Skip to main content
CVMarkCVMark
Get started

Privacy Policy

Last updated: May 13, 2026

1. Information We Collect

We collect information you provide directly when creating an account, including your name, email address, and password. We also collect resume data you create on our platform — work experience, education, skills, and contact information included in your documents. Automatically collected data includes IP address, browser type, device information, operating system, visit times, pages viewed, and referral source. We do not collect data from third-party sources without your explicit consent.

2. How We Use Your Data

Your data is used to provide and improve our services: building and storing resumes, CVMark AI (résumé chat and PDF export), generating cover letters, ATS analysis and rewrites, keyword and LinkedIn tools where enabled, and Smart Distribute when you choose to send mail from Gmail you connected with Google OAuth. We use usage data to analyze platform performance, fix bugs, and improve user experience. With your consent, we may send service-related notifications about account activity, security alerts, and feature updates. We never use your personal data for advertising or sell it to third parties for marketing purposes.

3. Data Protection & Security

Traffic between your browser and our services is protected with industry-standard encryption in transit. Stored data is protected at rest using strong, widely reviewed cryptographic controls. Passwords are never stored in readable form; only salted, one-way password hashes are retained. Mail authorization data you grant for Smart Distribute (such as OAuth tokens for Gmail) is protected before storage and is only handled in a controlled server environment when needed to send mail you initiate. Access to production systems and customer data is limited to authorized personnel and monitored under internal security practices. We rely on reputable cloud infrastructure providers and do not publish a vendor, product, or algorithm checklist on this public page.

4. Cookies & Tracking

We use essential cookies and similar technologies for authentication, session continuity, forgery-resistant request protections, and core platform functionality. Where enabled, analytics help us understand aggregate usage without using that data to profile individuals for ads. We do not use advertising cookies or third-party marketing pixels on the product. You can adjust many preferences in your browser; disabling essential cookies may limit sign-in or certain features.

5. Third-Party Services

CVMark relies on subprocessors that process personal data on our behalf. Categories include secure hosting, database storage, payment and subscription handling, transactional email delivery, and third-party AI inference for features that use AI. When you connect mail, authorization may use your provider’s standard sign-in flow where available. Outbound mail uses standard encrypted mail transports; stored secrets are used only to perform sending you initiate and are not used to read unrelated mailbox content beyond what is operationally necessary. AI-assisted features may transmit submissions to external model providers under contractual safeguards; we do not sell personal data to data brokers. Instead of listing live vendor names on this page, you may request a high-level subprocessor summary through signed-in support channels.

6. Your Rights

You have the right to access your personal data at any time through your account settings. You can modify or correct your information directly in your profile. You can request a complete export of your data in a machine-readable format. You can delete your account and all associated data at any time through the account settings page — deletion is permanent and irreversible. You can opt out of marketing communications through your notification preferences.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data, resumes, campaigns, and associated records are permanently removed within 30 days. Anonymized, aggregated analytics data that cannot identify you may be retained indefinitely for platform improvement. System logs containing IP addresses are retained for 90 days for security purposes, then automatically deleted.

8. GDPR Compliance

CVMark complies with the General Data Protection Regulation (GDPR). You have the right to: access (Article 15), rectification (Article 16), erasure/right to be forgotten (Article 17), restriction of processing (Article 18), data portability (Article 20), and objection to processing (Article 21). For GDPR and data-protection requests, sign in and open a support thread from the dashboard (Help, bottom-right), or start from Help & Support (dashboard). See also Contact for where we provide support. If you believe your data rights have been violated, you have the right to lodge a complaint with your local supervisory authority.

9. Children's Privacy

CVMark is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we discover that a child under 16 has provided us with personal data, we will delete it immediately. If you believe a child has used our platform, please open a support thread from your signed-in dashboard (Help, bottom-right) or use Help & Support (dashboard) immediately.

10. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email to registered users at least 30 days before taking effect. Non-material changes will be posted on this page with an updated "Last updated" date. Continued use of the platform after changes take effect constitutes acceptance of the revised policy.

11. Contact Us

For privacy-related questions, data access requests, or GDPR concerns, sign in and use Help in your dashboard, or Help & Support (dashboard). More detail is on our Contact page. We aim to respond to all data-related requests within 30 days.