← Back to Home

Privacy Policy

Last Updated: October 2, 2025

CVtoWebsite ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website and services to transform CV/resume documents into portfolio websites.

This policy complies with:

EU General Data Protection Regulation (GDPR)
UK Data Protection Act 2018 and UK GDPR
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Other applicable US state privacy laws

1. Information We Collect

1.1 Personal Data from CV/Resume Uploads

When you upload your CV or resume (PDF or DOCX format), we collect and process the following personal information:

Contact Information: Name, email address, phone number, physical address
Professional Information: Job titles, employment history, work experience, skills
Educational Information: Schools attended, degrees, certifications, qualifications
Project Information: Project descriptions, technologies used, achievements
Professional Summary: Career objectives, personal statements
Optional Photo: Profile photo (if included in your CV)

1.2 Technical and Usage Data

We automatically collect certain technical information when you visit our website:

IP address and geolocation data
Browser type and version
Device information (operating system, device type)
Pages visited and time spent on our website
Referral source (how you arrived at our website)

1.3 Payment Information

When you subscribe to our services, payment processing is handled by Stripe, Inc. We do not store your full credit card details. Stripe collects:

Payment card information (card number, expiration date, CVV)
Billing address
Email address (for receipts and payment confirmations)

We only store limited payment metadata (last 4 digits of card, transaction ID, subscription status).

2. How We Use Your Information

We process your personal data for the following purposes:

2.1 Service Delivery

Extract structured data from your CV using AI technology (OpenAI API)
Generate professional portfolio websites based on your CV content
Create downloadable HTML/ZIP files containing your portfolio website
Send email notifications with download links and contact details
Manage your subscription and payment processing
Provide customer support and respond to inquiries

2.2 Legal Basis for Processing (GDPR/UK GDPR)

We process your personal data based on:

Consent: By uploading your CV and using our service, you consent to data processing (GDPR Article 6(1)(a))
Contract Performance: Processing necessary to provide our services (GDPR Article 6(1)(b))
Legitimate Interest: Improving our services and fraud prevention (GDPR Article 6(1)(f))

3. AI-Powered CV Processing (OpenAI API)

How We Use OpenAI Technology

We use OpenAI's API (powered by GPT-3.5-turbo) to analyze and extract structured information from your CV/resume. This includes:

Parsing text from PDF and DOCX files
Identifying and extracting personal information, work experience, education, skills, and projects
Structuring unformatted CV data into organized sections

3.1 OpenAI Data Processing

Data Retention: OpenAI may retain API inputs and outputs for up to 30 days for abuse monitoring and safety purposes
Training Opt-Out: Your CV data is NOT used to train or improve OpenAI's AI models
Security: All data transmitted to OpenAI is encrypted in transit (TLS 1.2+) and at rest (AES-256 encryption)
Compliance: We have entered into a Data Processing Agreement (DPA) with OpenAI to ensure GDPR and CCPA compliance

For more information, see OpenAI's Privacy Policy and Enterprise Privacy.

4. Payment Processing via Stripe

All payment transactions are processed securely by Stripe, Inc., a PCI DSS Level 1 certified payment processor.

4.1 What Stripe Collects

Payment card details (card number, expiration date, CVV)
Billing name and address
Email address for receipts
Transaction metadata (amount, date, subscription status)

4.2 Security and Compliance

Stripe uses advanced encryption and fraud detection (Stripe Radar)
We do NOT store your full credit card details on our servers
Payment records are retained by Stripe for up to 7 years to comply with financial regulations

By making a payment, you agree to Stripe's Privacy Policy and Terms of Service.

5. How We Share Your Information

We share your personal data only with trusted third parties necessary to provide our services:

Third Party	Purpose	Data Shared
OpenAI	CV text extraction and analysis	CV content (text only)
Stripe	Payment processing	Billing info, email, transaction amount
Email Service	Sending website download links	Name, email, phone, website URL

We do NOT:

Sell your personal data to third parties
Share your data for marketing purposes
Use your CV data to train AI models (OpenAI policy)
Share your information with advertisers or data brokers

6. Data Retention

We retain your personal data for the following periods:

CV Data: Deleted from our servers 72 hours after website generation (unless you subscribe)
Generated Websites: Active for 72 hours (expiry countdown timer), then expired unless subscription is active
Subscriber Data: Retained while your subscription is active, plus 30 days after cancellation for billing purposes
Payment Records: Retained by Stripe for 7 years (financial compliance)
Email Notifications: Admin notifications archived for 90 days

You may request immediate deletion of your data at any time (see Section 8).

7. Data Security

We implement industry-standard security measures to protect your personal information:

Encryption: AES-256 encryption at rest, TLS 1.2+ encryption in transit
Access Controls: Restricted access to authorized personnel only
Secure File Storage: Uploaded CVs stored temporarily in protected directories
Regular Security Audits: Ongoing monitoring for vulnerabilities
HTTPS Protocol: All website traffic encrypted via SSL/TLS

However, no method of internet transmission or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Privacy Rights

8.1 Rights Under GDPR and UK GDPR (EU/UK Residents)

You have the following rights:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten"): Request deletion of your data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
Right to Lodge a Complaint: File a complaint with your local data protection authority

8.2 Rights Under CCPA/CPRA (California Residents)

California residents have the following rights:

Right to Know: Request disclosure of categories and specific pieces of personal information collected
Right to Delete: Request deletion of your personal information
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out: Opt-out of the "sale" or "sharing" of personal information (we do not sell or share data)
Right to Limit Use of Sensitive Personal Information: Request limits on sensitive data processing
Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment

8.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: admin@cvtowebsite.com

Subject Line: "Privacy Rights Request - [Your Request Type]"

We will respond to your request within:

GDPR/UK GDPR: 1 month (can be extended by 2 months for complex requests)
CCPA: 45 days (can be extended by an additional 45 days with notice)

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside the EU/UK/USA, including:

United States: OpenAI and Stripe are based in the US
Hosting Providers: Our website is hosted on servers that may be located internationally

We ensure adequate protection through:

Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
Data Processing Agreements (DPAs): With OpenAI and Stripe
Privacy Shield Framework: Where applicable

10. Cookies and Tracking Technologies

We use minimal cookies and tracking technologies:

Essential Cookies: Session management, security, and website functionality
Analytics (if any): Understand website usage and improve user experience

We do NOT use third-party advertising cookies or sell your browsing data.

11. Children's Privacy

Our services are not directed to individuals under the age of 16 (or 13 in the US). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately for deletion.

12. Do Not Sell or Share My Personal Information (CCPA)

We do NOT sell or share your personal information for monetary or other valuable consideration.

We do not participate in behavioral advertising, data brokerage, or any form of personal data sales.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Updating the "Last Updated" date at the top of this page
Posting a notice on our homepage
Sending an email notification (for significant changes)

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: admin@cvtowebsite.com

Response Time: We aim to respond within 48 hours

15. Supervisory Authorities

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with:

EU Residents:

Your local Data Protection Authority (DPA). Find your DPA: European Data Protection Board

UK Residents:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113

California Residents:

California Privacy Protection Agency (CPPA)
Website: cppa.ca.gov