Privacy Policy

Last updated: March 2026

Your privacy is important to us. This Privacy Policy explains what personal data CVCore collects, how we use it, and your rights in relation to it. CVCore acts as the data controller for personal data processed through the platform.

1. Data we collect

We collect the following categories of personal data:

• Account data: email address and password (hashed) when you register

• Profile data: your name, contact details, work history, education, skills, and other CV information you choose to enter

• Usage data: pages visited, features used, CV tailoring history, and application tracking entries

• Payment data: subscription status and billing history. Payment card details are handled entirely by Paddle and never stored by us

• Communications: messages you send us via the contact form

• Technical data: IP address, browser type, and device information collected automatically when you use the Service

2. How we use your data

We use your personal data to:

• Provide, operate, and improve the Service

• Tailor CVs and generate cover letters using AI based on your profile

• Process subscription payments via Paddle

• Send transactional emails (account confirmation, password reset)

• Send optional product updates and career tips (you can unsubscribe at any time)

• Detect and prevent fraud, abuse, and security incidents

• Comply with legal obligations

We do not sell your personal data to third parties.

3. Legal basis for processing

We process your personal data on the following legal bases under the GDPR: performance of a contract (to provide the Service you have signed up for); legitimate interests (to improve the Service and ensure security); consent (for optional marketing communications); and legal obligation (where required by law).

4. Data storage and security

Your data is stored in Supabase-hosted databases within the European Union. We enforce row-level security at the database level, meaning each user can only access their own data. All data is encrypted in transit using TLS and at rest. We retain your data for as long as your account is active. You may delete your account at any time, after which your personal data will be deleted within 30 days.

5. Cookies

CVCore uses strictly necessary cookies to manage your session and authentication. We do not use tracking cookies or third-party advertising cookies. You can disable cookies in your browser settings, but this may affect the functionality of the Service.

6. Third-party services

We use the following third-party services to operate CVCore:

• Supabase — database and authentication (EU-hosted)

• Paddle — payment processing and subscription management

• Anthropic/Groq/OpenAI — AI inference for CV tailoring (data is processed but not stored by AI models)

Each provider is bound by their own privacy policy and, where applicable, data processing agreements with us.

7. Your rights

Under the GDPR, you have the right to:

• Access the personal data we hold about you

• Rectify inaccurate or incomplete data

• Erase your data ("right to be forgotten")

• Restrict or object to certain processing

• Data portability — receive your data in a machine-readable format

• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us. We will respond within 30 days.

8. Children's privacy

CVCore is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice on the platform. The "last updated" date at the top of this page reflects the most recent revision.

10. Contact

For any privacy-related questions or to exercise your rights, please contact us or email us directly if a support email is listed on our website.