Privacy Policy

1. Who we are

Cairn is an AI career intelligence platform operated by Arjuna Velayudam as a personal operation. When this policy says "we," "us," or "our," it refers to that operation. When it says "you" or "your," it refers to the person using Cairn.

If you need to reach us about anything in this policy, email velayudamarjuna@gmail.com.

2. What we collect

We collect three kinds of data:

• Account data. When you create an account, we receive an email address and a user identifier from Clerk (our authentication provider). If you sign in with GitHub, Clerk passes us a GitHub account identifier.
• Content you upload or create. Resumes, job descriptions, career notes, opportunity URLs, profile details, generated interview prep, generated cover letters, messages you send to the coach, and anything else you type or upload while using Cairn.
• Usage data. For every AI-generated response, we log the model used, input and output token counts, and our estimated cost. This is tied to your user ID for billing and debugging. We also log normal web server data (timestamps, request paths, error codes).

We do not collect payment card data directly — if billing is ever introduced, a third-party processor will handle it and we will update this policy first.

3. How we use your data

• To provide the service: parse your uploads, generate career maps, research opportunities, draft prep materials, and answer your questions.
• To improve the service: diagnose errors, monitor cost, and understand which features are actually used. We do not use your content to train general AI models.
• To contact you about your account when necessary (service notices, security issues).

We do not sell your data. We do not use your content to train models for anyone else's use.

4. Third parties we share with

Cairn is a small operation that depends on a handful of infrastructure providers. To provide the service, your data passes through:

• Clerk — authentication and session management. Clerk sees your email and account identifier.
• Anthropic (Claude) — AI processing. When you generate content, we send the relevant inputs (your profile, the opportunity, your message) to Claude's API and receive a response. Anthropic's terms and privacy policy govern their handling of that data.
• Railway — hosting and managed PostgreSQL. Your stored data sits on Railway infrastructure.

We only share data with these providers to the extent they need it to deliver their piece of the service. We do not share your data with advertisers, data brokers, or analytics vendors.

5. How long we keep data

While your account is active, we keep your content indefinitely so you can return to it. If you delete your account, we delete your associated content and profile data within 30 days. Aggregated usage logs (token counts and cost, stripped of content) may be retained longer for financial reconciliation.

Backups may take additional time to fully purge after deletion.

6. Your rights

You can, at any time:

• Access the content associated with your account from within the app.
• Correct profile details or delete specific uploads.
• Export your data (contact us if the in-app export does not cover what you need).
• Delete your account, which removes your content per §5.

We will comply with applicable privacy laws for any additional rights your jurisdiction grants you. If you are in a region with specific data protection rules, email us and we will honor a reasonable request within a reasonable time.

7. Cookies and tracking

Cairn uses session cookies set by Clerk to keep you signed in. We do not run third-party advertising trackers, behavioral analytics, or cross-site tracking pixels.

8. Children

Cairn is not directed at children. You must be at least 16 to use it. If we learn we have collected data from someone under 16, we will delete it.

9. International transfers

Cairn's infrastructure is operated in the United States. If you use the service from elsewhere, your data will be transferred to and processed in the United States.

10. Security

We rely on our infrastructure providers (Clerk, Railway, Anthropic) for baseline security and transport encryption. We scope database queries by user ID so your data is not visible to other users. No system is perfectly secure; if a breach affects your account, we will notify you.

11. Changes to this policy

If this policy changes in a material way, we will update the effective date above and notify signed-in users through the app or email. Continued use after a change means you accept the updated policy.

12. Contact

Questions about this policy? Email velayudamarjuna@gmail.com.

This policy is governed by the laws of the State of Delaware, United States, without regard to conflict-of-laws principles.