Privacy Policy
cvwith.ai is committed to protecting the privacy of its users. This privacy policy has been prepared in accordance with the Personal Data Protection Law No. 6698 (KVKK), EU General Data Protection Regulation (GDPR), Singapore Personal Data Protection Act (PDPA) and Hong Kong Personal Data (Privacy) Ordinance (PDPO).
🏢 Data Controller Information
The data controller responsible for determining the purposes and methods of processing your personal data:
📋 Personal Data Categories Collected
The following personal data categories are processed through our platform:
- Identity Data: Name, surname, date of birth, photograph
- Professional Data: Resume, experience, education, certifications, skills
- Employment Data: Job applications, position preferences, salary expectations
- Technical Data: IP address, cookie data, device information, usage analytics
- Communication Data: Email address, phone number, postal address
- Payment Data: Billing information, payment history (card details stored by third parties)
- Social Media Data: LinkedIn, Google account information (with permission)
⚖️ Legal Basis and Processing Purposes
Your personal data is processed based on the following legal grounds and purposes:
- Contract Performance: Service delivery, CV optimization, job matching
- Legal Obligation: Legal retention, tax, accounting obligations
- Legitimate Interest: Security, fraud prevention, system improvement
- Explicit Consent: Marketing communications, CV sharing, special services
- Vital Interest: Security threats, emergency situations
- Public Interest: Legal requests and investigations
🔒 Security Measures
The following technical and administrative measures have been taken for the security of your personal data:
- Encryption: SSL/TLS for data transmission, database encryption
- Access Control: Role-based authorization, multi-factor authentication
- Audit Logs: All data access and operations are recorded
- Security Audits: Regular penetration testing and security assessments
- Staff Training: Continuous training programs on data security
- Physical Security: Biometric access control in server rooms
🌍 International Data Transfers
Your data may be subject to international transfer in the following cases:
- AWS/Azure Cloud Services: Data storage in countries with adequacy decisions
- OpenAI API: Data transfer to US for CV analysis (protected by Standard Contractual Clauses)
- Stripe Payment System: EU/US data transfer for payment processing
- Google/LinkedIn API: Data sharing for social media integration
- Job Applications: Data transfer to employer companies with your explicit consent
- Legal Safeguards: GDPR Article 46, PDPA Section 26, adequacy decisions
⏰ Data Retention Periods
Your personal data is retained for the following periods:
- Active Account Data: As long as the account is active
- CV and Application Data: 3 years from last activity
- Communication Records: 5 years from last communication
- Payment Records: 7 years due to legal retention obligations
- Marketing Data: Until consent is withdrawn or 2 years (whichever comes first)
- Security Records: 5 years from security incident
- Account Deletion: Complete deletion within 30 days upon request
👤 Data Subject Rights
Under KVKK, GDPR, PDPA and PDPO, you have the following rights:
- Right to Information: Learn what data of yours is being processed
- Right to Access: Request a copy of your data
- Right to Rectification: Request correction of incorrect data
- Right to Erasure: Request deletion of your data
- Right to Portability: Receive your data in structured format
- Withdrawal of Consent: Withdraw your consent at any time
- Right to Object: Object to data processing
- Automated Decision Making: Object to automated decision-making processes
🤝 Third Party Data Sharing
Your data may be shared with the following third parties:
- Employer Companies: CV and application information with your explicit consent
- Technology Partners: Necessary data for service delivery (AWS, OpenAI, Stripe)
- Legal Authorities: Required data in case of legal obligation
- Advisors: Anonymous data for legal, financial consulting
- Analytics Providers: Anonymized data for statistical analysis
- Security Companies: Threat intelligence data for cybersecurity
🚨 Data Breach Notification
In case of personal data security breach:
- Within 72 Hours: Notification to competent authorities (KVKK Board, DPA)
- Without Delay: Email notification to affected users
- Breach Scope: Detailed explanation of which data was affected
- Measures Taken: Immediate measures taken to prevent the breach
- Our Recommendations: Recommended protective steps for users
- Contact: For questions about the breach: privacy@cvwith.ai
👶 Children's Privacy
Protection of children's personal data:
- Age Limit: We do not collect data from children under 16
- Parental Consent: Parental/guardian consent required for ages 16-18
- Special Protection: Special security measures for children's data
- Right to Deletion: Parents can request deletion of children's data
- Marketing Prohibition: We do not market to those under 18
- Detection Case: Data is immediately deleted upon age detection
🤖 Automated Decision Making
Automated decision-making processes used on our platform:
- CV Matching: AI-based job-candidate matching algorithms
- Fraud Detection: Detection of suspicious account activities
- Content Filtering: Inappropriate content filtering systems
- Right to Object: You can object to automated decisions
- Human Intervention: Human evaluation upon request
- Transparency: Right to information about algorithm logic
📞 Contact and Complaints
Contact us regarding data protection matters: