Privacy Policy

1.1 Account Information

When you create an account, we collect your email address, name, and password (stored as a secure hash). If you sign in via Google OAuth, we receive your name, email, and profile picture from Google.

1.2 CV Content

The personal information, work experience, education, and other data you enter into your CVs is stored to provide our services.

1.3 Uploaded Files

Profile photos and images you upload to the canvas editor are stored securely in our cloud storage.

1.4 Usage Data

We collect analytics data including page views, device type, browser type, referral source, and geographic region to improve our services.

1.5 Payment Information

Payment processing is handled by Lemon Squeezy and/or Paddle. We do not store your credit card numbers or bank details. We only receive transaction confirmations and subscription status.

• Provide and maintain our CV builder services
• Process your CV data for PDF generation and template rendering
• Power AI features (content sent to AI providers for processing)
• Generate analytics for your CV performance dashboard
• Send account-related notifications (security, password reset)
• Improve our platform based on usage patterns
• Process payments and manage subscriptions

When you use AI features (bullet points, cover letters, ATS scoring), your CV content is sent to Anthropic's Claude API for processing. This data is used solely to generate your requested content and is not stored by the AI provider for training purposes.

Your data is stored securely using Supabase (hosted on AWS infrastructure). We implement industry-standard security measures including:

• Encrypted data transmission (HTTPS/TLS)
• Secure password hashing
• Row-level security policies on database
• Regular security audits

We do not sell your personal data. We share data only with:

• Supabase — database and authentication provider
• Anthropic — AI content generation (only when you use AI features)
• Lemon Squeezy / Paddle — payment processing
• Apify — LinkedIn data import (only when you use the import feature)

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics are collected server-side without tracking cookies.

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and all associated data
• Export your CV data
• Withdraw consent for data processing

To exercise these rights, contact us at info@cvim.app.

We retain your data for as long as your account is active. If you delete your account, your data will be permanently removed within 30 days. Anonymized analytics data may be retained for service improvement.

Our services are not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

Your data may be processed in servers located in the EU and US (Supabase/AWS infrastructure). We ensure appropriate safeguards are in place for international data transfers.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or platform notification.

For privacy-related questions or requests, contact us at: