At CV Bright (“we”, “our”, “us”), your privacy is of utmost importance. This Privacy Policy explains how we collect, use, share, and safeguard your personal data when you use our website (cvbright.com) and our connected services including resume feedback, cover letter generation, job tracking, and AI analytics tools. This document complies with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable laws.
1. Information We Collect
We collect both personal and non-personal information to deliver our services efficiently and securely.
Account Information: Email address, password (encrypted), authentication tokens, and user preferences.
Resume and Career Data: Uploaded resumes, job titles, career summaries, AI feedback, and generated content.
Usage Information: Log files, IP address, browser type, session duration, actions taken on the platform, and referral sources.
Payment Data: Processed securely via Stripe; we do not store your full card details.
Communication Data: Support emails, form submissions, and feedback messages.
Device Data: Device model, operating system, timezone, and approximate geolocation.
2. How We Use Your Data
To authenticate users and maintain secure logins.
To process and analyze resumes and related documents using AI models.
To generate and display resume feedback, summaries, and improvement suggestions.
To maintain job tracking and resume history functionality for premium and pro users.
To provide technical support, respond to inquiries, and communicate updates.
To improve the accuracy and quality of AI feedback and enhance the user experience.
To manage billing, detect fraud, and enforce subscription terms.
To comply with legal obligations and maintain audit trails for payments or data access.
3. Legal Basis for Processing (Under GDPR)
We process your personal data under one or more of the following lawful bases:
Consent: When you upload a resume, enable AI feedback, or subscribe to a plan.
Contractual Necessity: To deliver paid services and maintain your account.
Legal Obligation: To comply with applicable tax, financial, and security laws.
Legitimate Interest: For analytics, product improvement, and fraud prevention.
4. How Long We Keep Your Data
Your personal information is retained only as long as necessary to fulfill the purposes outlined in this policy or as required by law. For example:
Account data is retained while your account is active.
Resume submissions and feedback are stored until you delete them or request removal.
Transaction data is retained for up to 7 years for accounting and legal compliance.
5. How We Protect Your Data
Security is central to CV Bright’s infrastructure. We implement technical and organizational measures such as:
Encrypted connections (HTTPS and TLS 1.2+).
Data encryption at rest within Firebase and Firestore.
Access control using Firebase Authentication and role-based permissions.
Regular security audits, vulnerability scanning, and staff access monitoring.
6. Data Sharing & Processors
We do not sell your personal data. However, we may share limited information with trusted third parties that help us deliver our services:
OpenAI API: Used for generating resume feedback and suggestions.
Stripe: Used for payment processing and subscription management.
Google Cloud Platform: Hosts our Firestore database and secure backend systems.
Zoho Mail: Handles transactional and support emails.
Analytics Services: Used to monitor platform performance and improve UX (anonymous only).
7. Cookies & Tracking
We use cookies and local storage to remember login sessions, preferences, and analytics data. You can manage cookie preferences through your browser settings.
Essential Cookies: Required for authentication and security.
Performance Cookies: Help us improve site reliability and speed.
Analytics Cookies: Used to understand user behavior in aggregate.
8. AI and Automated Decision-Making
CV Bright uses artificial intelligence (AI) to generate resume feedback, cover letters, and summaries. These tools are designed to assist users and do not make binding or automated employment decisions. You always retain full control over how AI-generated content is used.
9. International Data Transfers
CV Bright operates globally. Data may be stored or processed outside your country of residence, including in the United States and the European Union. All transfers comply with the EU Standard Contractual Clauses (SCCs) and applicable data protection laws.
10. Your Rights
Depending on your location, you have the following rights:
Right to Access: Request a copy of your personal data.
Right to Rectification: Correct inaccurate or incomplete data.
Right to Erasure (“Right to be Forgotten”): Request deletion of your account and associated data.
Right to Restrict Processing: Limit certain uses of your data.
Right to Data Portability: Request your data in a structured format.
Right to Object: Withdraw consent for data processing or marketing.
To exercise your rights, contact us at support@cvbright.com. We will respond within 30 days.
11. Third-Party Links
Our website may contain links to external websites or platforms. We are not responsible for the privacy practices or content of those third-party sites. Please review their respective privacy policies before sharing any information.
12. Data Breach Notification
In the unlikely event of a data breach, we will notify affected users and regulatory authorities in accordance with GDPR Articles 33 and 34 within 72 hours of discovery.
13. Updates to This Policy
We may update this Privacy Policy periodically to reflect legal requirements, changes to our services, or security practices. The most recent version will always be available on this page with the effective date clearly indicated.
14. Contact Us
If you have any questions, complaints, or requests regarding this Privacy Policy or your personal data, please contact:
