Legible

Legible

Privacy Policy

Private beta privacy posture

Privacy Policy

This policy describes the current privacy posture for Legible as it moves toward a private beta. Final company details, subprocessors, hosting choices, and any live analytics or payment services will be added before the public paid service goes live.

Current operating posture

Legible is being developed as a minimal-data, session-led service. The current preview does not require an account, and the intended launch posture is to avoid non-essential tracking by default.

1. What this policy covers

This policy describes how Legible may handle personal data when users visit the website, submit case materials, receive a diagnosis, or use the rewrite service.

2. Controller and contact

Legible is operated by Mikkel Damberg Hadsbjerg, Talent Acquisition Leader. For data-protection requests or privacy questions, please use the contact details in Section 11 below. A registered business address and any additional entity details will be confirmed before the public paid service goes live.

3. Data we may collect

  • Role target and challenge statement entered by the user
  • Uploaded CVs or resumes
  • Uploaded or pasted job descriptions
  • Email address provided at the access step, used solely to deliver the rebuilt CV
  • Email address provided when opting in to marketing communications, where the opt-in checkbox on the results screen is explicitly ticked
  • Billing and checkout metadata if a paid service is enabled, such as payment status, amount, currency, and transaction reference
  • Basic technical and analytics data if analytics is enabled

4. Why we process this data

  • To review a submitted case and identify the main blocker affecting interview conversion
  • To generate rewritten outputs if the paid rebuild is used
  • To deliver the rebuilt CV and cover letter to the email address provided at the access step
  • To send marketing communications — product updates, tips, and follow-ups — where explicit opt-in consent has been given
  • To process payments, confirm fulfilment, issue receipts where applicable, and handle refunds or billing support if paid service is enabled
  • To operate, secure, troubleshoot, and improve the service

5. Lawful basis

Legible intends to rely on the following lawful bases, subject to final review once the live stack and company setup are chosen:

  • Website operation: legitimate interests or contract-preparatory processing
  • Case review and rebuild generation: steps taken at the user's request before or during service delivery
  • Delivery of rebuilt materials by email: contract performance — the email address is provided specifically to receive the output
  • Marketing communications: consent — the opt-in checkbox on the results screen must be explicitly ticked before any marketing email is sent. Consent can be withdrawn at any time by emailing privacy@legible.cv or by using the unsubscribe link in any marketing email
  • Payment processing and paid-service fulfilment: contract performance and related legal obligations where applicable
  • Analytics: only if justified and implemented in a privacy-respecting manner

6. Retention and deletion

Legible's current working model is session-based handling with no long-term document retention by default.

  • Uploaded CVs and job descriptions: used for the current-session review only; not stored by Legible after the session
  • Challenge statements and role targets: used for the current-session review only; not stored by Legible after the session
  • Generated outputs: displayed in-session and delivered by email; not stored by Legible after delivery
  • Delivery email address: passed to Resend to send the rebuilt CV; not retained by Legible after the send call. Resend may retain delivery logs in accordance with their own privacy policy (resend.com/privacy)
  • Marketing opt-in email address: retained in Resend Audiences until consent is withdrawn. To unsubscribe, use the link in any marketing email or write to privacy@legible.cv
  • Billing and checkout records: retained only as needed for payment reconciliation, refund handling, dispute management, bookkeeping, and legal obligations once payments go live
  • Logs and analytics: to be defined once the live hosting stack is chosen

7. Automated processing and transparency

Legible uses automated processing to review submitted materials, identify likely blockers, and generate draft outputs. The service is intended as review and drafting assistance, not as an automated hiring or employment decision system. Users remain responsible for reviewing any diagnosis, rewrite, or generated material before using it in job applications or public profiles.

8. User rights

If Legible processes personal data of individuals in the EEA or United Kingdom, users may have rights under applicable data-protection law, including access, rectification, erasure, restriction, objection, and portability where applicable.

9. International processing and subprocessors

The following processors are currently active or in use during the private beta:

  • Resend (resend.com) — transactional and marketing email delivery. Email addresses provided at the access step and any marketing opt-in email addresses are processed by Resend. Resend is based in the United States. See resend.com/privacy.
  • Netlify — hosting and serverless function execution. All service requests are handled via Netlify infrastructure. See netlify.com/privacy.
  • OpenAI — AI model provider used for case review, diagnosis, and rewrite generation. Submitted materials including CV text, job descriptions, and challenge statements are processed by OpenAI. See openai.com/privacy.

Legible intends to add Stripe Checkout for the first live payment flow. No live payment processing is active in the current private beta. This list will be updated before the paid service opens publicly.

10. Analytics and cookies

Legible intends to launch with a minimal analytics posture and without advertising or cross-site behavioral profiling. If non-essential tracking technologies are added, the website should provide any notice and consent mechanism required by applicable law.

11. Contact

Legible is operated by Mikkel Damberg Hadsbjerg. For data-protection requests, questions about this policy, or to exercise your rights under applicable law, please write to: privacy@signaldesk.io. A registered business address will be confirmed before the paid service goes live.