Privacy Policy

We collect several categories of personal information to operate the Service and provide our services to you:

• Account information: When you create an account via Google Sign-In (Google Single Sign-On), we receive data from your Google profile such as your name and email address. This information is provided to us with your consent during OAuth authorization, and it is necessary to identify you in the Service (to create your profile). We do not gain access to your Google account password or other data beyond these basic details. You may also voluntarily add other information to your profile on the Service (for example, upload a photo or provide professional details); such actions are entirely optional and this information is used solely in the context of the Service’s functionality.
• Information you provide for resume creation: The core function of our Service is to generate resumes based on data provided by the user. You may input professional information such as work experience, skills, education, achievements, and other details that should go into your resume. You knowingly provide this data to us through the appropriate forms. We store it in your account so that you can edit and save your resumes, and so that our AI algorithm (see the section on Gemini AI below) can process it and form recommendations or resume text. Important: The information in your resume may include personal data (such as name, contact details, or biographical details). We understand the confidentiality of this kind of information and do not make it publicly available; it is used only by you and our Service for the purpose of generating and storing your resumes.
• Payment information: When purchasing a paid subscription, we redirect you to the payment page of our payment partner – the Paddle service. To complete the payment, you provide Paddle with your payment card details or other payment credentials. We do not directly collect or store your card’s financial data (card number, CVV, etc.). These details are transmitted directly to Paddle, which acts as the Merchant of Record (the official seller) and processes your payment on our behalf. Paddle may provide us with summary information about the transaction, such as whether the payment was successful or not, the type of subscription, and the last 4 digits of your card for payment identification, but full payment details remain with Paddle. Note: By subscribing, you give Paddle consent to process payments and store payment data for automatic billing when the subscription renews. Paddle’s Privacy Policy is available at (we recommend reviewing it to understand how Paddle processes your data).
• Log files and technical information: Like most web services, we automatically collect certain technical data when you use our site. This may include:
• Log files: records of your actions on the site – for example, pages viewed, access times and dates, the IP address of the device used to access the site, and so on.
• Device and browser identifiers: the type and version of your browser, operating system, and information about your device (e.g. screen resolution).
• Cookies and similar technologies: our Service uses cookies and similar technologies to ensure proper operation and improve convenience (see the Cookie Policy below for details). In particular, cookies are used to maintain your session (so that you remain logged in without repeated actions), as well as analytical cookies to collect aggregated statistical data about site usage (via Google Analytics). These technologies may collect data such as your actions on the site, time spent on certain pages, transitions between pages, and other information that helps us understand how users interact with the Service.
• Support service and feedback data: If you contact us for help or send feedback (for example, by email or through a feedback form), we store the information you provide. This may include your email address, name, as well as the content of your message or any attached materials. This data is used solely to respond to you and resolve your issues, and it may be analyzed to improve our service (for example, to fix bugs that you reported).
• Data from third parties: We may receive information about you from external sources if you choose to use certain integrations. For example, if you decide to share a completed resume on some website or import data from LinkedIn (for instance, if such a function existed), then we would receive data from those external sources according to your settings. Currently, we have no such integrations aside from Google Sign-In, but if any are introduced, this Policy will be updated accordingly.

We use your personal information for the following purposes:

• Providing services and operating the Service: Your data is needed for us to create and maintain your account, generate resumes and related documents at your request, and generally ensure all features of the Service work per your needs (for example, to save your resume templates, apply the changes you make, etc.). Processing your personal data in this context is based on the performance of our contract with you (providing the service to you) or on our legitimate interests in delivering services effectively.
• Operation of AI features (resume generation via Gemini): We transmit the data you have entered for your resume to our artificial intelligence module in order to generate textual recommendations, descriptions, or other resume elements. This module may run on the external Gemini AI service (developed by Google or another AI provider). Note: Data is transmitted in a depersonalized form, if possible, and solely for the purpose of generating the content you have requested. We do not use this data to train external AI models – only to obtain the result (text) which is immediately returned to you. The text received from the AI is reviewed by you; we recommend checking it for accuracy. Using AI helps us provide you with efficient services (under our contract with you), but it does not absolve us of the obligation to protect your data. Therefore, we enter into appropriate agreements with the external AI provider to ensure your information is not used beyond the specific intended function.
• Processing payments and managing subscriptions: We use information about your purchases and subscription to manage your access status. For example, to activate premium features for you after a successful payment, to track the subscription expiration date, to automatically renew the subscription monthly, and to inform you of any payment issues. As noted above, your card’s financial details are processed by Paddle, but we use transaction data (payment ID, amount, status) in our systems for record-keeping. The legal basis here is the performance of our contract (providing you with paid services according to your subscription).
• Improving the service and analytics: Aggregated and anonymized data (for example, usage statistics: which resume templates are most popular, which fields are most often filled in or skipped, average user session duration, etc.) is used to understand how users interact with the service and to improve it. For this we use web analytics tools, in particular Google Analytics, which uses cookies to identify visitors and collect information about their behavior on the site (in anonymized form for statistics). We analyze these reports to fix errors, improve the interface, optimize performance, and so on. Our legitimate interest in developing and enhancing the service serves as the legal basis for this processing. If consent is required for the use of analytical cookies (in jurisdictions like the EU), we will request it separately (see the Cookie Policy).
• Communication with users: The email address obtained from you may be used to send you important information related to the service. This can include messages about successful registration, payment receipts, reminders about the end of a trial period or the upcoming date of the next payment, notifications about changes in the service or terms, newsletters or other marketing mailings (the latter only if you have given separate consent). You can opt out of receiving marketing emails at any time by using the “Unsubscribe” link in such emails or by sending us a request. Please note: System and transactional messages (about payments, security, password changes, etc.) may be necessary and cannot be opted out of while you use the service, as they contain important information about your account.
• Security and preventing abuse: We may use your data (including technical logs and records of actions) to ensure the security of the service, users, and ourselves. This means monitoring for suspicious activity (for example, mass account creation or unauthorized access attempts), investigating possible cases of violation of our Terms of Use or the law, and preventing fraud – for example, to ensure a user does not bypass trial period limitations by creating multiple accounts. We reserve the right to suspend or terminate an account that we believe violates the rules (see our Terms of Use for details on acceptable use and termination). Processing data for this purpose is based on our legitimate interest in protecting the service and the user community, as well as fulfilling legal obligations regarding security.
• Legal compliance: In some cases we may be required to process, retain, or transmit your data in accordance with the law. For example, accounting rules may obligate us to keep records of payments. Likewise, upon a properly formatted request from law enforcement authorities (such as a court order), we may disclose certain data if required by law. We will attempt to inform you about such requests (if permitted by law and if you have provided up-to-date contact information), but we reserve the right to fulfill legal obligations without prior notice.

We do not sell or transfer your personal information to third-party organizations for marketing purposes. However, to operate our service and achieve the purposes described above, we engage trusted third-party service providers who process data on our behalf. These parties act under agreements with us (data processing agreements) and cannot use the data received from us for their own purposes unrelated to providing services to us.

Third-party services (subprocessors) that have access to data:

• Payment provider – Paddle: As mentioned, Paddle processes payment information related to subscriptions. Paddle may receive your name, email (for receipt issuance), payment details, and subscription information. It acts as an independent controller of this data during the payment process. We provide Paddle access only to the information necessary for successful transaction processing, and we rely on its systems to maintain the security of payment data. (Please also see Paddle’s Privacy Policy for more details.)
• Infrastructure and data storage – Cloud services: We host our backend and databases on cloud infrastructure provided by DigitalOcean, Inc. and Atlas. Personal data (such as your profile information, resume texts, files/photos you upload) is physically stored on the servers of these providers. The cloud services act as data processors on our behalf. This means they do not use your data themselves, but only provide us the means to store and process it. Both companies are reputable providers and indicate compliance with security standards and data protection laws (DigitalOcean has SOC 2 certification, GDPR compliance, etc.). It’s important to note that servers may be located outside of your country. For example, DigitalOcean has data centers in the EU as well as in the USA and other countries, and Atlas may also store data in various regions. We strive to choose hosting locations geographically close to our primary users, but in any case your data may be transferred abroad. If you are a resident of the EEA (European Economic Area) or another jurisdiction with data transfer requirements, we ensure that such transfers are done on the basis of appropriate legal mechanisms (standard contractual clauses, Privacy Shield if applicable, or similar frameworks) to safeguard your rights.
• Authorization and authentication – Google LLC: For the Google login feature, we have integrated Google Sign-In (OAuth). When you log in, Google redirects you back to our site with a token that confirms your identity and gives us access to basic profile data (name, email). In this scenario, Google acts as an external provider and essentially as a source of data. Additionally, Google Analytics (a Google service) sets analytical cookies and collects information about your interaction with our site. Google may process such data on its servers around the world (including in the USA). We have implemented IP anonymization to comply with privacy requirements. Google does not receive any other data from us aside from the mentioned basics. Note: By using Google Sign-In, you also agree to Google’s Privacy Policy (as it’s a condition of using their account).
• Artificial Intelligence service – Gemini (Google) or similar: To provide the automatic resume writing and optimization features, we use AI models. Currently we have integrated Google’s Gemini – the latest artificial intelligence model from Google, designed specifically for generating text based on provided data. When you use the AI generation feature, the relevant data (for example, a draft resume, a job description you want to tailor your resume to, or other context information you provide for more accurate results) may be sent to the Gemini AI API for processing. Google, as the provider of this AI service, assures that it will not use the data we send for anything other than generating the response to our request. The response produced by the AI is returned to us and we immediately display it to you. Google may store requests to its AI for a short period for monitoring abuse and improving service quality, but this data does not identify you personally from Google’s perspective (we do not transmit your personal information, unless it is contained in the resume text you provided – be cautious about what you input). We, in turn, do not store the AI-generated data anywhere except in your account (your resume). By using the AI feature, you understand and agree to this narrowly-purposed transfer of data to an external AI service.
• Other providers: We may engage other companies to perform auxiliary functions, for example an email delivery service, a support ticket system, etc. In the event such providers gain access to any of your data, we will update this Privacy Policy to inform you. At the current moment, there are no significant additional processors. If you wish to obtain a complete and up-to-date list of our subprocessors, you may send us a request via email and we will provide that information.

Instances when we may disclose data:

• If required by law (based on a legitimate request by government authorities, for example as part of a court proceeding or investigation).
• If disclosure is necessary to protect our legitimate rights, investigate violations, or ensure enforcement of our Terms of Use (for instance, investigating fraud). This also includes sharing information with law enforcement or other companies for the purpose of protecting against fraud and reducing credit risk.
• In the event of a sale or reorganization of the business: if in the future CVlume undergoes a merger, acquisition, sale of assets, or other form of business transfer, user personal data may be transferred to the successor or new owner. In such a case, we will inform users in advance (for example, by email and/or through a prominent notice on the site) about the change of data controller and the application of a new policy, and provide an opportunity to delete your data if you wish.

Data retention: We will retain your personal data no longer than is necessary to fulfill the purposes outlined in this Policy, or as required by law. For example, your account data and content (resumes) are stored as long as you have an active account. If you decide to delete your account or request us to do so, we will delete or anonymize that data (provided that its retention is no longer required for our legal obligations, such as keeping records of completed payments which may need to be stored longer in compliance with tax or accounting regulations). In some cases we may keep information longer if it is needed for our legitimate interests – for example, log data might be retained for a specified period even after account deletion so that we can investigate instances of fraud or violations (however, such data will not be associated with your name after your account is deactivated).

Security: We have implemented administrative, technical, and physical security measures to protect your personal information from unauthorized access, loss, misuse, or unauthorized alteration. These measures include, for example:

• Using secure communication protocols (HTTPS/TLS) to encrypt data transmitted between your browser and our servers.
• Encrypting sensitive data in our database and limiting access to the database to authorized services only.
• Protecting the DigitalOcean/Atlas infrastructure with firewall configurations, access controls, and using modern authentication methods for server access.
• Regularly updating software and applications to avoid known vulnerabilities.
• Performing data backups (with encryption) in case of hardware failures or other issues.
• Internal policies for staff (if we have staff who have access to data) regarding confidentiality and responsibility for safeguarding user information.

We do our best to protect your data, but no method of data transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your information. You also play a role in protection – we ask that you use strong passwords for your Google account and do not disclose your access credentials to others. In the event a data breach or security incident occurs that affects personal data, we will notify you and the competent authorities in accordance with applicable requirements (for example, in the EU – within 72 hours of discovering a serious security incident).

Any information that you voluntarily choose to make public will be accessible to anyone who has access to the respective software, website/app, or service, and therefore we cannot protect it. By default, all your data is private. However, if you share your documents and data on social networks (whether through our application or otherwise), or post them online via a unique link, or send them by email, or publish them in public sections of CVlume, or share them through third-party applications or services, we cannot guarantee the confidentiality of the data in those documents, and CVlume is not responsible for what happens to them after they are distributed. Therefore, we advise you to be careful about where and with whom you share your documents or other professional information created or shared using CVlume.

We respect users’ rights to personal data protection. If you are subject to data protection laws (such as the General Data Protection Regulation – GDPR, or similar laws), you have, among other rights:

• Right of access: You can request confirmation of whether we are processing your personal data, and also obtain a copy of that data which we hold.
• Right to rectification: You can ask to have your personal data corrected if it is inaccurate or outdated. Most of your account information (name, email) can be updated by you directly through your Google profile settings; resume data can be edited by you directly in the Service.
• Right to deletion: You have the right to request deletion of your personal data (the right to be forgotten) in a number of cases: for example, if the data is no longer needed for the purposes for which it was collected, or if you have withdrawn your consent (in cases where processing was based on consent). Note that this right is not absolute – we may retain certain information if we consider it necessary to fulfill legal obligations or protect our interests (see the data retention section above). For example, we cannot delete information about your completed payments before the legally mandated retention period for accounting records has passed.
• Right to object and restrict processing: You have the right to object to the processing of some of your data that is carried out on the basis of our legitimate interests, if you believe that your fundamental rights and freedoms outweigh those interests. You can also request that we temporarily restrict the processing of your data while another request is being resolved (for example, if you asked us to correct data or you objected to processing – during the time we are considering the request, you can demand that we do not perform other operations on the data aside from storage).
• Right to data portability: In certain cases you have the right to receive the personal data that you provided to us in a structured, machine-readable format, and also the right to have this data transmitted to another service provider at your request. This applies only to information processed by automated means on the basis of your consent or for the performance of a contract. In practice, you can always export the text of your resumes or other data from your account – we will assist if needed.
• Right to withdraw consent: In cases where we rely on your consent for processing (for example, consent to receive marketing communications or consent to analytical cookies), you have the right to withdraw such consent at any time. Withdrawing consent will not affect the lawfulness of processing conducted prior to that withdrawal, but it may mean we can no longer provide you with certain services (for example, if you withdraw consent to processing your email for newsletters, we will simply stop sending them, with no effect on your use of the service; and withdrawing consent to analytical cookies is entirely without negative consequences – you just will not be counted in the usage statistics).
• Other rights: Depending on your jurisdiction, you may have other rights as well. For example, residents of some U.S. states (e.g. California) have the right to know certain information about third parties with whom their data was shared, or the right to forbid the sale of their data (we do not sell data). We will comply with the laws applicable to us.

To exercise your rights, you can contact us at the email address provided (listed at the beginning of this Policy). We may ask you to verify your identity (to make sure the request is coming from the authorized person – the account owner). We will strive to respond to all requests within 30 days of receiving them (or according to other timeframes established by law). If your request is particularly complex, we will inform you that we need more time (up to an additional 60 days). In general our services are free, so no fee is charged for exercising your rights. However, if any requests are clearly unfounded or excessive (for example, very frequent repetitive submissions), we reserve the right to either charge a reasonable fee for administrative costs or refuse such a request, providing a justification.

Our Service uses cookies, pixels, and other similar technologies for a number of important functions, including analyzing traffic and improving user experience. You can read more details in our separate Cookie Policy below. The Cookie Policy is part of this Privacy Policy and supplements it.

In brief: cookies are small text files that our site may store in your browser. They can be “session” cookies (deleted after you close your browser) or “persistent” cookies (stored for a certain period). Cookies allow our site to recognize you, remember your settings (for example, interface language), and we also use analytical cookies to learn how users interact with the site (this provides us with statistics but does not personally identify you). You can manage your cookies through your browser settings or by using our cookie settings tool (if available). Disabling some categories of cookies (apart from necessary ones) will not affect the basic functionality of the service, but it may slightly reduce the quality of information provided to you (we will know less about what interests you). Disabling necessary cookies (which enable login, navigation, etc.) may result in being unable to use the Service to its full extent.

Our Service is not intended for individuals under 18 years of age (or the age limit established by your country’s laws for independently providing consent to personal data processing). We do not knowingly collect personal data from children. If you are under 18 (or below the applicable age threshold in your country), please do not use CVlume and do not provide us with any information about yourself. If we discover that we have collected personal information from a child without proper parental consent, we will take steps to delete that information. Parents or guardians: if you become aware that your child (under the appropriate age) has provided us with personal data, please contact us – we will delete the young user’s account and all associated data.

From time to time, this Privacy Policy may be updated. Reasons for changes can include: launching new features or services, changes in legal requirements, or improvements in our practices. If the changes are significant, we will notify you by placing a prominent notice on our site or by sending an email (if appropriate). At the top of the Policy (under the title) we always indicate the date of the latest revision. We encourage you to periodically review this document to stay informed about how we protect your information.

Continuing to use the Service after an updated Policy takes effect will signify your agreement to the changes. If you do not agree with any changes, you should stop using the Service and, if desired, delete your account by informing us.

If you have any questions, requests, or complaints regarding this Privacy Policy or about how CVlume processes your personal data, please contact us:

• Email: [email protected]

We are committed to helping you and resolving any privacy-related issues as quickly and transparently as possible.