Privacy Policy

Last updated: July 22, 2025

1. Introduction

CV Surgeon ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CV optimization service.

2. Information We Collect

Personal Information

  • CV Content: Your existing CV text and work history
  • Job Descriptions: Text of job postings you want to optimize for
  • Email Address: Optional, for receipt delivery
  • Payment Information: Processed securely by Stripe (we don't store card details)

Technical Information

  • Cookies: Essential session cookies for service functionality
  • Usage Data: Basic analytics about service usage
  • IP Address: For security and fraud prevention

3. Legal Basis for Processing

We process your personal data based on:

  • Contract Performance: To provide the CV optimization service you've purchased
  • Legitimate Interest: To improve our service and prevent fraud
  • Consent: For optional email communications

4. How We Use Your Information

  • Generate optimized CV content using AI
  • Process payments securely
  • Provide customer support
  • Improve our service quality
  • Send receipts and service updates (if email provided)

5. Data Sharing and Third Parties

We share your data only with:

  • OpenAI: For CV content generation (subject to their privacy policy)
  • Stripe: For secure payment processing
  • SendGrid: For email delivery (if applicable)

We never sell your personal information to third parties.

6. Data Retention

  • CV Content: Automatically deleted after 24 hours
  • Session Data: Cleared when you close your browser
  • Purchase Records: Retained for 7 years for accounting purposes
  • Payment Data: Handled by Stripe according to their retention policy

7. Your Rights Under GDPR

You have the right to:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interest
  • Withdraw Consent: For processing based on consent

To exercise these rights, contact us at: support@cvsurgeon.uk

8. Data Security

We implement appropriate security measures including:

  • HTTPS encryption for all data transmission
  • Secure session management
  • Regular security updates
  • Limited data retention periods

9. International Transfers

Your data may be processed in countries outside the EU/UK. When this occurs, we ensure appropriate safeguards are in place through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses
  • Service provider certifications (e.g., Privacy Shield successors)

10. Cookies

We use essential cookies only:

  • Session Cookies: Required for service functionality
  • Security Cookies: For fraud prevention

No tracking or advertising cookies are used.

11. Contact Information

For privacy-related questions or to exercise your rights:

Email: support@cvsurgeon.uk

Data Protection Officer: support@cvsurgeon.uk

12. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority:

  • UK: Information Commissioner's Office (ICO)
  • EU: Your national data protection authority

13. Changes to This Policy

We may update this Privacy Policy occasionally. When we do, we will post the new policy on this page and update the "Last updated" date.

Return to CV Surgeon