CVForge

    Privacy Policy

    Your privacy is important to us. This Privacy Policy explains how CVForge ("we", "our", "us") collects, uses, and protects your personal data when you use our resume-tailoring platform.

    This policy complies with the General Data Protection Regulation (GDPR) and applies to all users in the European Union.

    Last updated: January 2025

    1. Data Controller

    The controller responsible for your personal data is:

    CVForge / Dinoc

    Email (privacy matters): privacy@dinoc.ro

    Email (general support): cvforge@dinoc.ro

    If required by GDPR in the future, a Data Protection Officer (DPO) will be appointed and published here.

    2. Personal Data We Collect

    2.1 Resume Data (User-Provided)

    When you upload a resume, we process:

    • Resume content (experience, education, skills, etc.)
    • PDF or file data (temporary processing only)
    • Metadata (file name, upload timestamp)

    Resume files are not permanently stored unless required for a premium feature.

    2.2 Job Description Data

    When you enter a job description, we collect:

    • Job description text
    • Requirements and qualifications
    • Optional company information

    2.3 Account Data

    If you create an account:

    • Email address
    • Encrypted password
    • Account creation date
    • Token balance
    • Login activity (via Firebase Authentication)

    2.4 Payment Data

    Processed through Stripe:

    • Transaction ID
    • Amount and currency
    • Payment status

    We do not store credit card numbers.

    2.5 Automatically Collected Data

    We may process:

    • IP address
    • Browser and device info
    • Session logs
    • Cookie preferences
    • Clickstream and usage data

    Used for security, debugging, and service improvement.

    3. How We Use Your Data

    3.1 Resume & Job Description Processing

    To:

    • Analyze resume content
    • Tailor resumes to job descriptions
    • Generate Europass PDFs
    • Provide compatibility scoring

    3.2 AI Processing

    To deliver resume tailoring, your provided text may be sent to AI systems such as:

    • OpenAI
    • DeepSeek
    • Google Gemini

    Purpose:

    • Analyze job descriptions
    • Generate or rewrite resume text
    • Produce summaries or suggestions

    ⚠️ AI-generated output is advisory and must be reviewed by you.

    3.3 Account Management

    We use your data to:

    • Authenticate users
    • Provide premium features
    • Track token usage
    • Manage purchases

    3.4 Service Improvement

    Used for:

    • Improving AI accuracy
    • Fixing bugs
    • Monitoring platform performance
    • Preventing fraud or abuse

    4. Legal Bases for Processing (GDPR Article 6)

    We process personal data based on:

    4.1 Contractual Necessity

    To provide resume processing and account services.

    4.2 Consent

    For:

    • Uploading resumes and job descriptions
    • AI processing
    • Cookies (where required)

    4.3 Legitimate Interest

    For:

    • Securing the platform
    • Preventing abuse
    • Improving service performance

    4.4 Legal Obligation

    For tax and accounting requirements related to payments.

    5. Cookies & Local Storage

    We use cookies for:

    Essential Cookies (Always Active)

    • • Security
    • • Session management
    • • Core functionality

    Functional Cookies (With Consent)

    • • Authentication tokens
    • • User preferences
    • • Firebase auth persistence

    Analytics Cookies (Optional)

    If implemented later (e.g., Plausible, Google Analytics).

    You may control cookie preferences via our consent banner.

    6. Data Retention

    Resume Data

    Deleted after processing, typically within 24 hours, unless the user activates a premium storage feature.

    User Accounts

    Retained until you request deletion.

    Payment Data

    Stored by Stripe for 7 years (legal requirement).

    Logs & Security Data

    Typically 30–90 days, unless a longer period is required for abuse prevention.

    7. Data Sharing & Transfers

    We share data with trusted processors:

    • Firebase (authentication)
    • Vercel (app hosting)
    • Fly.io (backend)
    • Stripe (payments)
    • OpenAI / DeepSeek / Gemini (AI processing)

    ⚠️ Some of these processors are located outside the EU.

    To safeguard data, we use:

    • Standard Contractual Clauses (SCCs)
    • Adequacy decisions
    • Contractual safeguards

    8. Automated Decision-Making (GDPR Article 22)

    CVForge uses AI to:

    • Produce resume drafts
    • Suggest tailored content

    However:

    • No hiring decisions are automated
    • No legal or similarly significant effects occur
    • You may request human review or correction

    9. Your Rights (GDPR)

    Your Rights

    • Access your data
    • Correct inaccurate data
    • Delete your data
    • Restrict processing
    • Withdraw consent
    • Transfer your data (portability)
    • Object to processing

    How to Exercise Your Rights

    To exercise rights:

    📧 privacy@dinoc.ro

    You may also file a complaint with your local Data Protection Authority.

    10. Children's Privacy

    CVForge is not intended for users under 16.

    We do not knowingly process children's data.

    11. Security Measures

    We implement:

    • HTTPS encryption
    • Secure password hashing
    • Access controls
    • Regular security updates
    • CSP headers
    • AI data minimization

    12. Policy Updates

    We may update this policy. Changes appear with a new "Last Updated" date. Continued use = acceptance.

    13. Contact

    For privacy questions:

    📧 privacy@dinoc.ro

    For general support:

    📧 cvforge@dinoc.ro
    Back to Home