Privacy Policy
Last updated: June 19, 2026
1. Data we collect
When you use PromptCV.app we collect:
- Account data: your email and (optionally) your name and profile photo from Google or LinkedIn if you sign in with those providers.
- Resume content: everything you enter into the editor or upload to import (PDF/DOCX/LinkedIn export). This is stored in our database so you can return to edit it.
- Payments: when you buy a credit pack, your chosen mobile financial service (bKash, Nagad, or Rocket) processes the payment and sends us a session id, the amount, and the payment status. We store the resulting order and the credits added to your balance. We never see your PIN, OTP, or mobile-banking credentials.
- Usage: we record which features you use (e.g. an AI rewrite call, a paid download) so we can keep the product working. We hash any IP addresses we log.
2. How we use it
- To provide and improve the service (editing, AI assistance, PDF rendering).
- To process your payments and grant download access.
- To detect abuse and enforce rate limits.
- To send you transactional emails (sign-in links, receipts). We only send transactional emails and do not send marketing emails.
3. Data sharing
We share your data only with the processors required to run the service, under data processing agreements:
- Supabase — hosts our database, authentication, and storage.
- Google (Gemini API) — when you use an AI feature, the text you ask the AI to work on is sent to Google's Gemini API. Per Google's free-tier policy this content may be used to improve their models.
- Mobile financial services (bKash, Nagad, Rocket) — process payments through our payment gateway. Your payment credentials go directly to the provider; we only receive payment metadata.
- Fly.io and Vercel — host our backend and frontend.
- Sentry — receives error reports (no resume content; only ids and request metadata).
We do not sell your data and we do not share it with advertisers.
4. Public sharing
If you choose to publish a CV or cover letter through a share link, the content of that document becomes viewable by anyone who has the link. Sharing is entirely optional and off by default — you control it, and you can disable a share link at any time to revoke access.
5. Retention
We keep your account data for as long as you keep the account. If you delete your account, we delete your resumes, versions, shares, downloads, ATS scans, AI usage counters, and uploaded source files immediately. Payment records (orders) are retained without your user id for accounting and audit purposes.
6. Your rights
You can, at any time and at no cost:
- Access your data — download a JSON export from Settings.
- Delete your account — from Settings → Delete account.
- Correct your data — edit your profile and resumes anytime.
- Object or restrict processing — email us at the address below.
7. Contact
Email privacy@promptcv.app.