Credits balance, billing history metadata.
  • IP address, device, browser, and log data captured automatically.

2.2 Uploaded CVs and documents

  • CV files (PDF, DOCX) you upload.
  • Parsed structured representations of those files (sections, experience entries, skills).
  • Cover letters, application packs, and notes you create inside the Service.

2.3 Job application materials

  • Jobs you mark as recommended, applied, or ignored.
  • Fit scores, NDOR analyses, and interview-preparation outputs generated for you.
  • Exported bundles (PDF, Word) you have produced.

2.4 Billing data

  • We do not store your full card or bank details. Payments are processed by Stripe.
  • We store Stripe customer IDs, transaction metadata, subscription status, and receipts linked to your account.

2.5 Cookies & analytics

We use strictly necessary cookies for authentication and session management. We may use first-party analytics to measure feature usage and product performance. Where required by local law (UK/EU), a consent banner is presented for non-essential analytics cookies.

3. How we use your data

  • To provide the Service — parse your CVs, generate tailored outputs, score fit, produce packs, deliver exports.
  • To bill you — process subscriptions and top-ups via Stripe, issue receipts, enforce Credits.
  • To secure the Service — detect abuse, enforce rate-limits, investigate security incidents.
  • To improve the Service — aggregate and anonymised analytics; never to train third-party public AI models with your Content.
  • To communicate with you — transactional email (receipts, security notices, material product changes). Marketing email only with explicit opt-in.
  • To comply with law — respond to lawful requests, meet tax and accounting obligations.

4. Legal bases (UK GDPR / EU GDPR)

  • Contract — to provide the Service you signed up for.
  • Legitimate interests — to secure, debug, and improve the Service; balanced against your rights.
  • Consent — for non-essential analytics cookies and marketing email.
  • Legal obligation — tax, accounting, responding to lawful authority requests.

5. Third-party processors

We rely on the following processors to deliver the Service. Each is bound by a Data Processing Agreement.

  • Supabase — authentication, Postgres database, object storage. Primary region: EU (Frankfurt).
  • Stripe — payment processing, subscription management, Stripe Customer Portal.
  • OpenAI, Anthropic, Google Gemini — large-language-model inference for CV tailoring, cover-letter generation, fit scoring, and interview-preparation outputs. We send the minimum context required for each inference; we do not allow the provider to use your data to train their models (enterprise-grade settings are enabled where available).
  • Gmail OAuth (Google) — optional; only enabled if you connect your Gmail account to send application emails. Scope is limited to drafting and sending from your own account.
  • Email delivery (Resend / SendGrid) — transactional email.
  • Hosting & CDN — application hosting and content-delivery network.
  • PostHog — first-party product analytics. We capture page views and discrete product events (e.g. paid action attempted, paid action completed) to understand how the Service is used and to debug failures. Session-recording is currently disabled. We do not use PostHog for advertising or cross-site tracking. PostHog acts as a processor under our instructions; see the PostHog Privacy Policy and Data Processing Agreement.

6. International transfers

Some processors are located outside the UK / EEA. When we transfer personal data internationally we rely on UK IDTA or EU Standard Contractual Clauses, supplemented by technical safeguards (encryption in transit and at rest) to ensure an adequate level of protection.

7. Security

  • TLS 1.2+ for all traffic.
  • Encryption at rest for the database and object storage.
  • Least-privilege access controls, MFA on administrative accounts.
  • Row-level-security policies gating all user-owned tables.
  • Regular backups; Supabase operates point-in-time recovery.
  • Independent security reviews on major releases.

8. Retention

  • Active accounts. We retain your account data and Content for as long as your account is active.
  • Closed accounts. On account closure, we delete your Content within 90 days, except where we must retain billing records for legal / tax reasons (typically 6 years in the UK).
  • Anonymised metrics. We may retain aggregated, non-identifying usage statistics indefinitely.
  • Backups. Deleted Content may persist in encrypted backups for up to 35 days before rotation.

9. Your rights

Subject to local law, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase data ("right to be forgotten") — subject to retention obligations above.
  • Port your data to another service in a machine-readable format.
  • Restrict or object to processing.
  • Withdraw consent (for consent-based processing).
  • Lodge a complaint with a supervisory authority (in the UK, the Information Commissioner's Office — ico.org.uk).

To exercise any of these rights, email support@ndor.app. We respond within 30 days.

10. Children

The Service is not intended for and may not be used by anyone under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete the account.

11. Automated decision-making

NDORFlow does not make automated decisions that produce legal or similarly significant effects about you. AI-generated CVs, cover letters, and fit scores are decision-support outputs — you review and edit them before acting on them.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email and/or in-product banner at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the current version.

13. Contact

For privacy questions or to exercise your rights, email support@ndor.app. For billing privacy questions, email support@ndor.app. For our Terms of Service and Refund Policy, see /terms and /refund.

Questions about this document? Contact support@ndor.app.

© 2026 NDORFlow. All rights reserved.