CVForge

    Privacy Policy

    Your privacy is important to us. This policy explains how we collect, use, and protect your information.

    Last updated: January 2025

    Information We Collect

    Resume Data

    When you upload your resume, we collect:

    • Resume content (work experience, education, skills, etc.)
    • PDF file data (temporarily stored for processing)
    • Resume metadata (file name, upload date)

    Job Description Data

    When you provide a job description, we collect:

    • Job description text
    • Job requirements and qualifications
    • Company information (if provided)

    User Account Data

    If you create an account, we collect:

    • Email address
    • Password (encrypted, never stored in plain text)
    • Account creation date
    • Token balance (for premium features)

    Payment Data

    When you make a payment, we process:

    • Payment amount and currency
    • Payment status (via Stripe)
    • Transaction ID
    • Note: We do not store credit card information. All payment processing is handled by Stripe.

    How We Use Your Information

    Resume Processing

    • • Parse and analyze resume content
    • • Tailor resume to job descriptions
    • • Generate Europass PDF format
    • • Provide compatibility analysis

    AI Processing

    • • Send data to AI providers (OpenAI, DeepSeek, Gemini)
    • • Process job descriptions
    • • Generate tailored content
    • • Analyze compatibility

    Account Management

    • • Authenticate users
    • • Manage token balances
    • • Track payment history
    • • Provide premium features

    Service Improvement

    • • Improve AI accuracy
    • • Fix bugs and errors
    • • Enhance user experience
    • • Ensure service security

    Cookies and Local Storage

    We use cookies and local storage to provide essential functionality and enhance your experience. You can manage your preferences using our cookie consent banner.

    Essential Cookies

    Required for basic site functionality. Always active.

    • • Site session management
    • • Security features

    Functional Cookies

    Enable authentication and user account features. Requires your consent.

    • • Firebase authentication (localStorage)
    • • User session management
    • • Token storage

    Managing Your Cookie Preferences

    When you first visit our website, you'll see a cookie consent banner. You can choose to accept all cookies, accept only selected categories, or decline non-essential cookies. Your preferences are saved and you can change them at any time by clearing your browser's local storage.

    Data Storage and Retention

    Storage Locations

    • Firebase (user accounts, tokens)
    • Fly.io backend (temporary processing)
    • Vercel frontend (session data)
    • Stripe (payment data)

    Data Retention

    • Resume data: Deleted after processing (typically within 24 hours)
    • User accounts: Until account deletion
    • Payment records: As required by law (typically 7 years)
    • Token balances: Until account deletion

    Important: Resume and job description data are processed temporarily and are not permanently stored. We only retain data necessary for account management and legal compliance.

    Data Protection

    Security Measures

    • HTTPS encryption for all data transmission
    • Firebase Authentication for secure login
    • Content Security Policy (CSP) headers
    • Regular security audits and updates
    • Secure password storage (encrypted)

    Third-Party Services

    • Firebase (authentication, storage)
    • Stripe (payment processing)
    • OpenAI, DeepSeek, Gemini (AI processing)
    • Vercel (hosting)
    • Fly.io (backend hosting)

    Third-Party Services

    Firebase

    Handles user authentication and account data storage.

    View Firebase Privacy Policy →

    Stripe

    Processes all payment transactions securely.

    View Stripe Privacy Policy →

    OpenAI

    Provides AI processing for resume tailoring.

    View OpenAI Privacy Policy →

    DeepSeek & Gemini

    Alternative AI providers for resume processing.

    Data sent to these services is processed according to their respective privacy policies.

    Your Rights Under GDPR

    Your Rights

    • Right to access: Request a copy of your personal data
    • Right to rectification: Correct inaccurate data
    • Right to erasure: Request deletion of your data
    • Right to data portability: Receive your data in a structured format
    • Right to object: Object to processing of your data
    • Right to restrict processing: Limit how we use your data

    How to Exercise Your Rights

    To exercise any of these rights, please contact us:

    privacy@dinoc.ro

    We will respond to your request within 30 days as required by GDPR.

    Questions About This Policy?

    If you have any questions about this privacy policy or how we handle your data, please don't hesitate to contact us.

    Email UsBack to Home