Hassle Bot
Last updated: 17 April 2026
CDSoft Ltd trading as Hassle Bot
Before you create an account
When you use Hassle Bot without signing up, your conversation is processed by our AI provider (Anthropic) to generate responses.
What we collect
- Consent record: When you accept our terms, we store a record that consent was given, the text shown, and a timestamp. This is linked to a random session identifier — not your name or email.
- Chat messages: Your conversation is stored on Cloudflare infrastructure to maintain context across messages. Messages are keyed to a random visitor identifier.
- Session cookie: We set an HTTP-only cookie (
hb-session) containing a random identifier. No personal information is stored in the cookie.
What we don’t collect
- No name, email, phone number, or account information
- No IP address logging
- No marketing analytics or tracking pixels
How long we keep it
If you chat but don’t create an account, your conversation and session data are automatically deleted after 14 days.
Clearing your data
You don’t have to wait — on the sign-up page, you can click “Not you? Start fresh” to clear your session immediately. This permanently disconnects you from the conversation — we have no way to retrieve it.
What we recommend
Don’t share sensitive personal information (ID numbers, banking details, medical information) in chat. While we don’t link conversations to your identity, the data exists on our infrastructure.
When you create an account
When you sign up or log in, we collect additional information to provide the CV review service.
What we collect
| Data | Why |
|---|---|
| Email address | Account identity, verification, sending your CV review |
| CV file (PDF/Word) | The service — reviewing and rewriting your CV |
| Chat history | Context for your CV review, career goals, conversation with Hassle |
| Payment reference | Record of purchase, transaction ID |
| Consent record | Proof you accepted terms (POPIA requirement) |
All data is stored on Cloudflare infrastructure.
What we don’t collect
- No passwords (we use email verification codes)
- No social media profiles
- No browsing history or device fingerprinting
Cross-device
When you log in on a new device, your account, CV, and chat history are available. We link your new session to your existing account — your data follows you, not the device.
How long we keep it
Your account, CV, and chat history are kept while your account is active. If you don’t log in for 12 months, we’ll email you a warning. If there’s no response after 30 days, your account and all associated data are deleted.
Payment and consent records are kept for 5 years as required by South African tax and consumer protection law.
You can request deletion at any time by contacting us.
Logging out
Logging out clears your session on that device. On a shared computer, log out to prevent the next person from seeing your conversation.
Payment
Payment is processed by PayFast (Network International). We do not see or store your card details. PayFast sends us a confirmation with a transaction reference and amount — no card numbers, no bank details.
Your email address is shared with PayFast for the payment form.
CV processing
Your CV is read by AI (Claude by Anthropic) to generate a review and rewrite. The CV content is sent to Anthropic’s API. Anthropic does not train on API inputs — see their API terms.
The generated rewrite is reviewed by a human before being sent to you. We store the original CV, the AI-generated output, and the final approved version.
Error tracking
We use Sentry to monitor errors in the application. When something goes wrong, Sentry receives technical details about the error — stack traces, request URLs, and browser/OS information (e.g. browser name, operating system). This is not used for tracking or fingerprinting. It does not receive your CV content, chat messages, or email address.
Data processors
| Provider | Role | Location | Legal basis | Terms |
|---|---|---|---|---|
| Cloudflare | Infrastructure (processing at nearest edge, storage in US/EU) | Global | Contract performance | Cloudflare DPA |
| Anthropic | AI processing | US | Contract performance | Commercial Terms |
| PayFast | Payment processing | South Africa | Contract performance | PayFast T&Cs |
| Resend | Transactional email | EU | Contract performance | Resend DPA |
| Sentry | Error tracking | EU | Legitimate interest | Sentry DPA |
All cross-border transfers are disclosed here as required by POPIA Section 72.
Security
All data is transmitted over HTTPS. Authentication uses email verification codes — no passwords are stored. Cloudflare provides infrastructure-level security including DDoS protection and encryption.
Children
Hassle Bot is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.
Your rights under POPIA
As a South African data subject, you have the right to:
- Access — request a copy of your personal information
- Correction — request updates to inaccurate data
- Deletion — request removal of your data
- Object — object to processing for direct marketing
- Complaint — lodge a complaint with the Information Regulator
For pre-registration chat, the “Start fresh” option clears your session immediately. We hold no data that can identify you.
For registered accounts, contact us to exercise your rights. We will respond within 30 days.
Contact
Information Officer: CDSoft Ltd Contact us
Back to chat