← Back to barrage.cv

Privacy Policy

Last updated: February 27, 2026

1. Information We Collect

When you use barrage.cv, we collect and process the following information:

  • Account information: name, email address, and password (hashed with bcrypt)
  • LinkedIn credentials: your LinkedIn email and password, encrypted with AES-256-CBC
  • Resume data: uploaded resume PDFs and AI-extracted profile information (skills, experience, education)
  • Job preferences: search filters, location, experience level, and exclusion criteria
  • Application data: job titles, companies, application answers, and submission status
  • Payment information: processed securely through Stripe — we never store your card details

2. How We Use Your Data

We use your information to:

  • Automate LinkedIn Easy Apply job applications on your behalf
  • Generate AI-powered answers to screening questions using your resume context
  • Manage your account and subscription
  • Send transactional emails (welcome, password reset, run notifications)
  • Improve the Service and fix bugs

We do not sell your personal data to third parties. We do not use your data for advertising.

3. Data Security

We take security seriously:

  • LinkedIn credentials are encrypted with AES-256-CBC and only decrypted at runtime during active automation sessions
  • Passwords are hashed with bcrypt (12 rounds) and never stored in plaintext
  • Payment data is handled entirely by Stripe — we never see or store your card number
  • Database is hosted on a private server with restricted access
  • Network traffic uses HTTPS/TLS encryption end-to-end

4. Third-Party Services

We use the following third-party services to operate:

  • Stripe — payment processing (their privacy policy)
  • Google OAuth — optional sign-in with Google (their privacy policy)
  • OpenRouter / OpenAI — AI-powered question answering (your resume context is sent to generate answers)
  • Brevo — transactional email delivery
  • iProyal — proxy services for secure browser automation

5. Cookies

We use essential cookies for authentication (session management via NextAuth.js). We do not use tracking or advertising cookies.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete all your personal data, including LinkedIn credentials, resumes, and application history, within 30 days.

Anonymized usage statistics may be retained for service improvement purposes.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to processing of your data

To exercise any of these rights, email us at hello@barrage.cv.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email. Continued use after changes constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions or requests, contact us at hello@barrage.cv.