Privacy Policy

1. Who We Are

This privacy notice is for MakeMyCVNow ("we", "us", "our"), an online CV and resume builder service available at makemycvnow.com. It describes how and why we collect, store, use, and share ("process") your information when you use our Services — including when you visit our website, create a CV, or engage with us in any related way.

Questions or concerns? If you do not agree with our policies, please do not use our Services. Contact us at support@makemycvnow.com with any questions.

2. What Information Do We Collect?

2.1 Personal information you provide

We collect personal information you voluntarily provide when you register, use our services, or contact us. This may include names, email addresses, passwords (hashed — never stored in plain text), employment history, education, skills (CV content), contact details in your CV, and uploaded files (PDF, DOCX). All information must be true, complete, and accurate.

2.2 Sensitive information

We do not process sensitive personal information (racial or ethnic origin, religious beliefs, health data, biometric data, or similar categories).

2.3 Payment data

If you purchase a premium plan, payment is processed by our third-party payment provider. We do not store credit card numbers, CVV codes, or bank details on our servers. Payment data is handled in accordance with PCI-DSS standards.

2.4 Social media login data

We offer Google OAuth sign-in. When you sign in with Google, we receive your name, email, and profile picture. We do not access your Google contacts, Drive, Calendar, or any other Google data. See Section 7 for more.

2.5 Automatically collected information

When you visit our website, we automatically collect certain technical information that does not directly identify you:

• Log and usage data — IP address, browser type, pages viewed, timestamps, referring URLs
• Device data — Device type, operating system, screen resolution
• Location data — Approximate location based on IP address (for currency and language detection only — no precise GPS)

This data is collected through Google Analytics and is used to maintain security, analyse usage patterns, and improve the Service.

3. How Do We Process Your Information?

We process your information to:

• Provide our Services — Generate, enhance, and export CVs; create cover letters; run CV gap analysis
• Facilitate account creation and authentication — Manage accounts, enable Google sign-in
• Fulfil and manage orders — Process payments, manage subscriptions, handle refunds
• Respond to enquiries — Answer support emails, resolve issues
• Send administrative information — Service updates, security alerts, policy changes
• Protect our Services — Fraud monitoring, abuse prevention, security
• Identify usage trends — Understand feature usage to improve the Service

We do not process your information for targeted advertising, user profiling, or marketing emails.

4. What Legal Bases Do We Rely On?

4.1 Users in the EEA, UK, and Norway

Under the GDPR and Norwegian Personal Data Act (Personopplysningsloven), we rely on:

• Consent — Where you give explicit permission (e.g., creating an account). Withdrawable at any time
• Performance of a contract — Processing necessary to deliver the Service (generating your CV, processing payment)
• Legitimate interests — Processing reasonably necessary for our business that does not override your rights (usage analytics, security, service improvement)
• Legal obligations — Processing required by law (tax records, legal requests)

4.2 Users in India

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), we process your data based on consent provided by your use of the Service. You may withdraw consent at any time by deleting your account or contacting us. Processing necessary for legal compliance does not require separate consent.

5. When and With Whom Do We Share Data?

We do not sell, rent, or trade your personal data. We share data only with service providers who perform services on our behalf, under data processing agreements:

We may also share information during a business transfer (merger, acquisition, sale of assets). You will be notified before your data is transferred.

6. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential cookies — Authentication and session management. Necessary for the Service to function; cannot be disabled
• Analytics cookies — Google Analytics (anonymised). Used to understand how users interact with the Service
• Preference cookies — Language selection, theme preferences (stored in localStorage)

We do not use advertising cookies, tracking pixels, or retargeting. We do not serve targeted ads. You can control cookies through your browser settings. Blocking essential cookies may prevent the Service from functioning correctly.

7. How Do We Handle Social Logins?

We offer Google sign-in as an authentication option. When you sign in with Google, we receive your name, email, and profile picture. We do not request access to your Google contacts, Drive, Calendar, or any other Google services. Your Google credentials are never stored by us — authentication is handled through Google's OAuth 2.0 protocol. You can revoke access at any time through your Google Account permissions.

8. Responsible AI & Data Processing

When you use our AI features (CV generation, enhancement, cover letter writing, gap analysis, language translation), your CV content is sent to Azure OpenAI for processing. Our commitments:

• No model training — Your data is never used to train, improve, or fine-tune AI models. Azure OpenAI's enterprise terms explicitly prohibit using customer data for model training
• No data retention by AI provider — Azure OpenAI does not store your prompts or completions after processing
• Transparency — AI-generated suggestions are clearly presented as AI output. Final content decisions are always yours
• Privacy by design — We send only the minimum necessary CV content. Photos, styling, and account metadata are stripped before processing
• Limitations — AI content may contain errors. You are responsible for reviewing all output. AI is not a guarantee of employment outcomes

9. How Long Do We Keep Your Information?

• Non-registered users — CV data exists only in browser session storage; not stored on our servers
• Registered users — Data retained until you delete it or request account deletion
• After account deletion — All personal data permanently deleted within 30 days
• Payment records — Retained as required by applicable tax law (typically 5–7 years)
• Server logs — Anonymised logs retained up to 90 days for security and debugging

10. How Do We Keep Your Information Safe?

We implement appropriate technical and organisational measures including encrypted connections (HTTPS/TLS), hashed passwords (never plain text), access controls on production data, regular security reviews, and secure session management with HttpOnly cookies. No method of electronic transmission is 100% secure, and we cannot guarantee absolute security.

11. International Data Transfers

Your data may be processed outside your country of residence, including in the EU, US, and India. For transfers outside the EEA, we use Standard Contractual Clauses (SCCs) approved by the European Commission and rely on adequacy decisions where applicable.

12. Do We Collect Information from Minors?

MakeMyCVNow is not intended for individuals under 16. We do not knowingly collect data from children under 16. If we learn a child under 16 has provided data, we will delete it promptly. Parents or guardians may contact support@makemycvnow.com.

13. What Are Your Privacy Rights?

13.1 Users in the EEA, UK, and Norway

Under the GDPR and Norwegian Personal Data Act (Personopplysningsloven), you have the right to access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, objection to processing, and withdrawal of consent. Exercise these by contacting support@makemycvnow.com — we will respond within 30 days. You may also lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.

13.2 Users in India

Under the DPDP Act 2023 and IT Act 2000, you have the right to access, correction, erasure, and nomination of another person to exercise your rights. Grievance redressal: contact support@makemycvnow.com — we acknowledge within 48 hours and resolve within 30 days.

13.3 All users

You can manage your data through Account Settings or contact us to request full account deletion.

14. Controls for Do-Not-Track

Some browsers include a Do-Not-Track (DNT) signal. There is no universal standard for responding to DNT. We do not currently respond to DNT signals. If a standard is adopted, we will update this policy.

15. Updates to This Notice

We may update this notice periodically. The "Last updated" date will reflect changes. Material changes will be communicated to registered users by email at least 14 days before they take effect.

16. Contact Us

For privacy questions, data requests, or complaints:

Email: support@makemycvnow.com

If unsatisfied with our response, you may contact your local data protection authority.