1. Who We Are
CVs Analyzer ("we", "us", "our") is an AI-powered CV tailoring service. This Privacy Policy explains what personal data we collect, why we collect it, and your rights regarding that data.
For privacy enquiries, please submit a support inquiry using the category "GDPR Request".
2. Data We Collect
Account data
- Email address — used for account authentication, password reset, and service notifications.
- Password — stored as a one-way bcrypt hash. We never store your plain-text password.
- Account metadata — registration date, last login, role, token balance, and preferences.
Document data (CV & job descriptions)
- Your CV (extracted text) and the job description you paste are stored temporarily, encrypted with AES-256-GCM, and used solely to perform the requested analysis and CV rewrite.
- This data is automatically and permanently deleted after your configured retention period (default: 1 hour after job completion).
Results data
- Analysis results, ATS scores, the tailored CV PDF, and your name (as extracted from your CV) are stored encrypted and subject to the same retention policy.
Usage & technical data
- API call logs (model used, token counts, timestamps) — retained for billing and abuse prevention.
- Login attempt records — retained for up to 1 hour for brute-force protection.
- Your IP address — used for session binding and security; stored in access logs per standard server policy.
Support data
- Messages you send through the support system are stored until the inquiry is resolved and then retained for a reasonable period for dispute resolution purposes.
3. Legal Basis for Processing
- Contract performance — processing your CV and delivering analysis results is necessary to provide the Service you requested.
- Legitimate interests — security logging, abuse prevention, and service improvement.
- Consent — for Anthropic AI processing specifically (see Section 4). You may withdraw this consent at any time from your Account settings, which will prevent future AI jobs from being submitted.
4. Anthropic AI Processing
To analyse and rewrite your CV, we send the text of your CV and the job description to Anthropic's API (Claude models). This means your document content is transmitted to and processed by Anthropic's servers.
What is sent: extracted CV text and job description text only. No other personal data (email, name, account info) is included in the API request.
Anthropic's data handling: Anthropic does not use API inputs to train their models by default. For full details, see Anthropic's Privacy Policy and their Usage Policy.
Your control: You must actively consent to this processing during registration. You can withdraw your consent at any time under Account > Consent Management. Withdrawing consent means you will no longer be able to submit new AI analysis jobs, but it does not delete data already processed.
5. Data Retention
- CV text, job description, analysis results, PDF files — automatically deleted after your retention period (default 1 hour; visible and adjustable by admins).
- ATS scores and job status — retained in your job history indefinitely unless you delete your account.
- Account data — retained until you delete your account.
- Consent audit trail — retained permanently for legal compliance, but anonymised upon account deletion.
- Support inquiries — deleted upon account deletion.
6. Third Parties
The only third party that receives your document content is Anthropic (see Section 4). We do not sell, rent, or share your personal data with any other third parties for marketing or commercial purposes.
Standard infrastructure providers (hosting, email delivery) process data on our behalf under their own data protection terms, with access limited to what is technically necessary.
7. Security
We apply the following technical measures to protect your data:
- All stored personal data columns (CV text, analysis results, candidate name, PDF files) are encrypted at rest using AES-256-GCM.
- Passwords are hashed using bcrypt and never stored in plain text.
- Sessions are protected with IP binding, HTTP-only and SameSite cookies, and automatic expiry.
- All data in transit is protected by HTTPS.
- Access to admin functions requires a separate admin role and authentication.
8. Your Rights (GDPR)
If you are located in the EEA or UK, you have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate data.
- Right to erasure — delete your account at any time from Account settings; this permanently erases all your personal data.
- Right to data portability — request your data in a machine-readable format.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — withdraw your Anthropic AI processing consent at any time under Account > Consent Management.
To exercise any of these rights, submit a GDPR Request through our support system.
9. Session Cookie
We use a single session cookie (PHPSESSID) to keep you logged in during your visit. This is a strictly necessary cookie — the Service cannot function without it. It is not used for tracking or advertising and is deleted when you close your browser or log out. No consent is required for strictly necessary cookies under applicable law.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.
11. Contact
For any privacy-related questions or to exercise your rights, please submit a support inquiry and select "GDPR Request" as the category.