CV Genie

Privacy Policy

We respect your privacy and are committed to protecting your personal data in strict compliance with the General Data Protection Regulation (GDPR).

Last Updated: April 2026

This Privacy Policy explains how CVGenie ("we", "us", "our"), operating from Belgium, processes personal data for users worldwide. By using our service, you trust us with your CV and career information. We do not take this lightly.

1. Data Controllership

CVGenie acts as the Data Controller under GDPR. This means we determine the purposes and means of the processing of your personal data. Our primary business operates from Belgium. Users from all jurisdictions are afforded the strict protections required by European Data Protection laws.

2. What Data We Collect

  • Account Information: Name, Email Address, and authentication identifiers.
  • Documents & Career Data: Contents of uploaded CVs, resumes, and generated responses to job descriptions.
  • Payment Information: We do not store your raw credit card data. All payments are securely handled by our sub-processor, Stripe.
  • Usage Metrics: Number of generations, feature usage, and basic application metrics to provide you with plan limits.

3. How We Use and Process Data (AI Integration)

Your CV and job descriptions are processed dynamically to generate career insights. We minimize data footprints wherever possible. When you use our analysis tools, your CV details are transmitted securely via API to our AI Sub-processor (Google Gemini/Genkit).

AI Sub-Processor Promise

Your data is exclusively used to perform the immediate task you requested (e.g., CV Analysis). Your personal data is strictly NOT used to train, retrain, or improve the foundational AI models. We operate on Google Gemini's paid API tier, which contractually guarantees that your inputs and outputs are not used for model training, are not reviewed by human reviewers, and are not retained beyond the immediate API request. Additionally, to protect your privacy, contact details such as your email address and phone number are stripped out and are never sent to the AI.

5. Cookies and Tracking Technologies

We use strictly necessary cookies to keep you logged in securely. We also use functional/analytical cookies (Google Analytics 4) to understand how visitors interact with our website to improve user experience. You can opt-out of Analytics cookies through your browser settings or standard ad-blockers. We do not use advertising or cross-site tracking cookies.

4. Our Sub-Processors

To provide our services globally, we rely on trusted third-party sub-processors who are also held to strict GDPR compliance standard contractual clauses (SCCs) where data exits the EEA:

Firebase (Google LLC): For secure authentication, database storage (Firestore), and hosting.
Stripe, Inc: For secure financial payment processing and subscription management.
Resend, Inc: For sending you transactional emails (like receipts, welcome emails, and account alerts).
Google AI (Gemini): For providing the core Artificial Intelligence processing power.
Google Analytics (GA4): To analyze aggregated, anonymized web traffic and understand how our services are used.

6. Data Retention & Your GDPR Rights

We only retain your personal data for as long as your account is active. You have full control over your data directly from your Dashboard:

Right to Erasure (Art. 17): Clicking "Delete My Account" permanently and synchronously wipes your user_profile and authentication record from our active databases immediately.
Right to Data Portability (Art. 20): You can export a machine-readable JSON copy of your profile data instantly using the "Download My Data" button in your dashboard settings.
Right to Access & Rectify: You can view and update your data directly within the application.

7. Contact Us

If you have any questions regarding your privacy, wish to exercise any of your data rights manually, or have concerns about how we handle your data, please contact our Data Protection Officer:

support@cvgenieapp.com