Privacy policy.
Last updated 25 April 2026
1. Who we are
Hustle Report (sole trader, Erdem Volkan) operates the Hustle Report service at hustlereport.co. We are the data controller for the personal data described in this policy. You can contact us at hello@hustlereport.co.
2. What data we collect and why
| Data | Purpose | Legal basis |
|---|---|---|
| Email address | Account creation, weekly reports, transactional emails | Contract performance |
| CV / résumé (PDF text) | AI skill extraction to match side hustle opportunities | Contract performance |
| Bank statement (optional) | Subscription and money-leak detection | Explicit consent at upload |
| Salary and role details | Salary gap analysis and income forecasting | Contract performance |
| Postcode (outward part) | City-level salary benchmarking | Contract performance |
| Income log entries | Progress tracking and forecast calibration | Contract performance |
| IP address (hashed) | Fraud / abuse prevention, referral attribution | Legitimate interests |
| Usage analytics (anonymous) | Product improvement | Legitimate interests |
3. CV and bank data handling
Your CV is processed by Anthropic’s Claude API solely to extract skills, seniority and experience. The raw PDF text is not stored permanently; only the extracted structured data is saved to your profile. Bank statements you upload are analysed in-memory and immediately discarded — we store only the list of detected subscriptions and leak amounts, never your raw transaction data.
4. Third-party processors
- Supabase (EU region) — database and authentication. Privacy policy.
- Anthropic — CV text processing via Claude API. Data is not used to train models per our API agreement. Privacy policy.
- Stripe — payment processing. We never see or store card numbers. Privacy policy.
- Resend — transactional email delivery. Privacy policy.
- Adzuna — live job and salary data. We query their API; no personal data is shared. Privacy policy.
- Vercel — hosting and edge network. Privacy policy.
5. Data retention
Account data is retained for as long as your subscription is active plus 90 days to allow for reactivation. After account deletion we purge all personal data within 30 days. Anonymised aggregates (e.g. city-level salary medians) may be retained indefinitely.
6. Your rights (UK GDPR / GDPR)
You have the right to access, rectify, erase, restrict or port your personal data, and to object to processing based on legitimate interests. To exercise any of these rights, email hello@hustlereport.co with “Data request” in the subject line. We will respond within 30 days. You also have the right to lodge a complaint with the UK ICO at ico.org.uk.
7. Cookies
We set two first-party cookies: hr_locale (stores your preferred region, expires 1 year) and hr_ref (stores a referral code for attribution, expires 30 days). No advertising or cross-site tracking cookies are used. Supabase sets a session cookie for authentication.
8. Security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256 via Supabase). Row-level security policies restrict database access so each user can only read their own data. Admin access is logged.
9. Changes to this policy
We will email active subscribers if we make material changes. The “Last updated” date at the top of this page always reflects the most recent revision.
10. Contact
Questions about this policy: hello@hustlereport.co