FitMyCVPrivacy Policy
Last updated: February 10, 2025
1. Data Controller
Codeglyph publishes the FitMyCV.io website and, in this capacity, collects and processes personal data about you.
2. Minimum Age
FitMyCV.io is intended for individuals aged 16 and over. By using this service, you confirm that you meet the age requirement.
3. Your Rights
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Access : view the personal data we hold about you
- Rectification : correct inaccurate or incomplete data
- Erasure : request the deletion of your data ("right to be forgotten")
- Restriction : restrict the processing of your data
- Portability : receive your data in a structured format
- Objection : object to processing on legitimate grounds
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
In the event of a dispute, you may file a complaint with the CNIL (French Data Protection Authority).
4. Data Collected
4.1 Identification Data
- Name, email address, password (encrypted)
- Profile picture (if signed in via Google, Apple, or GitHub)
4.2 Resume Data
- Professional information: experience, education, skills
- Contact details: phone, address, professional links
- Imported documents (PDF): not retained, transmitted to OpenAI for extraction then immediately deleted
- Version history of your resumes
- All resume data is encrypted at rest
4.3 Browsing Data
- IP address, browser type
- Pages visited, session data
4.4 Payment Data
- Subscription and transaction history
- No banking data stored (managed exclusively by Stripe)
4.5 Usage Data
- Usage events (resume creation, imports, generations)
- AI call performance metrics
- Error logs for diagnostics
5. Purposes and Legal Bases
| Purpose | Legal Basis |
|---|---|
| Service provision (resume creation and generation) | Performance of contract |
| Payment and subscription management | Performance of contract |
| Service improvement, bug fixing | Legitimate interest |
| Security and abuse prevention | Legitimate interest |
| Retention of billing data | Legal obligation |
6. Retention Periods
| Data Type | Duration |
|---|---|
| Active account | As long as the account exists |
| Deleted account | Immediate deletion |
| Inactive account | 3 years after last login (30-day notice before deletion) |
| Billing data | 5 years (legal obligation) |
| Email logs | 12 months |
7. Hosting
Data is hosted in France.
8. Third-Party AI Providers
FitMyCV.io uses artificial intelligence to generate and optimize your resumes. Your resume data (experience, skills, education) is transmitted to:
- OpenAI (United States)
OpenAI states that data transmitted via its API is not used to train its models.
Automated Decisions
AI is used to calculate resume-job match scores, classify your skills, and suggest improvements. These processes are decision-support tools: you retain full control over the final content of your resumes.
9. Payment Processing
Payments are processed by Stripe Payments Europe, Ltd. (Ireland). FitMyCV.io never stores complete credit card numbers.
10. Email Communications
Transactional emails (verification, password reset, confirmations) are sent via Resend.
11. Cookies
FitMyCV.io uses essential cookies required for the site to function (session, authentication, anti-spam protection). No advertising cookies are used.
12. Security
We implement the following measures to protect your data:
- HTTPS communication (SSL/TLS)
- Encrypted passwords (bcrypt)
- Resumes and personal data encrypted at rest (AES-256)
- CSRF protection and secure cookies
- Anti-spam protection via Google reCAPTCHA v3
reCAPTCHA collects technical data (IP address, cookies, browsing behavior) to distinguish humans from bots. Google's Privacy Policy and Terms of Service apply.
13. Browser Extension
FitMyCV offers a browser extension for Chrome, Edge, Brave, and Firefox that allows you to capture job offers directly from job boards.
13.1 Data Collected by the Extension
- URLs of job offers you choose to capture
- Text content of job offers (title, description, location) extracted from the visited page
- Authentication token stored locally in the browser to maintain your session
13.2 How It Works
- The extension does not collect any data outside of job offer pages where you actively click the "FitMyCV +" button
- Extracted content is transmitted to our servers solely for CV generation and is processed in the same way as offers submitted through the website
- Captured offers are temporarily stored in the browser's local storage until they are sent
- No browsing history is collected or transmitted
13.3 Permissions
The extension requires the following permissions: active tab access (to detect job offers), local storage (to save your offers and preferences), cookies (for authentication with your FitMyCV account).
14. International Transfers
Some data may be transferred outside the European Union (OpenAI, Resend in the United States). These transfers are governed by Standard Contractual Clauses approved by the European Commission.
15. Modifications
This policy may be modified at any time. Changes will be published on this page with the update date. In the event of a substantial modification, you will be notified by email.