Privacy Policy
CV4Devs ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.
1. Information We Collect
Account Information
When you sign in with GitHub, we receive:
- Your GitHub username and display name
- Your email address
- Your profile picture (avatar URL)
CV/Profile Data
Information you provide when building your CV:
- Personal details (name, title, contact information)
- Work experience and education history
- Skills, certifications, and projects
- Any other information you choose to include
Repository Data
When you connect your GitHub account:
- Public repository metadata (names, descriptions, languages)
- Commit counts and contribution statistics
- README content for AI-powered descriptions
Payment Information
We use Stripe for payment processing. We do not store your credit card details. Stripe handles all payment data securely. We only store:
- Stripe customer ID
- Subscription status and plan type
Analytics Data
We use Vercel Analytics, a privacy-friendly, cookieless analytics service that collects:
- Page views and navigation patterns
- Device type and browser (anonymized)
- Geographic region (country-level only)
No personal identifiers are collected through analytics.
2. How We Use Your Information
We use your information to:
- Provide and maintain our CV builder service
- Process your payments and manage subscriptions
- Generate AI-powered CV content and suggestions
- Improve our services based on usage patterns
- Respond to your support requests
- Send important service updates
3. Third-Party Services
We work with trusted third-party service providers to deliver our functionality:
| Category | Purpose | Data Shared |
|---|---|---|
| Authentication Provider | Sign-in and account management | OAuth tokens, profile info |
| Payment Processor | Subscription and billing | Email, payment status |
| AI Service Providers | Content generation and optimization | CV text for processing |
| Security Services | Anti-abuse and bot protection | IP address (hashed) |
| Hosting & Infrastructure | Application hosting and database | Application data |
All service providers are selected for their commitment to data protection and security. Each maintains their own privacy policy governing data handling.
4. Cookies and Similar Technologies
We use essential cookies only:
| Cookie | Purpose | Duration |
|---|---|---|
authjs.session-token | Maintains your login session | Session |
We do not use:
- Tracking cookies
- Advertising cookies
- Third-party analytics cookies
Because we only use essential cookies, no cookie consent banner is required under GDPR.
5. Data Retention
- Account data: Retained while your account is active
- CV data: Retained until you delete it or your account
- Payment records: Retained as required by law (typically 7 years)
- Analytics: Aggregated data retained for 12 months
6. Data Deletion
You can delete your data at any time:
- CV profiles: Delete from the Builder page
- Account: Contact us at /help to request full account deletion
Upon account deletion, we remove:
- All personal information
- All CV profiles and content
- All repository data
Some data may be retained in backups for up to 30 days.
7. Your Rights
Depending on your location, you may have the right to:
Under GDPR (EU/EEA residents):
- Access your personal data
- Correct inaccurate data
- Delete your data ("right to be forgotten")
- Export your data (data portability)
- Object to processing
- Restrict processing
Under CCPA (California residents):
- Know what personal information we collect
- Delete your personal information
- Opt-out of sale (we do not sell personal information)
- Non-discrimination for exercising your rights
To exercise these rights, contact us at /help.
8. Data Security
We implement appropriate security measures including:
- HTTPS encryption for all data transmission
- Encrypted database connections
- Secure session management (httpOnly, sameSite cookies)
- Regular security reviews
9. Children's Privacy
Our service is not intended for children under 13. We do not knowingly collect information from children under 13.
10. International Data Transfers
Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place for any international transfers.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes by:
- Updating the "Last updated" date
- Posting a notice on our website
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Help & Support: /help