Privacy Policy
Version 1.0 · Effective: May 19, 2026
This is a convenience translation. The Portuguese version is the official one and prevails in case of any discrepancy.
Review in progress: This version covers the data processed by the backend and the frontend (browser). Future updates will include any new integrations.
1. Who we are
Kore is an AI-powered resume optimization platform, developed and operated by the Kore team. Questions about this policy: suporte@korecv.com
2. What data we collect
2.1 Account data
When you create your account via Supabase Auth, we collect:
- Email address
- Display name (optional)
2.2 Payment data (PIX and Boleto)
When you make a payment via PIX or Boleto, we request:
- Full name
- CPF (Brazilian tax ID)
- Phone
- Full address
Credit/debit card payments don't require a CPF, and your card data never passes through our servers — it is tokenized directly by Mercado Pago.
2.3 Content you create
- Uploaded resumes (text and JSON structure extracted from the PDF)
- Job descriptions
- Configured professional personas and skills
- Application pipeline (Kanban)
2.4 Usage data
- Monthly operation counters by type (resume parsing, job parsing, optimization)
- Credit and purchase history
- Records of optimizations performed
2.5 Browser data
Beyond the data sent to the server, the app uses the browser to store local usage information. This data stays only on your device and is never transmitted to our servers.
Local storage (localStorage)
| Key | Data stored | Removed when |
|---|---|---|
| kore_last_provider | Last login method used (email / GitHub / Google) | Manual browser cleanup |
| kore_onboarding_persona_id | ID of the persona created during onboarding | When onboarding is completed |
| kore_onboarding_resume_id | ID of the resume created during onboarding | When onboarding is completed |
| kore_onboarding_job_score / kore_onboarding_job_tier | ATS score and tier of the job added during onboarding | When onboarding is completed |
| kore_onboarding_highest_step | Furthest step reached during onboarding | When onboarding is completed |
| kore_analytics_consent | User's decision on analytics cookies (accepted / rejected) | Manual browser cleanup |
| panel-width-[id] | Preferred width of the resume editor panels | Manual browser cleanup |
| kore_beta_banner_dismissed | User's preference about the beta version notice (dismissed) | Manual browser cleanup |
| kore:resume-template:[id] | Visual template selected for each resume (kore, compact, or plain). One key per resume, with the resume's UUID in the name. | Manual browser cleanup |
We don't use sessionStorage. None of these values are sent to our server.
Session cookies (Supabase Auth)
We use cookies to keep your session authenticated. They're managed by the @supabase/ssr library and contain signed JWT tokens. They're required for the platform to work and expire when you log out or end the session. We don't use tracking, advertising, or analytics cookies.
Third-party scripts
The mercadopago.com/v2/security.js script is loaded on every page of the app for fraud-prevention purposes, as required by Mercado Pago for use of the payments SDK. This script may collect device and browsing-behavior data in accordance with Mercado Pago's Privacy Policy.
We use Google Analytics 4 to understand how the platform is used (pageviews, navigation flow). This script is loaded only with your explicit consent, given through the banner shown on your first visit. You can revoke consent by clearing your browser's localStorage (the kore_analytics_consent key). Data collected by Google Analytics is governed by Google's Privacy Policy.
3. How we protect your data
Encryption of sensitive data
The following data is encrypted with AES-256-GCM before being stored — we never save it in plain text:
- CPF (we also store a masked version: ***.***.***-09 for display in the interface)
- Phone number
- Full address
Non-encrypted data
- Email (managed by Supabase Auth)
- Full name
- Resume and job content (required for AI processing)
Log protection
Our server logs never record CPF, payment tokens, API keys, PIX QR codes, boleto codes, or any sensitive payment data. These fields are automatically omitted from the logging system.
Authentication
We use JWT (access tokens) via Supabase Auth. No session is stored on the server — authentication is validated on every request.
4. Who we share your data with
Your data is shared only with the services needed to operate the platform:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication and database | Email, user ID |
| Mercado Pago | Payment processing | Name, CPF, phone, address (PIX/Boleto) |
| Anthropic (Claude AI) | AI resume optimization | Resume and job content |
| Voyage AI | Semantic vectorization for ATS matching | Resume and job excerpts |
| Resend | Transactional emails | Email, purchase information |
| Redis | Usage-counter cache | User ID + operation type + month |
The content of your resumes is sent to Anthropic and Voyage AI solely to provide the service. Refer to those services' privacy policies to understand how they handle the data they receive.
We don't sell or share your data with third parties for advertising purposes.
5. Data retention and deletion
When you delete your account
Deletion permanently removes:
- Resumes and jobs
- Configured personas and skills
- Application pipeline
- Payment data (CPF, phone, address)
What is kept after deletion
Financial transaction records — kept in accordance with Brazilian legal requirements (tax and payment-method legislation).
Validity of temporary data
- PIX QR Code: expires in 24 hours
- Boleto: expires in 3 days
- Usage counters: reset monthly
- Onboarding data in localStorage: automatically removed when the flow is completed
6. Your rights (LGPD)
Under Brazil's General Data Protection Law (Law No. 13,709/2018), you have the right to:
- Confirm whether we process your data
- Access the data we hold about you
- Correct incomplete or outdated data
- Delete your personal data (subject to the legal retention of financial records)
- Withdraw consent at any time
To exercise any of these rights, contact us: suporte@korecv.com
7. Changes to this policy
We will notify you of relevant changes by email and update the effective date at the top of this document.
© 2026 Kore · suporte@korecv.com
Back to the app