Skip to main content

Privacy Policy

Last updated: 2026-04-21

Offery (“the Service”) respects and is committed to protecting user privacy. This policy explains what data we collect, why we collect it, how it is used, and the rights you have over your personal data. By using the Service, you agree to this policy.

1. Data We Collect

  • Account info: email, name, Google OAuth identifier (if you sign in with Google)
  • User-created content: resumes, cover letters, job application records, interview practice data (text, audio, AI responses)
  • Subscription info: Stripe Customer ID, subscription status and billing cycles (credit card data is handled by Stripe and is never stored by the Service)
  • System identifiers: Supabase User ID, API tokens
  • Usage logs: operation logs, error traces, IP addresses (used only for security and debugging)

2. Purposes

  • Provide core functionality: job tracking, AI resume optimization, interview simulation
  • Process Pro subscription billing
  • Maintain security, prevent abuse, debug and improve the Service
  • Respond to your account management requests (query, correction, deletion)

3. Third-Party Processors

To deliver the Service, we share necessary data with the following processors. Each is bound by its own privacy policy:

  • Supabase (US / Singapore): database, authentication, file storage
  • Stripe (US): subscription billing and payment processing
  • Google (US): OAuth sign-in
  • Google Gemini API (US): AI resume optimization, cover letter generation, interview evaluation
  • Vercel (global CDN): website hosting and deployment

4. Retention

Data is retained while your account exists. When you delete your account, we will remove all personally identifiable data within 30 days, except where retention is required by law (such as subscription billing records).

5. Your Rights

Under Article 3 of Taiwan's Personal Data Protection Act, you have the following rights. Most can be exercised directly from the settings page, or you may email us:

  • Access and view your personal data
  • Request a copy
  • Request supplement or correction
  • Request cessation of collection, processing or use
  • Request deletion

6. Cookies

The Service uses only essential session cookies (SameSite=Lax) to maintain sign-in state. No third-party tracking or behavioral analytics cookies are used.

7. Security

  • HTTPS encryption for all traffic
  • Row Level Security (RLS) on the database; users can access only their own data
  • Stripe Webhook signature verification to prevent forged requests
  • Passwords are stored as bcrypt hashes via Supabase Auth and cannot be recovered

8. Minors

Users under 18 must obtain consent from a legal guardian. If you are a guardian and believe your child registered without consent, please contact us for account removal.

9. Changes to This Policy

Material changes will be announced in-product or via email, and the “Last updated” date on this page will be revised. Continued use after changes constitutes acceptance.

10. Contact

For privacy questions, complaints, or to exercise your rights, email us at timshih@thdg.site. We aim to respond within 30 days.