Skip to main content
H
CVHive.
Legal

Privacy Policy

Last updated: May 31, 2026

1. Introduction

CVHive ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered resume building platform.

CVHive is operated by the CVHive project. You can reach the data controller at [email protected].

2. Information We Collect

Account Information

When you create an account through OAuth providers, we collect:

  • Name and email address
  • Profile picture (from Google or GitHub)
  • OAuth provider identifier

Resume Content

Information you provide when building resumes, including:

  • Professional experience and education history
  • Skills, certifications, and achievements
  • Contact details you choose to include
  • Any other content you add to your resume sections

Usage Data

We automatically collect limited, aggregated information about how you interact with the service, such as pages visited, features used, and AI actions performed, primarily through our own server-side logs. We do not currently use a third-party web-analytics product for this, and this operational data is not used to identify you personally.

3. How We Use Your Information

  • To provide, maintain, and improve our resume building service
  • To power AI features (content generation, rewriting, hireability score)
  • To process payments and manage subscriptions
  • To communicate with you about your account and service updates
  • To ensure security and prevent fraud
  • To analyze usage patterns and improve user experience

4. Third-Party Services

We integrate with the following third-party services:

  • Google & GitHub (Authentication): Used for secure sign-in. We receive basic profile information from these providers.
  • OpenAI (AI Features): Resume content may be sent to OpenAI's API for AI-powered features like content generation and hireability score. OpenAI does not use this data to train their models.
  • Stripe (Payments): Payment processing is handled by Stripe. We do not store your full credit card details on our servers.
  • Neon (Database): Your data is stored securely in a Neon PostgreSQL database with encryption at rest.
  • Resend (Email): Transactional emails (welcome, subscription notifications, payment alerts) are delivered through Resend. They receive your email address and the message contents.
  • Cloudflare (content delivery & security): Our site is served and protected through Cloudflare, which proxies requests and processes connection metadata (such as IP address and user agent) at the network edge to deliver, cache, and secure the service. It does not build cross-site advertising profiles of you. Cloudflare's privacy policy: cloudflare.com/privacypolicy.
  • Cloudflare Turnstile (bot check): Used on contact form, newsletter signup, Score, Glow Up, and Dating CV generation to verify that submissions come from humans. Collects browser behavioral signals. Cloudflare's privacy policy: cloudflare.com/privacypolicy.

5. Data Retention & Deletion

We retain your data for as long as your account is active. You may request deletion of your data at any time by contacting us or through your account settings.

Accounts with no sign-in activity for 24 months are queued for automated deletion after a 30-day notice email to the address on file.

Upon account deletion, we will remove your personal data and resume content within 30 days. Some anonymized, aggregated data may be retained for analytics purposes.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Export your resume data in PDF format
  • Withdraw consent for data processing
  • Lodge a complaint with a data protection authority

7. Cookies & Analytics

We use essential cookies to maintain your session and authentication state. Session cookies are deleted when you sign out.

Beyond essential session cookies, we do not currently run a third-party web-analytics product. We rely on our own server-side logs and our CDN provider's aggregate traffic metrics to understand usage and keep the product fast. Paid-advertising measurement tools are described in the next section and only activate after you accept the cookie banner.

8. Advertising & Analytics

We use the following third-party tools to measure how our website performs and to attribute paid-ad spend to results. Tracking only activates after you accept the cookie banner.

  • Meta Pixel + Conversions API.Records page views and conversion events (Lead, signup, subscription). We send hashed (SHA-256) email addresses for paid-conversion attribution. Meta's privacy policy: facebook.com/policy.php.
  • Google Ads Conversion Tracking.Records conversion events with optional hashed email for Enhanced Conversions. Google's privacy policy: policies.google.com/privacy.
  • Sentry. Captures application errors so we can fix them. Stores a hashed user ID, the URL where the error occurred, and the stack trace. No PII besides what may appear incidentally in error context.

Your rights. You can opt out of personalised advertising by visiting Meta's off-Facebook activity settings and Google's My Ad Center. You can also reject all tracking via the cookie banner at the bottom of any page on our site.

For GDPR / CCPA data subject access or deletion requests, email [email protected].

9. Security

We implement industry-standard security measures including encrypted data transmission (TLS), encrypted data at rest, OAuth 2.0 authentication, and regular security audits. However, no method of electronic transmission or storage is 100% secure.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at: [email protected]