Privacy Policy

1. Introduction

CV Lab ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our service at CV Lab.com (the "Service").

Controller Information:

If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Email address
  • Password (encrypted and hashed - we never see your actual password)
  • Authentication method (email/password or Google OAuth)

Content You Upload:

When you use CV Lab, you may upload CV content and paste job descriptions so we can generate tailored documents.

Important: We do not store your uploaded CV content or job descriptions in your account. This content is processed to generate your output and then deleted, except for temporary technical handling required to provide the Service.

Payment Information:

  • Payments are processed by Stripe (our payment processor)
  • We store only: Stripe customer ID, subscription status, and payment status
  • We never see or store your full card details

2.2 Information Collected Automatically

Usage Data:

  • Features you use
  • Credits consumed
  • Documents generated
  • Access times

Technical Data:

  • IP address
  • Browser type
  • Device info
  • Operating system

Authentication:

  • Login timestamps
  • Session info
  • Security-related logs

2.3 Information from Third Parties

Google OAuth (if you sign in with Google):

  • Google account email address
  • Google account ID
  • Basic profile info (only if you grant it)

3. How We Use Your Information

3.1 To Provide the Service

  • Create and manage your account
  • Authenticate your identity
  • Generate tailored CVs and cover letters
  • Track credits/subscription access
  • Provide customer support

3.2 To Process Payments

  • Manage subscriptions via Stripe
  • Process billing and payments
  • Prevent payment fraud

3.3 To Improve the Service

  • Identify and fix bugs
  • Maintain and improve reliability and security
  • Develop new functionality

3.4 To Communicate With You

  • Send verification and password reset emails
  • Send transactional emails (billing/receipts)
  • Respond to support requests
  • Send important service notices

We do not send marketing emails unless you explicitly opt in.

3.5 To Ensure Security and Prevent Abuse

  • Detect and prevent fraudulent activity
  • Prevent abuse of free credits
  • Monitor for unauthorized access
  • Enforce our Terms of Service
  • Comply with legal obligations

4. Legal Basis for Processing (UK GDPR)

We process personal data under the following legal bases:

Contractual Necessity

To provide the Service you request (account access, document generation, billing).

Legitimate Interests

To secure the Service, prevent fraud/abuse, and improve reliability.

Legal Obligations

To comply with legal requirements (e.g., financial/tax records and fraud prevention).

Consent

Only where required (e.g., if you opt in to optional marketing).

5. AI Processing (OpenAI)

We use OpenAI’s GPT models to generate tailored documents. To provide this feature, relevant input you submit (such as CV text and job descriptions) may be sent to OpenAI for processing.

We do not use your uploaded CV data or job descriptions to train our models.

6. Sharing Your Information

We share personal data only with service providers required to operate CV Lab, including:

  • Supabase (account authentication and database)
  • Stripe (payments and subscriptions)
  • OpenAI (AI document generation)

We may also disclose information if required by law, to enforce our Terms, or to protect CV Lab and users from fraud or security threats.

7. International Data Transfers

Some of our service providers may process data outside the UK. Where international transfers occur, we take steps to ensure appropriate safeguards are in place as required by UK GDPR.

8. Data Retention

CV and job description content: Not stored in your account. Processed to generate outputs and then deleted, except for temporary technical handling.

Account data: Stored while your account is active. You can request deletion by emailing cvlabhelp@gmail.com.

Billing records: We may retain certain billing and transaction records for up to 6 years where required for legal/tax purposes.

9. Your Rights

Depending on your location, you may have rights to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your account data
  • Object to certain processing
  • Request restriction of processing
  • Request data portability (where applicable)

To exercise your rights, email cvlabhelp@gmail.com.

10. Security

We use reasonable technical and organizational measures to protect your data, including secure authentication and access controls. However, no method of transmission or storage is 100% secure.

11. Cookies

We use only essential cookies or similar technologies necessary for authentication and core site functionality (such as keeping you logged in). We do not use advertising cookies.

12. Children

CV Lab is not intended for users under 18. We do not knowingly collect personal data from anyone under 18.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version on this page.

14. Contact Information

For questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact:

CV Lab

Email: cvlabhelp@gmail.comLocation: United KingdomResponse Time: Within 5 business days

For UK Users:

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

By using CV Lab, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.