Privacy Policy
Last updated: May 2026
1. Introduction
CV Cleaner Pro ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service.
Controller identity (MVP stage): CV Cleaner Pro is a founder-led project that has not yet been incorporated as a legal entity. Until incorporation is complete, requests under this Privacy Policy and the GDPR are handled by the founder via privacy@cv-cleaner.pro. The legal entity, postal address, and (if required) an EU Representative under Article 27 GDPR will be disclosed here before we accept enterprise contracts.
2. Information We Collect
2.1 Account Information
- Email address
- Company name (optional)
- Hashed password
- Branding preferences (logo, company name, colors)
2.2 Uploaded Content
- CV/resume files you upload for processing
- Processed output files
- Processing statistics and injection reports
2.3 Usage Data
- Processing history and patterns
- Browser type and version
- IP address (masked to the /24 subnet in our logs)
3. How We Use Information
- Process and clean CVs as requested
- Maintain and improve our detection algorithms
- Provide customer support
- Send service-related notifications
- Prevent fraud and abuse
- Generate anonymous usage analytics
- Comply with legal obligations
4. Data Storage and Security
4.1 Storage
All data is stored on Cloudflare's global network with encryption at rest and in transit.
4.2 Retention
- Uploaded CVs: deleted after 30 days
- Processing history: retained for 12 months
- Account data: retained until account deletion
4.3 Security Measures
- TLS/SSL encryption for all data transmission
- AES-256 encryption at rest
- Regular security audits
- Strict access controls
5. Data Sharing
We share data only with essential service providers:
- Cloudflare - Workers, D1 database, R2 file storage
- Paddle - Payment processing (handles billing data directly; we never see card numbers)
- OpenRouter - LLM routing proxy used for CV parsing and formatting. We instruct OpenRouter to route only to upstream providers that contractually do not retain or train on prompt content (
data_collection: "deny"). At MVP stage we rely on OpenRouter's enforcement of this setting; counter-signed paperwork is on the roadmap. - Google - Sign-In (OAuth) only
See the full GDPR page for transfer mechanisms and locations.
6. Your Rights
- Access your personal data (Art. 15)
- Correct inaccurate data (Art. 16)
- Request data deletion (Art. 17)
- Export your data in a machine-readable format (Art. 20)
- Restrict processing (Art. 18)
- Object to processing (Art. 21)
Exercise your rights through the Settings page (Export My Data, Delete Account) or by emailing privacy@cv-cleaner.pro. We respond to all subject access requests within 30 calendar days as required by Art. 12(3).
7. Cookies & Analytics
We use essential cookies for authentication and session management. On first visit we ask whether you also consent to optional analytics, which forward aggregated, anonymised pageview events to Google Analytics 4 through Cloudflare Zaraz — a first-party proxy that loads from cv-cleaner.prorather than third-party domains. No advertising cookies, no cross-site tracking, no individual profiling. Analytics stays dormant until you click “Accept all”; choosing “Essential only” means no analytics events are ever sent. You can revoke consent at any time by clearing the cv-cleaner-cookie-consent entry from your browser storage, which re-shows the banner on next visit.
8. Children's Privacy
Our Service is not intended for users under 18. We do not knowingly collect information from minors.
9. Changes to This Policy
We may update this policy periodically. Significant changes will be communicated via email or in-app notification. Continued use constitutes acceptance.
10. Contact
Privacy questions, subject access requests, or breach reports go to privacy@cv-cleaner.pro. At MVP stage we have not formally designated a Data Protection Officer under Article 37 GDPR - the privacy contact above is the founder. A DPO will be appointed if and when our processing meets the Article 37 thresholds or a customer contract requires it. For broader GDPR enquiries see our GDPR page.