MainCV CheckerCV Editor
legal

Privacy Policy.

This policy applies to cvlens.net and all related services. We act as the data controller for the personal data described below.

01Who we are

cvLens is an AI-powered resume analysis and editing service. Our data-controller contact is privacy@cvlens.net. We are committed to handling your information in accordance with applicable data protection law, including the EU GDPR and UK GDPR where those instruments apply to you.

02What information we collect

We collect only what is necessary to provide and improve the service: — Account data: Your email address and display name when you register. You may optionally add a profile photo. — Documents you submit: CVs, cover letters, and job descriptions you upload or paste for analysis. We treat these as sensitive because they often contain personal information. — Analysis results: The structured output generated from your submissions — scores, flags, keyword tables, and improvement suggestions — stored to your account history. — Usage data: Pages visited, features used, session duration, and interactions, collected in aggregate and pseudonymised form. — Technical data: IP address (truncated after processing), browser type, OS, referrer URL, and error logs. Retained for no longer than 90 days. — Communications: Messages you send to our support or inquiry addresses. What we do not collect: We do not collect payment card data. We do not purchase data from third-party brokers.

03Local processing (OCR)

When you upload an image or screenshot of a CV, optical character recognition (OCR) runs entirely in your browser using a WebAssembly-compiled library. The image content is not transmitted to our servers. Only the extracted text — after you choose to submit it — is processed server-side. You can review the extracted text before sending.

04How we use your information

— Service delivery: Creating and maintaining your account, running analyses, storing your history, and enabling exports. — Service improvement: Analysing aggregate usage patterns. We never use individual CVs as training data for AI models without explicit opt-in consent. — Security and fraud prevention: Detecting and preventing unauthorised access, abuse, and misuse of the service. — Legal compliance: Meeting obligations under applicable law and enforcing our Terms of Service. — Communications: Responding to support requests and, where you have opted in, sending product updates.

05Legal bases for processing (GDPR)

— Performance of a contract (Art. 6(1)(b)) — processing account data and submitted documents to provide the service you requested. — Legitimate interests (Art. 6(1)(f)) — aggregate analytics, security monitoring, and fraud prevention. — Legal obligation (Art. 6(1)(c)) — retaining records required by applicable law. — Consent (Art. 6(1)(a)) — non-essential cookies and optional communications. You may withdraw consent at any time.

06Data sharing and third parties

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances: — Infrastructure providers: Cloud hosting and database services. All providers are bound by data processing agreements. — AI processing providers: When you submit an analysis, document text is transmitted to a third-party LLM API. Providers are contractually prohibited from using submitted content to train their models. — Analytics services: A privacy-preserving analytics tool that does not set cross-site tracking cookies. — Legal disclosures: We may disclose data if required by a court order or lawful legal process. — Business transfers: In the event of a merger or acquisition, subject to the same protections described here.

07International data transfers

Where we transfer personal data internationally, we rely on the European Commission's Standard Contractual Clauses, adequacy decisions, or the UK International Data Transfer Agreement. You may request a copy of the applicable safeguards by writing to privacy@cvlens.net.

08Data retention

— Account data — retained until you request deletion or for up to 2 years of inactivity. — Submitted documents and analysis results — retained until you delete them from your account. Deleting an analysis removes the associated CV from active storage within 7 days. — Technical logs — purged after 90 days unless retained for an active security incident. — Support communications — retained for 2 years from the last interaction.

09Your rights

Subject to applicable law, you have the following rights: — Access: Request a copy of the personal data we hold about you. — Rectification: Ask us to correct inaccurate or incomplete data. — Erasure: Request deletion of your personal data. — Restriction: Ask us to pause processing of your data. — Portability: Receive a copy of your data in a machine-readable format (JSON or CSV). — Objection: Object to processing based on legitimate interests. — Withdraw consent: Where processing is based on consent, you may withdraw it at any time. — Lodge a complaint: You have the right to lodge a complaint with your national data protection authority. To exercise any of these rights, write to privacy@cvlens.net. We will respond within 30 days.

10Cookies and tracking

— Strictly necessary: Session authentication tokens and security cookies. These cannot be disabled without breaking core functionality. — Preference: Cookies that remember your language selection and UI theme. — Analytics: A privacy-friendly analytics cookie that counts page views without tracking individuals across sites. We do not use advertising cookies, cross-site tracking pixels, or third-party retargeting technologies.

11Children

The service is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a minor has provided us with data, contact privacy@cvlens.net and we will delete it promptly.

12Security

We implement technical and organisational measures proportionate to the sensitivity of the data we process, including TLS encryption in transit, encryption at rest for document storage, and access controls limiting staff access to personal data. In the event of a data breach likely to cause high risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

13Changes to this policy

When we make material changes, we will notify registered users by email and post an updated version here with a revised effective date. Continued use of the service after the effective date constitutes acceptance of the updated policy.

14Contact us

For any questions about this policy or your personal data, contact privacy@cvlens.net. For general support, use support@cvlens.net. We aim to respond within one business day.