Legal

Privacy Policy

Last updated: 26 March 2026

We designed CVClinic.io with data minimisation in mind. Your CV is deleted immediately after analysis. No account is required. No data is sold. Read the full details below.

1. Data Controller

The controller of your personal data is CVClinic.io (hereinafter: "we", "CVClinic"). For all data protection matters, you can contact us at: hello@cvclinic.io

2. What data we process and why

CV file — you upload a PDF or DOCX file solely for the purpose of analysis. The file is processed automatically by our AI system and deleted immediately after the analysis is complete (processing time: up to 60 seconds). We do not store copies of your CV on our servers.

Email address (optional) — if you choose to provide an email address, it will be used solely to send you the analysis summary. We do not use it for marketing purposes without your explicit consent and we do not sell it to third parties.

Technical data — when you use the service, we automatically log your IP address, browser type, and visit time for security and statistical purposes (server logs stored for up to 30 days).

3. Legal basis for processing

Processing of the CV file and technical data is based on Art. 6(1)(b) GDPR (performance of a contract/service) and Art. 6(1)(f) GDPR (legitimate interest — system security). Email addresses are processed on the basis of Art. 6(1)(a) GDPR (your consent).

4. Data sharing

Your data is never sold or shared with recruiters, employers, or other commercial entities. We use external infrastructure providers (hosting, AI services) acting as data processors, bound by confidentiality obligations and acting solely on our instructions under appropriate data processing agreements.

5. International data transfers

When using AI service providers, they may process data on servers outside the European Economic Area (e.g. USA). In such cases, we apply appropriate safeguards: Standard Contractual Clauses approved by the European Commission (SCCs) or other appropriate mechanisms.

6. Data security

We apply the following technical and organisational security measures:

✓Encrypted data transmission (TLS/HTTPS)

✓Automatic deletion of the CV file after analysis

✓Restricted access to data processing systems

✓Regular security reviews of infrastructure

7. Your rights (GDPR)

You have the following rights:

✓Right of access — you may request information about processed data

✓Right to erasure ("right to be forgotten") — you may request deletion of your data

✓Right to object — you may object to processing based on legitimate interest

✓Right to data portability

✓Right to restriction of processing

✓Right to lodge a complaint with a supervisory authority

To exercise your rights, contact us at: hello@cvclinic.io

8. Cookies

CVClinic.io uses only strictly necessary cookies (session, security). We do not use tracking or advertising cookies and do not work with ad networks.

9. Changes to this policy

We reserve the right to update this policy. We will notify you of significant changes by posting the new version on this page with an updated date.

10. Contact

For privacy and data protection enquiries: hello@cvclinic.io

← Back to homepage