Log in

Privacy Policy

How CVSmith collects, uses, shares, and protects information when you use our website and services.

Effective Date: January 1, 2026

This Privacy Policy explains how CVSmith.app ("CVSmith", "we", "us", "our") collects, uses, shares, and protects information when you use our website and services (the "Service").

Operator: The Service is operated by Mikhail Drozd (sole proprietor) ("Operator", "we", "us", "our").

Support: support@cvsmith.app
Privacy: privacy@cvsmith.app

By using the Service, you acknowledge the practices described in this Privacy Policy.

1) Information we collect

1.1 Account information

  • Email address
  • Account identifiers (user ID)
  • Authentication/session metadata needed to keep you signed in

1.2 Content you upload or submit ("User Content")

  • Resume/CV files (e.g., PDF/DOC/DOCX) and/or extracted resume text
  • Job descriptions, notes, and other text you provide
  • Generated outputs (scores, suggestions, drafts, and related results)

Your resume/job description may include personal data. You control what you upload.

1.3 Payment and subscription information (Stripe)

Payments are processed by Stripe. We typically receive:

  • Subscription status (active/canceled), plan type, payment status
  • Transaction IDs and billing events
  • We do not receive your full payment card number (Stripe handles it).

1.4 Usage and device information

We may collect:

  • Feature usage (e.g., pages/screens viewed, events like "upload", "analyze", "export")
  • Approximate device/browser info and timestamps
  • IP address may be processed for security and fraud prevention and may be collected by certain service providers depending on configuration

1.5 Cookies and similar technologies

We use cookies and similar technologies for:

  • essential functionality (security, sessions, payment flows)
  • analytics (only where enabled/allowed -- see Section 9)

2) How we use information

We use information to:

  • Provide, operate, and maintain the Service
  • Process billing and manage subscriptions via Stripe
  • Generate results and outputs based on your inputs
  • Secure the Service, prevent fraud/abuse, and troubleshoot issues
  • Improve performance and features (aggregated analytics, debugging)
  • Communicate with you (support, service announcements; marketing only where permitted)
  • Comply with legal obligations and enforce our Terms

3) How we share information

We do not sell your personal information.

We may share information with:

3.1 Service providers ("processors")

Vendors that help run the Service, such as:

  • Payment processing: Stripe
  • Analytics: PostHog; Vercel Web Analytics
  • Hosting/storage/infrastructure: cloud providers
  • AI processing providers: third-party providers that process prompts/content to generate outputs
  • Support/communications: email/support tooling providers

They may process information only to provide services to us, subject to contractual and technical safeguards.

3.2 Legal, compliance, and safety

We may disclose information if reasonably necessary to:

  • comply with law or lawful requests
  • protect users, the Service, and our rights
  • investigate fraud, abuse, or security incidents

3.3 Business transfers

If we are involved in a merger, acquisition, financing, or asset sale, information may be transferred as part of that transaction, subject to appropriate protections.

4) AI and automated processing

Some features use automated processing (including machine-learning/AI systems) to analyze your inputs and generate outputs.

What may be processed: your resume/CV, job description, and instructions you provide.

Purpose: to provide the Service (analysis, matching, drafting, suggestions).

Human review: outputs are not guaranteed to be accurate; you should review before using them. We do not make employment decisions for you.

5) International transfers

We may process and store information in countries other than where you live, including where our providers operate. Where required, we use appropriate safeguards for cross-border transfers.

6) Data retention and deletion

We keep information only as long as necessary for the purposes described in this Policy:

  • Account data: for as long as your account is active, plus a reasonable period for security/compliance/support
  • User Content (files/text/outputs): until you delete it (where available) or delete your account, subject to Section 6.3
  • Payments/records: as needed for accounting, tax, and legal compliance

6.3 Backups and logs

Deleted content may persist for a limited time in backups and security logs before being overwritten.

To request deletion or exercise rights, contact privacy@cvsmith.app.

7) Security

We use reasonable administrative, technical, and organizational measures to protect information. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8) Your rights and choices

Depending on your location, you may have rights to:

  • access information we hold about you
  • correct inaccurate data
  • delete data
  • object to or restrict certain processing
  • request portability (where applicable)

To exercise rights, email privacy@cvsmith.app. We may need to verify your identity.

9) Cookies and tracking technologies (included in this Privacy Policy)

9.1 What are cookies?

Cookies are small text files stored on your device. We may also use similar technologies like local storage and pixels.

9.2 Categories we use

  • Strictly Necessary (always on): required for core functionality, security, and payments
  • Analytics (optional): helps us understand usage and improve the Service

9.3 Analytics consent (important)

Where required, we only enable analytics cookies after you provide consent via our cookie banner/settings (opt-in). This is a common approach for tools like PostHog.

9.4 Cookies and technologies used by CVSmith (examples)

Cookie names and lifetimes can change as vendors update their systems. This table reflects typical cookies/technologies used in our current setup.

Provider / TechCategoryExample identifiersTypical lifetimePurpose
CVSmith (first-party)Strictly NecessarySession/auth cookiesSession / short-livedSign-in, security, preferences
StripeStrictly Necessary__stripe_mid (~1 year),
__stripe_sid (~30 minutes)		VariesFraud prevention and payment security during checkout
PostHogAnalytics (opt-in where required)ph_<project_api_key>_posthog~365 daysProduct analytics to understand usage and improve the Service
Vercel Web AnalyticsAnalyticsCookieless (short-lived request-based hash)~24 hoursPrivacy-friendly traffic/usage measurement without cookies

9.5 Managing cookies

You can control cookies through:

  • our cookie banner / cookie settings link (where available)
  • your browser settings (block/delete cookies)

Blocking strictly necessary cookies may cause parts of the Service (sign-in, checkout) to stop working.

10) Additional notices for certain regions

10.1 California (CCPA/CPRA)

Categories collected: identifiers (email/account IDs), commercial information (subscription metadata), internet/activity info (usage events), and User Content you submit (resume/job description text/files). Purposes: operate the Service, provide outputs, billing, security/fraud prevention, analytics (where enabled), compliance.

Sale / share: We do not sell personal information. We do not share personal information for cross-context behavioral advertising unless explicitly stated and enabled.

To exercise rights (access/delete/correct), email privacy@cvsmith.app.

10.2 Canada

We aim to obtain meaningful consent and limit collection to what is appropriate for the purposes described in this Policy. Contact privacy@cvsmith.app for access/correction/deletion requests.

10.3 Brazil and other jurisdictions

We will process personal data and respond to requests in accordance with applicable local laws.

10.4 EEA/UK (short notice)

If you are in the EEA/UK, you may have GDPR rights (access, rectification, erasure, restriction, portability, objection). Our typical legal bases include: performance of a contract (providing the Service), legitimate interests (security/improvement), and consent (where required, e.g., certain analytics).

11) Children's privacy

The Service is not intended for children under 18, and we do not knowingly collect personal information from children.

12) Changes to this Privacy Policy

We may update this Policy from time to time. We will post the updated version and update the Effective Date. Continued use of the Service after changes take effect means you accept the updated Policy.

13) Contact

Privacy: privacy@cvsmith.app
Support: support@cvsmith.app

For related terms, see our Terms of Service and Refund Policy.