Subprocessors

Third-party services that process data on behalf of myceve. We carefully vet each provider for security, compliance, and data protection standards.

Last updated: February 2026. We notify users of changes to this list at least 30 days in advance via email.

Convex

United States

Real-time database, file storage, and backend functions

Data processed: CV content, user profiles, job applications, uploaded files

Clerk

United States

Authentication and user identity management

Data processed: Email addresses, names, OAuth tokens, session data

Stripe

United States

Payment processing and subscription management

Data processed: Payment method tokens, subscription status, billing emails

Anthropic (Claude)

United States

AI-powered CV adaptation, ATS scoring, and content generation

Data processed: CV text content (personal info excluded via data minimization)

Google (Gemini)

United States

AI model for scoring, analysis, content generation, and verification

Data processed: CV text content (personal info excluded via data minimization)

Resend

United States

Transactional email delivery

Data processed: Email addresses, email content (welcome, receipts, notifications)

Sentry

United States

Error monitoring and performance tracking

Data processed: Error stack traces, performance metrics, anonymized user context

Vercel

Global (edge network)

Frontend hosting, edge functions, and CDN

Data processed: HTTP requests, IP addresses (for rate limiting), static assets

PostHog

United States / EU

Product analytics (consent-gated)

Data processed: Page views, feature usage events (only with user consent)

Data Protection Measures

All subprocessors maintain SOC 2 Type II or equivalent certifications.
Data Processing Agreements (DPAs) are in place with each subprocessor.
AI providers receive CV content with personal information excluded (data minimization), except where functionally required (e.g. cover letter personalization).
Analytics data is only collected with explicit user consent (cookie banner).
For questions about our subprocessors, contact contact@myceve.app.

Back to Security

Subprocessors

Third-party services that process data on behalf of myceve. We carefully vet each provider for security, compliance, and data protection standards.

Last updated: February 2026. We notify users of changes to this list at least 30 days in advance via email.

Convex

United States

Real-time database, file storage, and backend functions

Data processed: CV content, user profiles, job applications, uploaded files

Clerk

United States

Authentication and user identity management

Data processed: Email addresses, names, OAuth tokens, session data

Stripe

United States

Payment processing and subscription management

Data processed: Payment method tokens, subscription status, billing emails

Anthropic (Claude)

United States

AI-powered CV adaptation, ATS scoring, and content generation

Data processed: CV text content (personal info excluded via data minimization)

Google (Gemini)

United States

AI model for scoring, analysis, content generation, and verification

Data processed: CV text content (personal info excluded via data minimization)

Resend

United States

Transactional email delivery

Data processed: Email addresses, email content (welcome, receipts, notifications)

Sentry

United States

Error monitoring and performance tracking

Data processed: Error stack traces, performance metrics, anonymized user context

Vercel

Global (edge network)

Frontend hosting, edge functions, and CDN

Data processed: HTTP requests, IP addresses (for rate limiting), static assets

PostHog

United States / EU

Product analytics (consent-gated)

Data processed: Page views, feature usage events (only with user consent)

Data Protection Measures

All subprocessors maintain SOC 2 Type II or equivalent certifications.
Data Processing Agreements (DPAs) are in place with each subprocessor.
AI providers receive CV content with personal information excluded (data minimization), except where functionally required (e.g. cover letter personalization).
Analytics data is only collected with explicit user consent (cookie banner).
For questions about our subprocessors, contact contact@myceve.app.