🎯 CVs Analyzer

Privacy Policy

Last updated: April 2026

1. Who We Are

CVs Analyzer ("we", "us", "our") is an AI-powered CV tailoring service. This Privacy Policy explains what personal data we collect, why we collect it, and your rights regarding that data.

For privacy enquiries, please submit a support inquiry using the category "GDPR Request".

2. Data We Collect

Account data

  • Email address β€” used for account authentication, password reset, and service notifications.
  • Password β€” stored as a one-way bcrypt hash. We never store your plain-text password.
  • Account metadata β€” registration date, last login, role, token balance, and preferences.

Document data (CV & job descriptions)

  • Your CV (extracted text) and the job description you paste are stored temporarily, encrypted with AES-256-GCM, and used solely to perform the requested analysis and CV rewrite.
  • This data is automatically and permanently deleted after your configured retention period (default: 1 hour after job completion). You cannot recover it after deletion.

Analysis results (ATS scores & keywords)

  • ATS scores, matched keywords, and missing keywords are stored encrypted in your account history and retained indefinitely unless you delete the job manually.
  • Job category selection (if you selected one from the keyword library) is stored with your job record.

Rewritten CV & PDFs

  • If you use the CV Rewrite feature, the rewritten CV data (in JSON format) is stored encrypted in your account and retained indefinitely unless you delete the job.
  • The PDF file (generated from the rewritten CV) is stored encrypted with a unique token and retained indefinitely unless you delete the job.
  • The PDF is not shared with any third parties and is only accessible via your unique job token.

Candidate name

  • Your name (as extracted from your CV) is stored encrypted with your job record and retained indefinitely unless you delete the job.

Usage & technical data

  • API call logs (Claude model used, input token count, output token count, timestamps) β€” retained indefinitely for billing, token accounting, and service improvement.
  • Analysis metadata (analysis method chosen: Regex or AI, ATS scores generated) β€” retained indefinitely with your job history.
  • Login attempt records β€” retained for up to 1 hour for brute-force protection.
  • IP address β€” used for session binding and security; stored in access logs per standard server policy.

Support data

  • Messages you send through the support system are stored until the inquiry is resolved and then retained for a reasonable period for dispute resolution purposes.

3. Legal Basis for Processing

  • Contract performance β€” processing your CV and delivering analysis results (ATS scores, keywords) is necessary to provide the Service you requested.
  • Legitimate interests β€” security logging, abuse prevention, token usage tracking for billing, and service improvement.
  • Consent β€” for Anthropic AI processing specifically (see Section 4). This consent is required only if you choose to use the AI Analysis or CV Rewrite features. You may withdraw this consent at any time from your Account settings, which will prevent future AI jobs. Regex Quick Check does not require this consent.

4. Anthropic AI Processing

ATS Analysis Methods

We offer two ATS analysis methods:

  • Regex Quick Check (Free): Keyword extraction using pattern matching. No API call, no third-party processing. Results are instant and free.
  • AI Analysis (1 token): Uses Anthropic's Claude API for deeper semantic understanding. Your CV and job description are sent to Anthropic's servers (see below).

AI ATS Analysis Processing

When you choose the AI Analysis method, we send your CV text and job description to Anthropic's API (Claude models) to analyze keyword matches and generate an ATS score. This means your document content is transmitted to and processed by Anthropic's servers.

What is sent: Extracted CV text and job description text only. No other personal data (email, name, account info) is included in the API request.

What is returned: Matched keywords, missing keywords, and ATS score. This data is stored in your account indefinitely (see Section 2).

Anthropic's data handling: Anthropic does not use API inputs to train their models by default. For full details, see Anthropic's Privacy Policy and their Usage Policy.

CV Rewrite Processing

When you request a CV Rewrite, we send your CV text, job description, and the matched keywords (from the ATS analysis) to Anthropic's Claude API. Claude reorders and reframes your existing skills to improve keyword visibility and presentation.

What is sent: CV text, job description, and matched keywords. The rewrite does not add skills you don't haveβ€”it only optimizes the presentation of skills you already possess.

What is returned: A rewritten CV in structured JSON format, which we store as encrypted data in your account indefinitely (see Section 2).

Important: The CV Rewrite feature is an enhancement and does not change your ATS score. The original AI ATS score remains the definitive measure of your job fit.

Consent for Anthropic Processing

You must actively consent to Anthropic AI processing during registration. This consent applies to both AI ATS Analysis and CV Rewrite features. You can withdraw your consent at any time under Account > Consent Management. Withdrawing consent means:

  • You will no longer be able to submit new AI analysis jobs.
  • You will no longer be able to request CV rewrites.
  • Previously generated analyses and rewrites remain in your account (withdrawal does not delete past data).

5. Data Retention

Automatically Deleted

  • CV text and job description β€” automatically deleted after your configured retention period (default: 1 hour after job completion). Once deleted, this data cannot be recovered.

Retained Indefinitely (Unless You Delete the Job)

  • ATS scores, matched keywords, missing keywords β€” retained in your job history indefinitely.
  • Rewritten CV data (JSON) β€” if you requested a CV Rewrite, the structured CV data is retained indefinitely.
  • PDF files β€” if you requested a CV Rewrite, the encrypted PDF is retained indefinitely.
  • Candidate name β€” as extracted from your CV, retained indefinitely with your job record.
  • Job metadata β€” job title, company name, job category selection, job status, timestamps, and analysis method used β€” all retained indefinitely.
  • Token usage logs β€” input token count and output token count per API call are retained indefinitely for billing and service improvement.

Manual Deletion

You can delete any job from your dashboard at any time. Deleting a job permanently removes all associated data: ATS scores, keywords, rewritten CV data, and PDF files. This action cannot be undone.

Account Deletion

  • Account data (email, password hash, preferences) β€” deleted when you delete your account.
  • All job history (ATS scores, CVs, PDFs, results) β€” deleted when you delete your account.
  • Consent audit trail β€” retained permanently for legal compliance, but anonymised upon account deletion.
  • Support inquiries β€” deleted upon account deletion.

6. Third Parties

Third-party access to your data depends on the analysis method you choose:

  • Regex Quick Check (Free): No third-party access. Your CV and job description are processed locally and never sent to external services.
  • AI Analysis (1 token): Your CV and job description are sent to Anthropic's API (see Section 4). This is the only third party that receives your document content.
  • CV Rewrite (1 token): Your CV, job description, and matched keywords are sent to Anthropic's API (see Section 4).

We do not sell, rent, or share your personal data with any other third parties for marketing or commercial purposes.

Standard infrastructure providers (hosting, email delivery) process data on our behalf under their own data protection terms, with access limited to what is technically necessary.

7. Security

We apply the following technical measures to protect your data:

  • Encryption at rest: All sensitive data stored in our database (CV text, job descriptions, analysis results, candidate names, rewritten CV data, PDF files) are encrypted using AES-256-GCM.
  • Passwords: Hashed using bcrypt with salt. We never store plain-text passwords.
  • Sessions: Protected with IP binding, HTTP-only and SameSite cookies, automatic expiry, and CSRF tokens.
  • Data in transit: All communication between your browser and our servers is protected by HTTPS/TLS.
  • API requests: Requests to Anthropic's API are encrypted in transit and include no extraneous data (email, account info, tokens, etc.).
  • Access control: Admin functions require separate authentication and role-based access control. Data access is logged.

8. Your Rights (GDPR)

If you are located in the EEA or UK, you have the following rights:

  • Right of access β€” request a copy of the personal data we hold about you, including job history, ATS scores, and API usage logs.
  • Right to rectification β€” request correction of inaccurate data (e.g., candidate name).
  • Right to erasure β€” delete individual jobs at any time from your dashboard. Delete your entire account from Account settings; this permanently erases all your personal data, job history, and API logs.
  • Right to data portability β€” request your data in a machine-readable format (job history, ATS scores, rewritten CVs, token usage).
  • Right to object β€” object to processing of API logs and token usage tracking based on legitimate interests.
  • Right to withdraw consent β€” withdraw your Anthropic AI processing consent at any time under Account > Consent Management. This prevents future AI Analysis and Rewrite requests, but does not delete previously generated analyses and rewrites. You can still use Regex Quick Check (free) which requires no consent.

To exercise any of these rights, submit a GDPR Request through our support system.

9. Session Cookie

We use a single session cookie (PHPSESSID) to keep you logged in during your visit. This is a strictly necessary cookie β€” the Service cannot function without it. It is not used for tracking or advertising and is deleted when you close your browser or log out. No consent is required for strictly necessary cookies under applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or to exercise your rights, please submit a support inquiry and select "GDPR Request" as the category.