CVRole
CVRole
Back to home

Privacy Policy

We take your privacy seriously. This policy explains exactly what we collect, why, and how you can control it.

Last updated: March 18, 2026

1. Who We Are

CVRole ("we," "our," or "us") is an AI-powered CV builder platform operated at cvrole.com. We are committed to protecting your personal data and complying with applicable privacy laws including the EU General Data Protection Regulation (GDPR) and Saudi Arabia's Personal Data Protection Law (PDPL).

Contact: privacy@cvrole.com

2. What Data We Collect

2.1 Account Data

  • Name and email address — required to create your account
  • Password — stored as a bcrypt hash (we never store plain-text passwords)
  • Profile photo — optional, stored on Cloudinary CDN
  • Language preference (Arabic or English)

2.2 CV Content Data

  • All CV content you enter: work experience, education, skills, contact information
  • This data is stored encrypted in our PostgreSQL database
  • You own this data entirely — we do not share or sell it

2.3 Usage Data

  • Pages visited, features used, time spent on the platform
  • Device type, browser, and approximate location (country level)
  • This data is anonymized and used only to improve the product

2.4 Payment Data

  • We use Stripe for payment processing — we never store your card details
  • We store: plan type, payment status, and transaction ID only

3. How We Use Your Data

PurposeLegal Basis
Providing the CV builder serviceContract performance
Sending verification emails and OTP codesContract performance
AI-powered CV generation (via Claude API)Contract performance
Processing paymentsContract performance
Sending product updates and newslettersLegitimate interest (opt-out available)
Fraud prevention and securityLegitimate interest
Analytics and product improvementLegitimate interest (anonymized)

4. AI Processing — Important Notice

When you use AI features (CV generation, bullet points, LinkedIn optimizer), your CV content is sent to Anthropic's Claude API for processing. Anthropic processes this data to generate your content and does not store it for training purposes by default. See Anthropic's Privacy Policy for details.

We recommend: Do not include extremely sensitive information (national ID numbers, passport numbers, bank details) in your CV content.

5. Data Storage and Security

  • Data is stored on servers in the European Union (Vercel, Frankfurt region)
  • Database is encrypted at rest using AES-256
  • All data transmission uses TLS 1.3
  • Passwords are hashed using bcrypt (cost factor 10)
  • We conduct regular security reviews

6. Data Sharing

We share your data with these third-party services only as necessary:

  • Anthropic (Claude API) — CV content for AI generation
  • Stripe — Payment processing
  • Resend — Transactional email delivery
  • Cloudinary — Profile photo storage
  • Vercel — Hosting and infrastructure

We never sell your data to advertisers or data brokers.

7. Your Rights

Under GDPR and PDPL, you have the right to:

  • Access — Request a copy of all data we hold about you
  • Rectification — Correct inaccurate data
  • Erasure — Request deletion of your account and all data
  • Portability — Export your CV data in JSON format
  • Objection — Opt out of marketing communications
  • Restriction — Request we limit processing of your data

To exercise any of these rights, email privacy@cvrole.com. We respond within 30 days.

8. Data Retention

  • Active accounts: Data retained while account is active
  • Deleted accounts: Data permanently deleted within 30 days
  • Payment records: Retained for 7 years (legal requirement)
  • Server logs: Retained for 90 days

9. Cookies

We use minimal, essential cookies only:

  • Session cookie — Keeps you logged in (expires on browser close)
  • CSRF token — Security protection

We do not use advertising or tracking cookies.

10. Children's Privacy

CVRole is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us at privacy@cvrole.com.

11. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email. The "Last updated" date at the top of this page will always reflect the most recent version.

12. Contact Us

For any privacy questions or to exercise your rights:
📧 privacy@cvrole.com
📬 Response time: within 2 business days