How our privacy works
In plain words, no jargon: what we do with your CV, who we show it to, and why you can trust us.
The promise in one sentence
No third-party cloud AI ever sees your personal data. Not your name, not your address, not your email, not your phone number, not the name of your current employer.
How it's technically possible
When you upload your CV, here's what happens:
1. Your CV arrives on our servers in Switzerland (Meyrin GE)
↓
2. Our local AI engine (running on our own hardware,
not in the cloud) reads your CV and REPLACES each piece
of personal data with a marker:
"Marie Dupont" → [PERSON]
"marie@email.ch" → [EMAIL]
"Banque Exemple SA" → [COMPANY_X]
"+41 78 234 56 78" → [PHONE]
↓
3. ONLY AT THIS STEP do we send the anonymised CV to our cloud AI partner under EU DPA
(European data processing agreement, zero retention) to
generate your cover letter.
The cloud model sees: "[PERSON] worked at [COMPANY_X] for 4 years..."
The cloud model NEVER sees: "Marie Dupont worked at Banque Exemple SA..."
↓
4. The letter comes back with the markers. Our local engine
replaces them again with your real data BEFORE sending it
to you.
↓
5. The final letter reaches you, complete and personalised,
without any cloud AI ever having seen your information.
Why not just "TLS encrypted" like the others?
Every competitor says "your data is encrypted in transit and at rest". That's marketing. When they call cloud AIs in the backend, they send your data in the clear to them (TLS encryption is invisible to the cloud AI, which sees the content). Your data enters their systems. It may end up in future training sets (depending on their terms). It's visible to their employees on observability dashboards.
We never send your identifiable data — it's our architecture that makes it impossible, not a mere contractual commitment.
Why it matters to you
| If you are... | Why it matters |
|---|---|
| A manager in finance / private banking in CH | Absolute confidentiality vis-à-vis your current employer — a CV leak to your management = career disaster |
| A public-sector / federal employee | Sensitive data subject to the nFADP — you must not expose it outside Switzerland |
| A healthcare / pharma professional | Strict NDAs on your project history, which we can't expose |
| A standard job seeker | Your home address, your AHV number, your family situation — these shouldn't end up in an advertising dataset |
Our three-tier architecture
We do NOT use the same AI for everything — each type of task goes to the right tier, and your data never reaches the riskiest tier.
| Tier | AI | Sees what | Stays where |
|---|---|---|---|
| PII (your data) | Local engine (on our GPUs in Geneva) | Your real CV, your real info | Our servers in Geneva only |
| PREMIUM (reasoning) | Claude (Sonnet) | Anonymised versions with markers | EU DPA, zero retention |
| PUBLIC (indexed listings) | Kimi model | Public job descriptions — NEVER a CV | Public API |
This routing is not a promise: it is enforced by our architecture — a "PII" call cannot technically reach a cloud provider. If our local engine is unavailable, the call fails rather than switching elsewhere. The full technical detail — flow, models, enforcement mechanism, audit trail — is on the page Our privacy approach in technical detail.
Your rights
Compliant with the Swiss nFADP + EU GDPR:
- Access all your data: one click in
/account/export - Correct whatever you want
- Delete your account → all your data erased within 30 days
- Portability: full export in JSON or CSV
- Withdraw consent: at any time, without justification
If you want to dig deeper
- Our privacy approach in technical detail — full PII flow, models, enforcement mechanism, audit trail
- Full privacy policy
- Terms of service
A privacy question not covered here? Write to legal@ninjob.ch — you'll get a person, not a bot.