Privacy Policy

Welcome to GenCV's Privacy Policy. We respect your privacy and are committed to protecting your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered career tools platform.

By using GenCV, you consent to the data practices described in this policy. If you do not agree with this policy, please discontinue use of our services.

This policy applies to all users, whether using BYOK (Bring Your Own Key) mode or Platform Credits mode.

2.1 Information You Provide Directly:

• Account Information: Email address, name (optional), password (hashed, never stored in plain text)

• Profile Information: Job preferences, career goals, profile picture (optional)

• Resume Content: Personal information, work history, education, skills uploaded for parsing

• Job Application Data: Company names, job descriptions, recipient names, personal statements

• Payment Information: Transaction details processed by Razorpay (we do not store credit card numbers)

2.2 Automatically Collected Information:

• Usage Data: Pages visited, features used, time spent on platform, click patterns

• Device Information: Browser type, operating system, device identifiers, IP address

• Log Data: Access times, error logs, performance metrics

2.3 BYOK Mode Specific:

• In BYOK mode, API keys and all content are stored ONLY in your browser's local storage

• We have NO access to your API keys, resume data, or generated content in BYOK mode

• No data is transmitted to our servers when using BYOK mode

We use collected information for the following purposes:

3.1 Service Delivery:

• Generate emails, cover letters, and resumes using AI models

• Parse and analyze uploaded resume files (PDF/DOCX)

• Store your generated content for future access (Platform Credits mode only)

• Provide customer support and respond to inquiries

3.2 Account Management:

• Create and maintain your user account

• Authenticate your identity and manage sessions

• Process payments and maintain credit balance

• Send transactional emails (password resets, payment confirmations)

3.3 Service Improvement:

• Analyze usage patterns to improve features

• Monitor system performance and fix bugs

• Conduct research to enhance AI generation quality

• Develop new features based on user needs

3.4 Communications:

• Send important service updates and announcements

• Notify you of new features or promotions (with opt-out option)

• Respond to your support requests and feedback

We do NOT use your personal information or resume content to train AI models or share with third parties for marketing purposes.

4.1 BYOK Mode:

• All data stored exclusively in browser local storage (client-side)

• Data never transmitted to our servers

• Clearing browser data permanently deletes all information

• We recommend regular backups as we cannot recover lost local data

4.2 Platform Credits Mode:

• Data stored securely in Supabase (PostgreSQL database with encryption)

• Servers located in [Server Location - e.g., AWS Mumbai Region]

• Database backups performed daily with 30-day retention

• Passwords hashed using bcrypt with salt

• API communications encrypted with TLS 1.3

4.3 Security Measures:

• Row-Level Security (RLS) policies ensure users can only access their own data

• Regular security audits and vulnerability scanning

• Access controls limiting employee access to user data

• Intrusion detection and monitoring systems

• Secure coding practices and code reviews

4.4 Data Retention:

• Active accounts: Data retained indefinitely while account is active

• Deleted accounts: Data permanently deleted within 30 days

• Resume exports: HTML stored for 30 days (free re-download period)

• Payment records: Retained for 7 years (legal requirement in India)

• Usage logs: Retained for 90 days for debugging purposes

We use the following third-party services that may process your data:

5.1 AI Providers (Platform Credits Mode):

• OpenAI (GPT models): Processes job descriptions and resume content to generate emails/cover letters/resumes

• Google Gemini: Alternative AI provider for content generation

• Data Sent: Job details, resume text, generation preferences

• Retention: OpenAI retains data for 30 days (abuse monitoring), Gemini policies vary

• Privacy Policies: See OpenAI Privacy Policy and Google Privacy Policy

5.2 Payment Processing:

• Razorpay: Processes all payments (credit/debit cards, UPI, net banking)

• Data Sent: Transaction amount, email address, payment method

• We do NOT receive or store full credit card numbers

• Privacy Policy: See Razorpay Privacy Policy

5.3 Authentication and Database:

• Supabase: Provides authentication and database services

• Data Sent: Email, hashed password, profile information, generated content

• Privacy Policy: See Supabase Privacy Policy

5.4 Analytics (Future):

• We may integrate analytics tools (e.g., Google Analytics, Plausible) with prior notice

• If implemented, you will have the option to opt out

We do NOT sell your personal information to third parties. Data is shared only as necessary to provide our services.

You have the following rights regarding your personal information:

6.1 Access and Portability:

• View all personal data we hold about you

• Export your resume data in machine-readable format (JSON/PDF)

• Request: Contact support@gencv.in

6.2 Correction and Update:

• Update your profile information anytime via dashboard

• Correct inaccuracies in stored data

6.3 Deletion (Right to be Forgotten):

• Delete your account and all associated data via dashboard settings

• Data permanently removed within 30 days (except legal retention requirements)

• BYOK mode: Clear browser local storage manually

6.4 Opt-Out Rights:

• Marketing emails: Unsubscribe link in all promotional emails

• Data processing: Switch to BYOK mode to avoid server-side data storage

6.5 Object to Processing:

• Object to use of your data for specific purposes by contacting us

• We will honor requests unless we have legitimate grounds to continue

6.6 Withdraw Consent:

• You may withdraw consent to data processing by deleting your account

• Note: Some processing is necessary to provide core services

To exercise these rights, email support@gencv.in with your request. We will respond within 30 days.

We use cookies and similar technologies to enhance your experience:

7.1 Essential Cookies:

• Authentication session cookies (required for logged-in users)

• Security tokens for CSRF protection

• These cannot be disabled as they are necessary for service functionality

7.2 Functional Cookies:

• Theme preference (dark/light mode)

• Language preference

• Last used AI model selection

7.3 Local Storage:

• BYOK mode: Stores API keys, resumes, generated content (client-side only)

• Platform Credits mode: Stores authentication tokens and session data

7.4 Managing Cookies:

• Browser settings allow you to block or delete cookies

• Note: Blocking essential cookies will prevent login functionality

• Clearing local storage will delete all BYOK mode data permanently

We do NOT use advertising cookies or third-party tracking cookies at this time.

GenCV is designed for users aged 16 and above. We do not knowingly collect personal information from children under 16.

If you are a parent/guardian and believe your child has provided us with personal information, please contact us immediately.

Upon verification, we will delete such information within 30 days.

Users under 18 should use our services with parental guidance, especially when providing personal information in resumes.

GenCV is based in India and primarily serves Indian users. Our servers are located in India or with providers serving the Indian market.

If you access our services from outside India, your information may be transferred to and processed in India.

India's data protection standards may differ from your jurisdiction. By using our services, you consent to this transfer.

Users in the European Union: While we are not specifically designed for EU users, if you are an EU resident, you have rights under GDPR:

• Right to access, rectify, and delete your data

• Right to data portability

• Right to object to processing

• Right to lodge a complaint with your local data protection authority

Contact our Data Protection Officer at support@gencv.in for GDPR-related inquiries.

In the unlikely event of a data breach affecting your personal information, we will:

• Investigate the breach and assess affected data

• Notify affected users via email within 72 hours of discovery

• Provide details of the breach, data affected, and remedial actions

• Report to relevant authorities as required by Indian law

• Take immediate steps to prevent future breaches

You can help protect your account by:

• Using strong, unique passwords

• Enabling two-factor authentication (when available)

• Not sharing your login credentials

• Logging out on shared devices

Important disclosures about AI processing:

11.1 Training Data:

• We do NOT use your resumes, job applications, or generated content to train our AI models

• Third-party AI providers (OpenAI, Google) may use data for abuse monitoring per their policies

• OpenAI retains API data for 30 days for safety purposes, then deletes it

11.2 Content Ownership:

• You retain all rights to content you provide (resumes, personal information)

• AI-generated content is provided to you; we claim no ownership

• Third-party AI providers may have terms regarding generated output

11.3 AI Transparency:

• All content generation is clearly marked as AI-generated

• We do not use AI for automated decision-making that significantly affects you

• AI is used solely as a tool to assist content creation

If GenCV is involved in a merger, acquisition, or sale of assets, your personal information may be transferred.

You will be notified via email and prominent notice on our platform at least 30 days before any such transfer.

The acquiring entity will be bound by this Privacy Policy unless you consent to a new policy.

You will have the option to delete your account before the transfer if you do not consent.

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service features.

Material changes will be communicated via:

• Email notification (for registered users)

• Prominent banner on our website/app

• At least 30 days' notice before changes take effect

Continued use of our services after changes become effective constitutes acceptance of the updated policy.

We encourage you to review this policy periodically.

Version history is available upon request.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: support@gencv.in

Support: support@gencv.in

Data Protection Officer: support@gencv.in

Mailing Address:

[Your Registered Business Name]

[Street Address]

[City, State, PIN Code]

India

We will respond to privacy inquiries within 30 days.

For urgent security concerns, contact support@gencv.in immediately.

We comply with applicable Indian data protection laws, including:

• Information Technology Act, 2000

• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

• Upcoming Digital Personal Data Protection Act (when enacted)

We may disclose your information when required by law:

• In response to valid legal requests (court orders, subpoenas)

• To protect our rights, property, or safety

• To prevent fraud or abuse

• As required by regulatory authorities

We will challenge overbroad requests and notify affected users when legally permitted.