Privacy Policy

Last Updated: 18 May 2025

1. Introduction

Welcome to CVGen! CVGen ("we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (cvgen.co.uk or other domains operated by us) and our AI-powered CV and cover letter generation services (collectively, the "Service").

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

We are the data controller for the personal data collected through the Service.

Our contact details for data protection purposes are:
CVGen
[Your Trading Address - Please Provide]
Data Protection Contact Email: privacy@cvgen.co.uk
ICO Registration Number (if applicable): [Your ICO Registration Number - Please Provide]

2. What Information We Collect

We may collect and process the following types of personal data about you:

Information You Provide Directly:

CV and Cover Letter Input Data: When you use our Service, you provide personal information to be included in your CV and cover letter. This can include your name, contact details (email, phone number, address), employment history, education, skills, qualifications, career objectives, and any other information you choose to include ("Input Data").
Email Address: We collect your email address to deliver your Generated Content and for communication regarding your Transaction (e.g., payment confirmation, re-request link).
Target Job Information: Details about the job you are applying for, such as job title, industry, or a job description, if you provide it.
Communication Data: If you contact us for support or other inquiries, we will collect your name, email address, and the content of your communication.

Information We Collect Automatically:

Transaction Data: We collect information related to your purchase, such as the Fee paid, date of Transaction, and a unique transaction reference ID. Payment card details are processed directly by our payment processor (Stripe) and we do not store your full card numbers.
Usage Data & Analytics (Aggregated/Anonymised): We may collect information about how you access and use the Service, such as your IP address (which may be anonymised), browser type, operating system, referring URLs, pages viewed, and dates/times of access. This data is primarily used in an aggregated or anonymised form for service improvement, security monitoring, and analytics. We strive to minimise collection of directly identifiable usage data.
Cookies: Our website uses essential session cookies to enable core functionality (e.g., maintaining your progress through the generation form, managing your transaction prior to payment). We currently do not use non-essential cookies for analytics or marketing tracking that would require a separate consent banner beyond acknowledging our policies. For more details, see Section 6 (Cookies & Tracking).

3. Legal Bases for Processing Your Data

We process your personal data based on the following legal grounds under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018:

Performance of a Contract: Processing your Input Data (including personal details for CVs/cover letters) and email address is necessary to provide the Service you have requested, i.e., to generate and deliver your documents and process your payment.
Legitimate Interests:
- We process some data (e.g., aggregated usage data, security logs) for our legitimate interests in maintaining and improving the Service, ensuring its security, preventing fraud, and for business analytics.
- Communicating with you regarding your transaction or important service updates.
Consent: If we intend to use your personal data for marketing communications, we will ask for your explicit opt-in consent beforehand. You can withdraw this consent at any time.
Compliance with a Legal Obligation: We may process your data if required to do so by law (e.g., for tax purposes or in response to a lawful request from authorities).

4. How We Use Your Information

We use the information we collect for the following purposes:

To Provide and Manage the Service:

To receive and process your Input Data.
To generate your CV and cover letter using our AI tools.
To process your payment through our third-party payment processor.
To deliver the Generated Content to your email address and/or provide a download link.
To allow you to re-request your documents within the 7-day retention period using your email and reference ID.

To Communicate With You:

To send you transactional emails (e.g., payment confirmation, document delivery, re-request information).
To respond to your customer service requests and inquiries.

To Improve Our Service:

To understand how Users interact with our Service (primarily through aggregated or anonymised data).
To monitor and analyze usage and trends to improve the AI models (Input Data is used by OpenAI to generate documents for you; refer to OpenAI's policies for how they handle data. We do not use your specific Input Data to train our own separate AI models without explicit consent).
To enhance the functionality, security, and user experience of our Service.

For Legal and Security Purposes:

To prevent fraud and abuse.
To enforce our Terms and Conditions.
To comply with applicable legal obligations.

Marketing (with your consent):

If you opt-in, we may use your email address to send you promotional information about new features, special offers, or other information we think you may find interesting. You can unsubscribe at any time.

5. Disclosure of Your Information

We do not sell, trade, or rent your personal data to third parties for their marketing purposes. We may share your information with the following categories of third parties only in the ways that are described in this Privacy Policy:

AI Service Provider (OpenAI): Your Input Data is sent to OpenAI's API to generate the CVs and cover letters. OpenAI processes this data according to their own privacy policies and terms. We encourage you to review OpenAI's policies.
Payment Processor (Stripe): When you make a payment, your payment information is provided directly to Stripe. Stripe's use of your personal information is governed by their privacy policy. We only receive transaction confirmation and necessary metadata from Stripe.
Email Delivery Services (e.g., SendGrid, or internal SMTP): To send transactional emails and deliver your documents. These providers process your email address and email content on our behalf.
Hosting Provider ([Specify Your Hosting Provider and its location, e.g., AWS based in UK/EEA] - Please Provide): Our website and database are hosted by [Specify Provider - Please Provide]. This provider may have access to data stored on their servers as part of their hosting services. We select providers that offer strong security and data protection commitments.
Legal Requirements: If required by law, such as to comply with a subpoena, or similar legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal data.

6. Cookies and Tracking Technologies

Our Service uses essential session cookies which are necessary for the website to function properly. These cookies allow you to navigate the site and use its features, such as progressing through the document generation form and managing your transaction data before payment. These cookies are typically deleted when you close your browser.

Currently, we do not use non-essential cookies (e.g., for persistent analytics tracking or targeted advertising) that would require a separate cookie consent banner. If we introduce such cookies in the future, we will update this policy and implement appropriate consent mechanisms.

You can usually instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our Service effectively.

7. Data Retention

We retain your Input Data and the Generated Content associated with your Transaction for 7 days from the date of purchase. This allows you to re-request your documents during this period if needed. After 7 days, this specific personal data and the generated documents are automatically and permanently deleted from our active systems.

We may retain anonymised or aggregated data for longer periods for analytical purposes. Transactional data related to payments may be kept for longer periods as required by financial and tax laws.

8. Your Data Protection Rights

Under UK data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. (Note: As data is automatically deleted after 7 days, this right is primarily applicable within that window).
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances (e.g., for direct marketing).
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Your right to withdraw consent - Where we are relying on consent to process your personal data (e.g., for marketing), you may withdraw your consent at any time.

To exercise any of these rights, please contact us at privacy@cvgen.co.uk. We will respond to your request within one month. You are not required to pay any charge for exercising your rights.

9. Data Security

We are committed to ensuring that your information is secure. We have implemented suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online. This includes encryption of data where appropriate (e.g., HTTPS for website traffic) and access controls to our systems.

However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

10. International Data Transfers

OpenAI: When we send your Input Data to OpenAI for processing, it may be transferred outside the UK and EEA. OpenAI has its own data transfer mechanisms and policies, which you should review. We rely on OpenAI's commitments to legally transfer data.
Stripe: Stripe may transfer payment data internationally according to its own policies and data transfer mechanisms.
Other Processors (Hosting, Email): We endeavor to use third-party processors (like our hosting provider [Specify Your Hosting Provider, e.g., AWS] - Please Provide and email services) that store and process data within the UK or EEA, or in countries deemed adequate by the UK, or under Standard Contractual Clauses (SCCs) or the UK's International Data Transfer Agreement (IDTA) where necessary. For example, if using AWS, we would aim to use UK/EEA regions.

If you require more information about international transfers for specific processors, please contact us.

11. Children's Privacy

Our Service is not intended for use by children under the age of 16 without parental consent. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers. If you believe that we might have any information from or about a child under 16, please contact us at privacy@cvgen.co.uk.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. If the changes are significant, we may provide a more prominent notice (such as by email if you have recently used our service and we have your email for such communications).

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13. Contact Us & Complaints

If you have any questions or concerns about this Privacy Policy or our data protection practices, or if you wish to exercise your rights, please contact us at:

CVGen
[Your Trading Address - Please Provide]
Data Protection Contact Email: privacy@cvgen.co.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). Their contact details are:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk