Privacy Policy

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Timothy Peter Todd
Friedrich Ebert Ring 31
97072 Würzburg, Germany
Email: hello@cvlink.app

We collect the minimum data necessary to provide the service:

• CV / PDF file — uploaded by you to generate your portfolio page. Processed by our AI parsing service (Anthropic Claude) and stored temporarily in your session. Deleted when the session expires (24 hours) unless a page has been deployed.
• Parsed CV data — the structured data extracted from your CV (name, experience, skills, etc.) stored in our database and used to render your portfolio page.
• Email address — collected during payment (via Stripe) for purchase confirmation and receipt. Not used for marketing without explicit consent.
• Payment information — processed exclusively by Stripe. We do not store card numbers or full payment details.
• Contact form submissions — name, email address, and message submitted via our contact form. Used solely to respond to your enquiry.
• Usage data — anonymised analytics (page views, funnel steps) collected via Google Analytics 4, only after your explicit consent via the cookie banner.
• Technical data — IP address, browser type, and timestamps, automatically collected by our hosting provider (Vercel) for security and diagnostics. Retained for up to 30 days.

• Art. 6(1)(b) — processing is necessary to perform the service contract (CV parsing, portfolio generation, deployment).
• Art. 6(1)(c) — processing is necessary to comply with legal obligations (invoicing, tax records).
• Art. 6(1)(a) — your explicit consent, where required (analytics cookies).
• Art. 6(1)(f) — legitimate interests, for fraud prevention and security.

We use the following third-party processors, all bound by GDPR data processing agreements (DPAs) where applicable:

• Supabase (database and file storage) — session data, parsed CV data, orders, and deployments stored in the EU. Privacy policy
• Anthropic (AI parsing) — your CV PDF is sent to Anthropic's Claude API for data extraction. Anthropic does not use API data for model training. Privacy policy
• Stripe (payment) — handles all payment data. We receive only a payment confirmation and customer email. Privacy policy
• Vercel (hosting) — server logs may contain IP addresses. Privacy policy
• Resend (email) — used to send contact form replies. Privacy policy
• Google Analytics 4 (analytics) — loaded only after your explicit consent. Anonymised usage data transmitted to Google. Withdraw consent at any time via cookie settings. Privacy policy

• Session data (including uploaded CV): 24 hours, unless a deployment exists.
• Deployed portfolio data: retained for as long as the deployment is active.
• Order and payment records: 10 years (statutory requirement under German tax law).
• Contact form messages: 90 days, then deleted.
• Server logs: up to 30 days.

We use only technically necessary cookies required for the service to function (session identifiers). Analytics cookies (Google Analytics) are only set after your explicit consent via our cookie banner. You can withdraw consent at any time by clicking "Cookie Settings" in the footer.

As a data subject you have the right to:

• Access — request a copy of your personal data (Art. 15)
• Rectification — correct inaccurate data (Art. 16)
• Erasure — request deletion ("right to be forgotten", Art. 17)
• Restriction — restrict processing in certain circumstances (Art. 18)
• Portability — receive your data in a machine-readable format (Art. 20)
• Objection — object to processing based on legitimate interests (Art. 21)
• Withdraw consent — at any time, without affecting prior processing (Art. 7(3))

To exercise any of these rights, contact us at hello@cvlink.app. We will respond within 30 days.

You have the right to lodge a complaint with a supervisory authority. The competent authority for Bavaria is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

We may update this Privacy Policy from time to time. The date at the top of this page indicates when it was last revised.