Privacy Policy

5.1 Optional CV PDF import

If you use Import from CV (PDF) on your profile, you upload a PDF to our servers. We validate the file, send its contents to Anthropic (Claude) to extract structured fields (such as work history and education), and show you the results to review before you save. We do not store your PDF file in our database after processing.

We keep a cryptographic hash of the PDF and a log of import jobs (including success or failure status and extracted JSON when complete) to enforce daily import limits, avoid repeat processing of the same file, and troubleshoot errors. Imports are limited to 3 per account per day and additional per-IP rate limits apply.

Anthropic acts as a processor for this step only. Their privacy policy and data handling apply to data sent to their API. Anthropic may process data outside the UK; we rely on appropriate safeguards for international transfers as required by UK GDPR.

5.2 Public CV pages (Publish CV)

When you enable **Publish CV** on your profile and meet our sharing requirements (a display name, at least one work-history entry, and a public link slug), anyone with your link can view a read-only CV page. That page may include your display name, bio, location, skills, education, certifications, languages, achievements, work history, and profile image URL if you set one.

Your email address is not shown on the public CV page. Turn off Publish CV to stop new public access. If you change your display name, your public link slug may update when you save your profile.

You are responsible for checking that you are comfortable sharing the information on your profile before publishing. Do not publish content you do not want others to see.

7.1 Overview

Pathler is built and operated by Pathler Ltd. We use trusted third party providers to host the website, authenticate users, store account data, and (where you follow external links) to point you to learning resources on other sites. This section explains who those providers are and what they do.

We do not sell your personal data to any third party.

7.2 Supabase (authentication and database)

We use Supabase (Supabase, Inc.) as our backend platform. Supabase provides:

• User authentication — email and password sign-up, optional sign-in with Google or LinkedIn, password reset, and session management
• A PostgreSQL database that stores your profile (including CV fields and work history), saved roles, interview answers, and CV import job metadata
• Security features such as row-level access controls on your data

When you create an account or use signed-in features, personal data you provide (such as your email address, profile details, work history, saved roles, and interview notes) is stored in Supabase. Supabase also sets essential cookies or similar storage on your device so you can remain logged in.

Account-related emails (for example email confirmation or password reset, depending on your account settings) are sent through Supabase’s authentication service.

If you choose Continue with Google or Continue with LinkedIn, Supabase redirects you to that provider to sign in. We receive your email address and basic profile information (such as name and profile photo URL) from the provider to create or update your account. We do not receive your Google or LinkedIn password.

Supabase may process data in the United States and other countries. We rely on appropriate safeguards for international transfers as required by UK GDPR. See Supabase’s privacy documentation for how they handle data as a processor.

7.3 Website hosting

The Pathler website (at pathler.co.uk) is hosted on infrastructure operated by our hosting provider so that pages load quickly and securely. The host processes technical data needed to deliver the site, such as your IP address, browser type, request time, and pages requested. This is standard for any website and is used for security, reliability, and troubleshooting.

Hosting access logs are kept for a limited period for operational and security purposes, not for profiling you for marketing.

7.4 Fonts and site software

The site uses the Plus Jakarta Sans typeface, loaded through Next.js in a way that serves font files from our own domain when you visit (rather than requiring your browser to download fonts directly from Google on each page view).

Pathler is built with open-source software including Next.js and React. We do not share your personal data with those projects; they are libraries used to run the site on our servers.

7.5 Analytics

Our cookie banner lets you accept or refuse optional analytics cookies. If you accept analytics cookies, we load Plausible Analytics (plausible.io), a privacy-friendly service that does not use cookies for tracking and does not collect personal data for advertising. Plausible receives page URLs and basic device/browser information so we can see aggregate visit counts and popular pages.

We only activate Plausible when you have given consent through the cookie banner. If you choose essential cookies only, Plausible is not loaded.

7.6 External websites and optional profile images

Many pages on Pathler link to third party websites — for example professional bodies, course providers, regulators, and employers listed in our Resources and Terminology sections. Those sites are run by other organisations. We do not control them and are not responsible for their privacy practices. We encourage you to read their policies before signing up or submitting data to them.

If you add a profile picture URL, it must be an HTTPS link from a supported host (such as GitHub, Gravatar, Google or LinkedIn profile photos, or your Supabase storage bucket). Your browser loads that image from the third party when your profile is displayed. We do not upload those images to our database unless we introduce dedicated storage in future.

7.7 Anthropic (CV PDF import only)

When you choose to import a CV PDF, we send the document to Anthropic’s API so it can return structured text for your profile. Anthropic does not receive your data for any other feature on Pathler. We do not use Anthropic to generate public role guides or interview content shown to other users.

7.8 Rate limiting and lockout storage (production)

In production we may use Upstash Redis or Vercel KV to store short-lived counters and lockout state (for example failed login attempts and API rate limits keyed by IP address). This helps protect the Service across multiple servers. These records are used for security, not for marketing.

7.9 What we do not use

Based on how Pathler works today:

• We do not use payment processors — the Service is free
• We do not run advertising networks or sell your data to advertisers
• We do not offer sign-in with Apple or other providers beyond Google and LinkedIn
• We do not store uploaded CV PDF files in our database after extraction completes

If we add new integrations (for example payments or additional AI features), we will update this policy before or when they go live.