CV
CVBuilderLab
Back to Home

Privacy Policy (Datenschutzerklärung)

Last updated: March 2026

1. Introduction

We take the protection of your personal data very seriously. This privacy policy informs you about how we handle your personal data when you use our website and your rights under data protection law, in particular the General Data Protection Regulation (GDPR/DSGVO).

2. Data Controller

The controller responsible for data processing on this website is: CVBuilderLab Kapitän-Lehmann-Ring 28 28309 Bremen, Germany Email: hello@cvbuilderlab.com

3. Purpose of Data Processing

We process personal data for the following purposes: • Server log files: When you visit our website, our hosting provider (Vercel) automatically collects technical data such as your IP address, browser type, and access times. This data is used to ensure the security and stability of our website. • Account registration: When you register, we collect your name, email address, and password (stored in hashed form). If you sign in with Google OAuth, we receive your name, email, and profile picture from Google. • CV data: The data you enter in your CV (personal information, work experience, education, skills) is stored in our database solely to provide the CV building service. This data is only accessible to you. • Payment data: Payment processing is handled by Stripe and PayPal. We do not store your full credit card or PayPal account details. We only store transaction IDs, subscription type, and subscription status.

4. Data Sharing with Third Parties

We share personal data with the following third-party service providers only to the extent necessary to operate our service: • Stripe (USA) — Payment processing. EU Standard Contractual Clauses apply. • PayPal (Luxembourg/USA) — Payment processing. • Google (USA) — OAuth authentication. EU Standard Contractual Clauses apply. • Resend (USA) — Transactional email delivery (welcome emails, subscription confirmations, cancellation notices). • Vercel (USA) — Website hosting. A GDPR-compliant Data Processing Agreement (DPA) is in place.

5. Legal Basis for Processing

We process your personal data on the following legal bases under Art. 6 GDPR: • Consent (Art. 6(1)(a) GDPR): For optional cookies (analytics, marketing) and email communications. • Contract performance (Art. 6(1)(b) GDPR): For account registration, CV creation, and payment processing, as these are necessary to fulfill our contractual obligations. • Legal obligation (Art. 6(1)(c) GDPR): For retaining payment and invoice data as required by tax law. • Legitimate interest (Art. 6(1)(f) GDPR): For server log files and website security measures.

6. Data Retention Periods

We retain your data for the following periods: • Account data and CVs: Retained as long as your account is active. When you delete your account, all associated data is permanently removed. • Payment and invoice data: Retained for 10 years after the transaction in accordance with German tax law (§ 147 AO, § 14b UStG). • Server log files: Automatically deleted after 30 days. • Cookie consent data: Retained for 12 months.

7. Cookies

We use cookies on our website. You can manage your cookie preferences using our cookie consent banner. • Essential cookies: Required for basic website functionality such as session management and authentication. These cannot be disabled. • Analytics cookies: Help us understand how visitors use our website. Only activated with your consent. • Marketing cookies: Used to deliver relevant advertisements. Only activated with your consent. You can change your cookie preferences at any time via the "Cookie Settings" link in the footer.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data: • All data is transmitted via SSL/TLS encryption (HTTPS). • Passwords are stored using industry-standard hashing algorithms. • Access to personal data is restricted to authorized personnel only. • Our hosting provider maintains SOC 2 compliance and regularly audits security practices.

9. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights: • Right of access to your personal data (Art. 15 GDPR) • Right to rectification of inaccurate data (Art. 16 GDPR) • Right to erasure / "right to be forgotten" (Art. 17 GDPR) • Right to restriction of processing (Art. 18 GDPR) • Right to data portability (Art. 20 GDPR) • Right to object to processing (Art. 21 GDPR) • Right to withdraw consent at any time (Art. 7(3) GDPR) To exercise any of these rights, please contact us via our contact form. You also have the right to lodge a complaint with a supervisory authority. The competent authority for our location is: Die Landesbeauftragte für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen