CVForge

    Data Processing Agreement (DPA)

    This Data Processing Agreement ("Agreement") forms part of the Terms of Service between:

    CVForge / Dinoc ("Processor" / "Controller")

    and

    You, the User ("Data Subject" / "Controller")

    depending on the processing context described below.

    1. Definitions

    • "Personal Data" — any data relating to an identifiable person.
    • "Processing" — any operation performed on personal data.
    • "Controller" — entity determining purpose and means of processing.
    • "Processor" — entity processing data on behalf of Controller.
    • "Sub-processors" — third parties assisting in processing activities.

    2. Role of the Parties

    2.1 CVForge as Data Processor

    When you upload:

    • Resumes
    • Job descriptions
    • Profile photos

    CVForge processes this data solely on your instruction.

    2.2 CVForge as Data Controller

    For:

    • Account data
    • Authentication data
    • Payment records
    • Analytics & logs

    CVForge is the Controller.

    3. Subject Matter of Processing

    The processing involves:

    • Resume parsing
    • AI analysis
    • Job description matching
    • Europass generation
    • Account management
    • Fraud detection
    • Payment verification

    4. Duration of Processing

    • Resume files: ~24 hours (temporary processing)
    • Job descriptions: temporary only
    • Account data: until deletion
    • Payment data: 7 years (legal requirement)

    Processing ends upon:

    • Account deletion
    • Resume deletion request
    • User withdrawal of consent

    5. Processor Obligations (CVForge)

    CVForge agrees to:

    1. Process data only on documented instructions from the user
    2. Maintain confidentiality
    3. Implement appropriate technical and organizational security measures
    4. Assist the user with GDPR rights requests
    5. Notify users of personal data breaches
    6. Delete or return personal data upon request
    7. Make information available for audit purposes

    6. Sub-Processors

    CVForge may use:

    • Firebase (Google) – authentication
    • Stripe – payments
    • Vercel – hosting
    • Fly.io – backend hosting
    • OpenAI / DeepSeek / Gemini – AI processing

    CVForge ensures all sub-processors follow GDPR safeguards.

    7. International Transfers

    Some sub-processors operate outside the EU.

    Cross-border transfers are protected by:

    • Standard Contractual Clauses (SCCs)
    • Adequacy decisions
    • Contractual safeguards

    8. Data Subject Rights

    Users may exercise rights:

    • Access
    • Rectification
    • Deletion
    • Portability
    • Restriction
    • Objection

    Requests:

    📧 privacy@dinoc.ro

    9. Security Measures

    CVForge employs:

    • HTTPS encryption
    • Secure password hashing
    • CSP headers
    • Access controls
    • Data minimization
    • Regular security updates

    10. Termination

    Upon termination:

    • Processor deletes all personal data
    • Unless retention is legally required

    11. Contact

    For DPA matters:

    📧 privacy@dinoc.ro
    Back to Home