Privacy Policy

Last updated: 11 March 2026

Beecome ("we", "us", "our") is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Contact us at privacy@beecome.ai.

1. What data we collect

  • Account data: name, email address, and hashed password (or Google account identifier if you use Google sign-in).
  • Profile data: work experience, education, skills, languages, projects, and other CV content you enter.
  • Generated CVs: tailored CV documents we produce for you, stored against your account.
  • Payment data: transaction records (pack purchased, amount, date). We do not store card details | payments are handled entirely by Stripe, who are PCI-DSS compliant.
  • Usage data: IP address, browser type, and timestamps collected via server logs.
  • Analytics data: page views, session duration, approximate geographic location (country/city level), and device type | collected via Google Analytics 4. This data is aggregated and not linked to your account.

2. How we use your data

  • To provide the Beecome service (legal basis: contract performance).
  • To process payments and maintain your Nectra balance (legal basis: contract performance).
  • To send transaction receipts (legal basis: contract performance).
  • To improve our service (legal basis: legitimate interests).
  • To comply with financial record-keeping obligations (legal basis: legal obligation).

3. AI processing

When you generate a CV, your profile data and job description are sent to third-party AI providers for processing. Those providers act as data processors on our behalf. Do not include sensitive personal data (health information, national insurance number, etc.) in your profile.

4. Third-party processors

  • Stripe | payment processing (USA, under UK adequacy/SCCs)
  • Anthropic | AI CV generation (USA, under UK adequacy/SCCs)
  • Google | AI CV generation (USA, under UK adequacy/SCCs)
  • Turso | database hosting (EU/USA)
  • Google Analytics | aggregate usage analytics (USA, under UK adequacy/SCCs). See Google's privacy policy.

We do not sell your data to any third party.

5. Data retention

Your data is retained while your account is active. On account deletion, personal data is removed within 30 days. Financial records are retained for 7 years as required by UK law.

6. Your rights

Under UK GDPR you have the right to access, correct, delete, and export your data. You can export all data from your profile page at any time. For other requests, email privacy@beecome.ai. You may also lodge a complaint with the ICO at ico.org.uk.

7. Cookies

We use a session cookie to keep you logged in and Google Analytics cookies to understand aggregate usage. No advertising or remarketing cookies are used. See our Cookie Policy.

8. Security

Passwords are hashed. All data is encrypted in transit using TLS 1.3 and encrypted at rest using AES-256. No system is completely secure | please use a strong, unique password.

9. Changes

Material changes will be notified by email or site notice. Continued use after changes constitutes acceptance.