Privacy Policy

1. Introduction

CV Cleaner Pro ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service.

Controller identity (MVP stage): CV Cleaner Pro is a founder-led project that has not yet been incorporated as a legal entity. Until incorporation is complete, requests under this Privacy Policy and the GDPR are handled by the founder via privacy@cv-cleaner.pro. The legal entity, postal address, and (if required) an EU Representative under Article 27 GDPR will be disclosed here before we accept enterprise contracts.

2. Information We Collect

2.1 Account Information

• Email address
• Company name (optional)
• Hashed password
• Branding preferences (logo, company name, colors)

2.2 Uploaded Content

• CV/resume files you upload for processing
• Processed output files
• Processing statistics and injection reports

2.3 Usage Data

• Processing history and patterns
• Browser type and version
• IP address (masked to the /24 subnet in our logs)

3. How We Use Information

• Process and clean CVs as requested
• Maintain and improve our detection algorithms
• Provide customer support
• Send service-related notifications
• Prevent fraud and abuse
• Generate anonymous usage analytics
• Comply with legal obligations

4. Data Storage and Security

4.1 Storage

All data is stored on Cloudflare's global network with encryption at rest and in transit.

4.2 Retention

• Uploaded CVs: deleted after 30 days
• Processing history: retained for 12 months
• Account data: retained until account deletion

4.3 Security Measures

• TLS/SSL encryption for all data transmission
• AES-256 encryption at rest
• Regular security audits
• Strict access controls

5. Data Sharing

We share data only with essential service providers:

• Cloudflare — Workers, D1 database, R2 file storage
• Paddle — Payment processing (handles billing data directly; we never see card numbers)
• OpenRouter — LLM routing proxy used for CV parsing and formatting. We instruct OpenRouter to route only to upstream providers that contractually do not retain or train on prompt content (data_collection: "deny"). At MVP stage we rely on OpenRouter's enforcement of this setting; counter-signed paperwork is on the roadmap.
• Google — Sign-In (OAuth) only

See the full GDPR page for transfer mechanisms and locations.

6. Your Rights

• Access your personal data (Art. 15)
• Correct inaccurate data (Art. 16)
• Request data deletion (Art. 17)
• Export your data in a machine-readable format (Art. 20)
• Restrict processing (Art. 18)
• Object to processing (Art. 21)

Exercise your rights through the Settings page (Export My Data, Delete Account) or by emailing privacy@cv-cleaner.pro. We respond to all subject access requests within 30 calendar days as required by Art. 12(3).

7. Cookies

We use only essential cookies for authentication and session management. We do not use tracking cookies or third-party analytics that track individual users. On first visit we show a short notice to confirm this practice; you can review your choice anytime in your browser storage under the key cv-cleaner-cookie-consent.

8. Children's Privacy

Our Service is not intended for users under 18. We do not knowingly collect information from minors.

9. Changes to This Policy

We may update this policy periodically. Significant changes will be communicated via email or in-app notification. Continued use constitutes acceptance.

10. Contact

Privacy questions, subject access requests, or breach reports go to privacy@cv-cleaner.pro. At MVP stage we have not formally designated a Data Protection Officer under Article 37 GDPR — the privacy contact above is the founder. A DPO will be appointed if and when our processing meets the Article 37 thresholds or a customer contract requires it. For broader GDPR enquiries see our GDPR page.