Patih
Patih

Legal

Privacy Policy

Last updated: April 23, 2026

Patih (“we,” “us,” or “our”) operates the Patih web application and browser extension (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

By using the Service you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

Account information. When you sign up we collect your email address and a password (hashed by our auth provider, Supabase).

Profile and resume data. You may upload a resume and provide work experience, education, skills, and career preferences. This data is stored in our database and used to power the Service.

Usage data. We log API calls, token usage for AI features, and general interaction data to monitor performance and cost.

Waitlist data. If you join our waitlist we collect your email address.

Analytics data. We use PostHog to capture anonymous usage events (page views, button clicks, feature interactions) and to record session replays of your interactions with the Service. This helps us understand how the product is used and identify bugs. PostHog is configured to mask sensitive form inputs.

Cookies and local storage. We use first-party session cookies managed by Supabase Auth (HttpOnly, Secure, SameSite=Lax) to keep you signed in for up to 30 days, and a PostHog cookie (ph_*) for analytics that persists for 12 months. We do not set third-party advertising cookies.

2. How We Use Your Information

  • To provide and operate the Service, including AI-powered resume parsing and form auto-fill.
  • To send transactional emails (e.g., account confirmation, waitlist updates). We do not send marketing email without your explicit consent.
  • To monitor and improve the Service (aggregated, anonymized analytics).
  • To comply with legal obligations.

We do not sell your personal data to third parties.

3. AI and Resume Processing

Certain features use the Anthropic Claude API to process your resume and profile data. Your data is transmitted to Anthropic solely to generate responses for you and is subject to Anthropic’s privacy policy. Anthropic does not train its models on data sent through the API.

For resumes uploaded as scanned PDFs or images, we may use the OCR.space API to extract text. The file is transmitted over TLS to OCR.space solely for text extraction and is not retained on their systems beyond processing. See OCR.space’s privacy policy.

4. Data Storage and Security

Data is stored in a PostgreSQL database hosted via our infrastructure provider and in Supabase Storage (for resume files). We apply industry-standard security controls including encryption in transit (TLS) and access controls. No system is 100% secure; please use a strong, unique password.

5. Data Retention

We retain your data for as long as your account is active. You may request deletion of your account and associated data at any time by emailing us (see Section 9). We will delete or anonymize your data within 30 days of a verified request, except where retention is required by law.

6. Sub-processors and Sharing With Third Parties

We share data only with the following sub-processors, each engaged under appropriate data protection agreements:

  • Supabase, Inc. — authentication, PostgreSQL database, and file storage for resumes.
  • Anthropic, PBC — AI processing (resume parsing, form fill, career snapshot, job-fit assessment).
  • OCR.space (a9t9 software GmbH) — text extraction from scanned PDF resumes, when applicable.
  • PostHog, Inc. — product analytics and session replay.
  • Vercel, Inc. — application hosting and edge delivery.
  • Legal authorities — if required by law or to protect the rights and safety of Patih and its users.

We do not sell your personal data and do not transfer it for purposes unrelated to operating the Service.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data (“right to be forgotten”).
  • Restrict or object to certain processing.
  • Data portability (receive your data in a structured format).

To exercise these rights, contact us at the address in Section 9.

8. Children’s Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this policy from time to time. We will post the revised policy on this page with an updated “Last updated” date. Continued use of the Service after changes constitutes acceptance.

10. Contact Us

Questions about this policy, or to exercise your rights under Section 7? Reach us at support@patihcopilot.com.

Patih is operated as a sole proprietorship by Josua Golden, based in Indonesia.