Privacy Policy

1. Introduction

CvGlo ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CV refinement service ("Service").

By using our Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account or use our Service, we collect:

• Account Information: Name, email address, password
• Profile Information: Any additional profile details you choose to provide
• CV Content: Your uploaded CVs, resumes, and personal information contained within them
• Job Advertisement Data: Job descriptions and requirements you paste into our system
• Communication Data: Messages you send to our support team

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

• Usage Data: How you interact with our Service, features used, time spent
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Server logs, access times, pages viewed, referral URLs
• Cookies and Tracking: Data collected through cookies and similar technologies

2.3 Payment Information

For paid subscriptions:

• Billing Information: Name, billing address, payment method details
• Transaction Data: Payment history, subscription status
• Note: Credit card details are processed by our payment provider (Stripe) and not stored on our servers

3. How We Use Your Information

We use your information to:

3.1 Provide the Service

• Process and refine your CVs based on job advertisements
• Maintain your account and subscription
• Generate refined CV documents for download
• Provide customer support

3.2 Improve Our Service

• Analyze usage patterns to enhance features
• Debug technical issues and improve performance
• Develop new features and functionality
• Conduct research and analytics (in aggregated, non-identifiable form)

3.3 Communication

• Send account-related notifications
• Respond to your inquiries and support requests
• Send service updates and important announcements
• Send marketing communications (with your consent, where required)

3.4 Legal and Security

• Comply with legal obligations
• Protect against fraud and abuse
• Enforce our Terms of Service
• Maintain security and prevent unauthorized access

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your data based on:

• Contract Performance: To provide the Service you've signed up for
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Consent: For marketing communications and non-essential cookies
• Legal Compliance: To comply with applicable laws and regulations

5. Information Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 Service Providers

We may share information with trusted third-party service providers who assist us in:

• Payment processing (Stripe)
• Cloud hosting and storage (Supabase/AWS)
• Email delivery services
• Analytics and monitoring tools
• Customer support platforms

These providers are contractually obligated to protect your data and use it only for specified purposes.

5.3 Legal Requirements

We may disclose your information if required to:

• Comply with legal process, court orders, or government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or others
• Prevent fraud or illegal activities

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

6. Data Security

6.1 Security Measures

We implement reasonable security measures to protect your information:

• Encryption of data in transit and at rest
• Secure authentication protocols
• Regular security audits and monitoring
• Access controls and employee training
• Secure cloud infrastructure

6.2 Data Breach Notification

In the event of a data breach affecting your personal information:

• We will notify you within 72 hours (where required by law)
• We will provide details about the breach and steps being taken
• We will offer guidance on protective measures you can take

6.3 Limitations

No security system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

7.1 Account Data

• We retain your account information and CV data while your account is active
• You may delete your account and data at any time through your account settings
• Some information may be retained for legal compliance or legitimate business purposes

7.2 Retention Periods

• Account Data: Retained while account is active, deleted within 30 days of account closure
• CV Content: Deleted immediately upon account closure or user request
• Usage Logs: Retained for up to 2 years for security and analytics purposes
• Financial Records: Retained as required by law (typically 7 years)

8. Your Privacy Rights

8.1 General Rights

You have the right to:

• Access your personal information
• Update or correct your data
• Delete your account and data
• Export your data
• Opt out of marketing communications

8.2 GDPR Rights (EU/EEA Users)

Under GDPR, you additionally have the right to:

• Data Portability: Receive your data in a structured, machine-readable format
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Restriction: Limit how we process your data
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for consent-based processing

8.3 CCPA Rights (California Users)

Under the California Consumer Privacy Act, you have the right to:

• Know what personal information we collect and how it's used
• Delete personal information we've collected
• Opt out of the sale of personal information (we don't sell data)
• Non-discrimination for exercising your privacy rights

8.4 Exercising Your Rights

To exercise your privacy rights:

• Email: privacy@cvglo.com
• Account Settings: Many rights can be exercised through your account dashboard
• Response Time: We will respond to requests within 30 days (or as required by law)

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function properly
• Analytics Cookies: Help us understand how users interact with our Service
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Used to deliver relevant advertisements (with consent)

9.2 Cookie Management

• You can control cookies through your browser settings
• Disabling essential cookies may affect Service functionality
• You can opt out of analytics tracking through our cookie settings

9.3 Third-Party Tracking

We may use third-party analytics services (e.g., Google Analytics) that use cookies to collect usage information. These services have their own privacy policies.

10. International Data Transfers

10.1 Data Location

Your data may be stored and processed in countries other than your own, including the United States and European Union.

10.2 Transfer Safeguards

For international transfers, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by relevant authorities
• Other legally recognized transfer mechanisms

11. Children's Privacy

11.1 Age Restrictions

Our Service is not intended for children under 18. We do not knowingly collect personal information from children under 18.

11.2 Parental Notice

If you believe we have collected information from a child under 18, please contact us immediately, and we will take steps to remove such information.

12. Changes to This Privacy Policy

12.1 Policy Updates

• We may update this Privacy Policy from time to time
• We will notify you of material changes via email or Service notification
• We will post the updated policy on our website with a new effective date
• Continued use of the Service after changes constitutes acceptance

12.2 Change History

We maintain a record of significant changes to this policy for transparency.

13. Contact Information

13.1 Privacy Questions

If you have questions about this Privacy Policy or our data practices:

Privacy Officer: CvGlo Team
Email: privacy@cvglo.com
Address: [Business Address]
Phone: [Phone Number]

13.2 Data Protection Authority

If you're in the EU/EEA and have concerns about our data practices, you may contact your local data protection authority.

14. Jurisdiction-Specific Information

14.1 European Users (GDPR)

• Data Controller: CvGlo
• EU Representative: [If Applicable]
• Legal Basis: As described in Section 4

14.2 California Users (CCPA)

• Categories of Information: As described in Section 2
• Business Purposes: As described in Section 3
• Third Parties: As described in Section 5

14.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate.