Legal
Privacy Policy
Last updated: June 12, 2026
CyberCV ("we", "our", or "us") operates the website at cybercv.vercel.app ("Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
By using the Service you agree to the collection and use of information as described in this policy.
1. Information We Collect
Information you provide
- Account data: email address when you sign up or log in via Google OAuth or magic link.
- Resume data: certifications, TryHackMe / HackTheBox usernames, skills, work history, and other career information you enter into the resume generator.
- Payment data: payments are processed by Paddle, our Merchant of Record. We never receive or store your card number, CVV, or billing details. Paddle provides us only a transaction ID and your email address upon successful purchase.
Information collected automatically
- Usage data: pages visited, features used, timestamps — collected via Vercel Analytics (anonymised).
- Log data: IP address, browser type, and referring URLs for security and debugging purposes.
- Cookies: authentication session cookies set by Supabase and preference cookies. No third-party advertising cookies are used.
2. How We Use Your Information
- To create and manage your account and verify purchase access.
- To generate your AI-powered resume using the Claude API (Anthropic). Your resume data is sent to Anthropic's API solely to produce the resume and is not used to train their models under our API agreement.
- To send transactional emails (purchase confirmation, magic-link sign-in) via Resend.
- To detect and prevent fraud or abuse.
- To improve the Service based on aggregated, anonymised usage analytics.
We do not sell your personal data to any third party.
3. Data Storage and Security
Your account and resume data are stored in Supabase (hosted on AWS in the US). We use row-level security so that only your authenticated session can access your data. All data is transmitted over HTTPS/TLS.
No security measure is 100% foolproof. If you discover a vulnerability, please contact us immediately at izajahmad@gmail.com.
4. Third-Party Services
We use the following third-party processors:
| Service | Purpose | Data shared |
|---|---|---|
| Paddle | Payment processing | Email, transaction amount |
| Supabase | Auth & database | Email, resume data |
| Anthropic (Claude) | Resume generation | Resume form inputs |
| Vercel | Hosting & analytics | Anonymised usage data |
| Resend | Transactional email | Email address |
5. Data Retention
We retain your account and resume data for as long as your account is active. You may request deletion at any time by emailing izajahmad@gmail.com. We will delete your data within 30 days of a verified request.
Anonymised analytics data (no personal identifiers) may be retained indefinitely to improve the Service.
6. Your Rights
Depending on your jurisdiction you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data ("right to be forgotten").
- Export your data in a portable format.
- Object to certain processing activities.
To exercise any of these rights, email izajahmad@gmail.com.
7. Children
The Service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it promptly.
8. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, the "Last updated" date at the top of this page changes. Continued use of the Service after changes constitutes acceptance.
9. Contact
Questions about this policy? Email us at izajahmad@gmail.com.