CVCircle Logo
    Sign InSign Up

    Privacy Policy

    Last updated: May 3, 2026

    Introduction

    At CVCircle ("we," "our," or "us"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered CV creation and job application management platform.

    By using CVCircle, you agree to the collection and use of information in accordance with this policy. This policy complies with GDPR, CCPA, and India's Digital Personal Data Protection Act 2023. If you do not agree with our policies and practices, please do not use our service.

    Information We Collect

    Personal Information

    We collect the following personal data when you use our service:

    • Name, email address, and contact information
    • Professional information (work experience, education, skills, certifications)
    • CV content, cover letters, and job application data stored in our secure database
    • Job application tracking and career journey analytics
    • Payment and billing information (processed securely through Stripe and Razorpay)
    • Authentication data (NextAuth.js session tokens and Firebase authentication)
    • User preferences, settings, and template selections
    • Email verification status and security tokens

    Usage Information

    We automatically collect usage data to improve our service:

    • IP address, device information, and browser type
    • Pages visited, time spent, and features used
    • CV creation, editing, and export activities
    • AI usage patterns and optimization requests
    • Error logs and performance metrics
    • Session data and authentication activity

    Cookies and Tracking Technologies

    We use cookies and similar tracking technologies to enhance your experience. For detailed information about our cookie usage, please see our Cookie Policy.

    How We Use Your Information

    Service Provision

    • Create, manage, and store your CVs and cover letters
    • Provide AI-powered CV optimization and content suggestions
    • Track job applications and provide career analytics
    • Process payments and manage subscriptions (Day Pass, Monthly, Quarterly, Yearly plans)
    • Send email verifications and account notifications

    Improvement & Analytics

    • Improve our platform functionality and user experience
    • Analyze usage patterns and feature adoption
    • Develop new features and AI capabilities
    • Provide customer support and technical assistance
    • Monitor service performance and security

    Information Sharing and Disclosure

    We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

    • Service Providers: We share information with trusted third-party service providers who assist us in operating our platform:
      • Payment Processors: Stripe and Razorpay for secure payment processing
      • Cloud Storage: AWS S3 for secure document storage
      • AI Services: OpenAI for CV optimization and content generation
      • Email Services: Hostinger SMTP for transactional emails
      • Analytics: Google Analytics for usage analysis (with anonymization)
    • Legal Requirements: We may disclose information if required by law, court order, or government regulation, including compliance with India's DPDP Act 2023, GDPR, and CCPA.
    • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.
    • Safety and Security: We may share information to protect the safety and security of our users, platform, or the public, including fraud prevention.

    Data Security and Storage

    We implement industry-standard security measures to protect your personal information:

    • End-to-end encryption of data in transit (HTTPS/TLS) and at rest
    • MongoDB database security with access controls and authentication
    • NextAuth.js and Firebase authentication with secure session management
    • JWT token-based session management with secure cookie settings
    • CSRF protection and secure HTTP headers
    • Regular security audits and vulnerability assessments
    • Secure data centers with physical and digital security measures
    • Regular automated backups and disaster recovery procedures
    • Email verification and multi-factor authentication options

    Important: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to protect your data.

    Your Rights and Choices

    Data Access and Control (GDPR, CCPA, DPDP Act)

    You have the following rights regarding your personal data:

    • Right to Access: Request a copy of all personal data we hold about you
    • Right to Correction: Update or correct inaccurate personal information
    • Right to Deletion: Request deletion of your account and associated data ("Right to be Forgotten" under GDPR)
    • Right to Data Portability: Export your data in a machine-readable format (JSON, PDF)
    • Right to Opt-Out: Opt-out of marketing communications and non-essential data processing
    • Right to Object: Object to processing of your data for certain purposes
    • Right to Restrict Processing: Request limitation of data processing in certain circumstances

    Data Retention

    • We retain your data as long as your account is active and for 30 days after account deletion
    • Some information may be retained for legal compliance (tax records, payment history) for up to 7 years
    • CV and cover letter data is deleted within 30 days of account deletion request
    • You can request immediate data deletion by contacting privacy@cvcircle.io

    How to Exercise Your Rights

    To exercise any of these rights, please contact us at privacy@cvcircle.io with:

    • Your account email address
    • Specific request (access, deletion, correction, etc.)
    • Verification of your identity (for security purposes)

    We will respond to all requests within 30 days as required by GDPR and DPDP Act.

    AI Services and Third-Party Integrations

    OpenAI Integration

    We use OpenAI's API to provide AI-powered CV optimization, content generation, and ATS analysis. When you use these features:

    • Your CV content is sent to OpenAI for analysis and optimization
    • OpenAI processes data according to their privacy policy and data processing terms
    • We do not store your CV content on OpenAI's servers permanently
    • You can opt-out of AI features and use manual editing if preferred
    • AI-generated content should be reviewed before use in job applications

    Payment Processors

    We use secure payment processors for subscription management:

    • Stripe: For international payments (handles card data securely, PCI-DSS compliant)
    • Razorpay: For Indian payments (handles UPI, cards, netbanking securely)
    • Payment information is processed directly by these providers - we do not store full card details
    • Billing information is stored securely for invoice generation

    Cloud Storage (AWS S3)

    Your CV documents and exported files are stored securely on AWS S3:

    • Files are encrypted at rest and in transit
    • Access is restricted to authenticated users only
    • Files are automatically deleted when you delete your account

    International Data Transfers

    Your information may be transferred to and processed in countries other than your own (including India, United States, and European Union). We ensure that such transfers comply with applicable data protection laws (GDPR, CCPA, DPDP Act) and implement appropriate safeguards, including:

    • Standard Contractual Clauses (SCCs) for GDPR compliance
    • Data Processing Agreements (DPAs) with all third-party processors
    • Encryption and security measures during transfer

    Children's Privacy

    Our service is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@cvcircle.io and we will delete such information.

    Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will notify you of any material changes by:

    • Posting the new Privacy Policy on this page with an updated "Last updated" date
    • Sending an email notification to registered users for significant changes
    • Displaying a notice on our platform for 30 days after changes

    Your continued use of our service after any changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you may delete your account.

    Contact Us

    If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about our data practices, please contact us:

    Email: privacy@cvcircle.io

    Subject Line: Privacy Policy Inquiry / Data Rights Request

    Response Time: We aim to respond to all privacy-related inquiries within 48 hours and process data rights requests within 30 days as required by law.

    Data Protection Officer: For GDPR-related inquiries, contact privacy@cvcircle.io

    Note: For more information about our data practices, please also review our Terms of Service and Cookie Policy.