עבSign up free

// legal

Privacy Policy

Last updated: May 27, 2026

Trevo.work ("Trevo") is committed to protecting the privacy of its users. This policy explains what information we collect, how we use it, and with whom we share it. It is aligned with the Israeli Privacy Protection Law, 5741-1981 and with GDPR where applicable to EU residents.

1. Data we collect

  • Account data: email address, display name, hashed password (handled by Supabase Auth).
  • CV files: the optional CV you upload, plus the technologies and seniority signal extracted from it for matching.
  • Activity history:jobs you saved, archived, marked "CV sent", and any private notes you wrote.
  • Saved searches: keywords, preferred roles, regions.
  • Payment data (Pro only): processed directly by Paddle. We never see or store your card number.
  • Technical data: IP, browser type, current page URL (only attached when you voluntarily submit a bug report).
  • Security and abuse-prevention logs: IP address, User-Agent, request rate and patterns, accessed paths, and automation/scraping signatures. This data is collected to protect the Service and its catalog against data exfiltration, reverse engineering, and circumvention of plan limits, in line with section 6 of the Terms of Service. Legal basis: Trevo's legitimate interest (Section 11 of the Israeli Privacy Protection Law; Art. 6(1)(f) GDPR).

2. How we use the data

We use the data to:
  • provide the Service (filter jobs, personalize ranking, generate the daily brief);
  • authenticate users and run accounts;
  • send transactional email (signup confirmation, alerts, brief, billing notices);
  • improve the algorithm and the catalog (in aggregate; not personally identifying);
  • comply with legal requirements (invoices, payment audit trail).

3. Third-party processors

We share minimal data with the following providers, only as needed to deliver the Service:
  • Supabase — DB hosting + auth. Stored in EU (eu-central-1).
  • Vercel — application hosting.
  • Paddle — payment processing, invoicing, VAT — Merchant of Record for Pro users.
  • Resend — transactional email delivery.
  • Anthropic / Google AI — CV analysis and brief generation. Data sent only for the inference call, not used to train models.
  • PostHog and Microsoft Clarity — anonymous usage analytics (you can block these with a DNT/Privacy browser extension).
  • Admin access — Trevo administrators may view first-party activity data (last login, in-app actions, and saved searches) associated with your account for operations, support, and service improvement. Detailed behavioural data (session recordings, heatmaps) is collected masked and identified by an anonymous identifier only.
We do not sell personal data to any third party and do not use it for targeted advertising.

4. Data retention

  • Active account — data retained as long as your account is active.
  • CV file — retained until you delete it from /account/cv.
  • Daily briefs — auto-pruned after 90 days.
  • Deleted account — personal data deleted within 30 days. Billing records retained as required by law (7 years).
  • Security and abuse-prevention logs — retained for up to 12 months, or longer if needed to investigate an active incident or for legal proceedings.

5. Your rights

Under Israeli law and GDPR you have the right to:
  • access the data we hold about you;
  • correct or update inaccurate data;
  • request deletion of personal data ("right to be forgotten");
  • export your data in a machine-readable format;
  • lodge a complaint with the Israeli Privacy Protection Authority or your local DPA.
Requests via the contact form. Response within 30 days.

6. Cookies

We use essential cookies for app function (Supabase session cookies) and analytics cookies (PostHog, Clarity). No personally identifying information is stored in cookies. You can block cookies in your browser — some features may not work.

7. Security

We apply industry-standard security: HTTPS everywhere, hashed passwords (bcrypt via Supabase Auth), Row-Level Security on the database, service-role access only from the server. No system is 100% secure though. In the event of a material security incident we will notify affected users and the Israeli Privacy Protection Authority as required.

8. Children under 16

The Service is not directed to minors under 16. We do not knowingly collect data from minors. If we discover an account belongs to a minor it will be removed.

9. Policy changes

Material changes are announced 14 days in advance on this page and by email to Pro users.

10. Contact and company details

Trevo.work — Tel Aviv, Israel. Privacy requests and any other inquiries through /contact.
Privacy Policy · Trevo.work