1. Introduction

CVJinny, operated by Danu AI Solutions ("Company", "Owner", "we", "us"), respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal and non-personal information when you use our AI CV, cover-letter, and Statement of Purpose (SOP) generation service ("Service"). By using the Service, you consent to the practices described herein and you expressly agree to the Owner's Universal Reservation of Rights as set out in Terms of Service section 1.1, the Authorized-Use License in section 1.2, the Benefits Reservation in section 1.3, the Dynamic Pricing & FX clause in section 1.4, and the Comprehensive Owner Protections in section 18, all of which are incorporated into this Privacy Policy by reference.

1.1 Reservation of Rights — Privacy Practices

The Owner reserves the absolute and exclusive right, at any time, with or without prior notice, in its sole discretion, and without liability, to amend, supplement, restructure, or replace this Privacy Policy; to add, change, remove, or substitute sub-processors, vendors, AI providers, payment processors, hosting locations, or analytics tools; to introduce or remove data-collection mechanisms; to expand or narrow the categories of data we collect, retain, derive, or share; and to add, change, or discontinue any privacy-related feature, control, dashboard, export, or opt-out, partially or fully. The Owner shall also have the absolute right to refuse, restrict, or terminate any data-subject request that is manifestly unfounded, excessive, abusive, or in conflict with the Owner's legitimate interests, statutory obligations, or other users' rights, to the maximum extent permitted by applicable law. Where applicable law requires notice or consent for a specific change, we will provide the legally-required minimum; otherwise the modified version is effective upon posting. The exercise of any right under this section does not entitle you to any refund, credit-back, pro-rated reimbursement, alternative compensation, or service credit of any kind; the Owner's No-Refund Policy at /refund-policy applies in full and without exception.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, phone number (optional, for WhatsApp delivery of share links), password (hashed by Supabase Auth — never stored in plaintext), country and preferred locale.
CV / Cover Letter / SOP Inputs: The professional content you provide for generation — full name, contact details, work history (employers, titles, dates, locations, responsibilities, achievements), education, skills, languages spoken, certifications, projects, publications, and any other section you choose to include. For the "Transform Old CV" flow this also includes the original CV file you upload (PDF, DOCX, or image).
Free-Form Instructions: Optional text you supply to steer generation (e.g., "emphasise data-science experience", "target a Gulf migration audience"). Sanitised before reaching the AI model and stored only for the duration of the draft.
Passport-Style Photo (Optional): If your target country's recruiter convention permits or expects a CV photo (e.g., DE, FR, JP, GCC), you may upload a passport-style headshot. The renderer suppresses this for countries whose rules forbid it (US, UK, CA, AU and similar).
Target Audience Inputs: Target country, target industry, target role / programme, target language, document purpose (job application, scholarship, visa migration, academic admission, etc.), and a paste of the job description or programme brief if you choose to provide one.
Billing Information: Processed and stored by Razorpay (our payment processor). We never see or store your full card number or UPI PIN. We retain only the transaction reference, plan slug, amount, GST line items, and (for India invoicing) the GSTIN you optionally supply for B2B input-credit eligibility.
Agency / BYOK Inputs (Agency-Tier Only): If you operate CVJinny on the agency plan with Bring-Your-Own-Key (BYOK) routing, you may supply your own Gemini / OpenAI / Anthropic API key. BYOK keys are encrypted at rest with AES-256-GCM (per-user envelope) and never logged.
Support & Feedback: The content of support emails, chatbot conversations, NPS responses, and any feedback you voluntarily submit.

2.2 Information Collected Automatically

Usage Data: Pages visited, generations triggered, templates selected, features used, timestamps. Used to size capacity, compute usage-based limits, and improve the product.
Device & Browser Information: Browser type, operating system, screen size, language preference, IP address. The IP is hashed for fraud detection and country-pricing enforcement (see 2.3); the raw IP is purged after the request completes.
Country & Locale Detection: We detect your country from your IP at request time so we can show prices in your local currency and apply your country's CV conventions. The detected country and a tamper-resistant signature are written to a cookie so a single visitor sees consistent pricing across pages. See section 7.
Device Fingerprint: A non-precise, cookie-less device signature (browser + OS + screen + a hash of stable browser features) used only for fraud detection (e.g., blocking a fraudster from creating ten free-trial accounts on the same device). We never sell, share, or use the fingerprint for advertising or cross-site tracking.
Application Logs & Error Tracking: Anonymised error reports (no CV content, no PII) sent to Sentry. Used to find and fix bugs.
Analytics: Aggregated, pseudonymised product analytics (Google Analytics 4 with IP anonymisation). No advertising audiences, no cross-site tracking, no retargeting.

2.3 What We Do Not Collect

CVJinny is a career-document tool, not a social-media or relationship-mapping product. We do not request, collect, or use: your social-media accounts or OAuth tokens for posting; your contacts list or address book; your private messages or DMs on any platform; your precise geolocation (we use IP-level country resolution only); biometric data; political opinions, religious beliefs, sexual orientation, race, or health information (you choose what goes in your CV; we don't derive sensitive attributes from it for any purpose).

3. How We Use Your Information

Service delivery: Parse your input, run the AI generation pipeline (Stages A → I covering parsing, generation, humanisation, ATS scoring, editorial QA, compliance check, and PDF rendering), and deliver the final watermarked PDF to your library.
Recruiter share links: When you create a share link, generate a tamper-resistant URL and, if you opt-in, send it to the recruiter via email or WhatsApp on your behalf. Record view / download / print activity on the link so you can see whether it's been opened.
Country-tuned output: Apply your target country's rule set (forbidden fields, date / number formats, photo convention, length, sector tone) so the output is recruiter-appropriate.
Billing & entitlements: Process payments via Razorpay, issue GST-compliant tax invoices (mandatory for the India market under GST Act 2017), maintain credit pools, enforce plan limits.
Transactional communications: Send receipts, share-link delivery confirmations, trial-ending notices, plan-renewal reminders, security alerts, and policy-change notices.
Fraud, abuse & security: Detect duplicate free-trial signups, automated scraping, prompt-injection attempts, payment fraud, and credential-stuffing attacks. Block accordingly.
Country-rules research & quality: Continuously improve the per-country rule set, recruiter-vocab corpus, and few-shot examples that drive AI quality. None of your personal CV content is used for this research.
Legal compliance: Meet our obligations under the GST Act, DPDP Act 2023 (India), GDPR (EU), CCPA / CPRA (California), LGPD (Brazil), UK GDPR, PIPEDA (Canada), Privacy Act (Australia), PIPL (China), KVKK (Turkey), PDPA (Singapore/Thailand), and any other privacy law that applies to your data.

4. Data Retention

We operate on a pipeline-with-library model — temporary data is purged aggressively; the documents you generate are kept in your library until you delete them or your account closes:

Uploaded source files (Transform-Old-CV flow): processed in memory only and zeroed after parsing. Never written to disk.
Wizard drafts (Redis): 7-day TTL; auto-purged. Includes any free-form "transform instructions".
Generated CV / cover-letter / SOP PDFs (Cloudflare R2): retained in your library while your account is active. You may delete any output from /cvjinny/library at any time — the R2 object is removed within 7 days.
AtomicFacts & generation metadata: retained alongside the output so re-renders / template swaps are possible; deleted with the output.
Recruiter share-link activity logs (view, download, print, geolocation country only): 90 days, then aggregated and the per-event rows purged.
Profile / account data: retained while account is active; deleted within 30 days of account deletion (see section 8.1).
Application / security logs: 365 days. May be longer for entries flagged as part of an active fraud or abuse investigation.
Tax invoices & payment records: retained 7 years as required by the Indian GST Act 2017 (and equivalent statutes in other jurisdictions where you transact). On account deletion these records are pseudonymised — your name and email are unlinked from the transaction; the GSTIN, amount, date, and SAC code remain for statutory compliance.
Anonymised aggregate analytics: indefinite (no personal data).

4a. Aggregate, De-identified Analytics & Permitted Business Uses

We process de-identified or aggregate non-personal data derived from your use of the Service — that is, statistical signals stripped of identifiers and combined across many users — to operate, secure, improve, and report on the Service. This is not a blanket licence over your personal data; it is the narrower processing necessary to run a SaaS business under the legal bases listed below. Specifically:

Service operation & security (legitimate interest under GDPR Art. 6(1)(f); legal obligation under GDPR Art. 6(1)(c) where applicable): capacity planning, abuse detection, anti-fraud, infrastructure cost allocation, vendor-performance evaluation, audit-log retention required by GST / tax law.
Product analytics & A/B testing (legitimate interest, pseudonymised at minimum): feature-usage telemetry, conversion-funnel analytics, churn / retention modelling. Identified analytics requires your separate consent via the cookie banner and can be withdrawn at any time.
Aggregate market-research outputs: country / industry / purpose distribution reports, benchmark dashboards, anonymised statistics. These outputs contain no personal data and cannot be re-identified.
Financial reporting (legitimate interest + legal obligation): revenue analytics, cohort & LTV modelling, GST / tax reporting, investor reporting, M&A due-diligence packs — limited to the financial and operational metrics necessary for those purposes.
AI quality improvement: only on aggregated, de-identified usage signals. We do NOT use your CV / cover-letter / SOP content to train, fine-tune, or evaluate any foundation model. The Gemini API processes your content under the no-training terms documented at /ai-training.

Your rights under GDPR, UK DPA 2018, DPDP 2023, LGPD, CCPA/CPRA and equivalent regimes are not waived by this section. You retain the right to access, rectify, erase, restrict processing, port your data, object to processing based on legitimate interest, and withdraw any consent you previously gave — exercise these via /cvjinny/account/privacy or by writing to [email protected]. Where applicable law classifies any of the above activities as a "sale", "share", or cross-context behavioural advertising (CCPA/CPRA specifically), you may opt out via the same channel — opting out does not affect our use of fully aggregated and de-identified data that cannot be linked to you.

Sharing of personal data with unaffiliated third parties for their own independent commercial purposes only happens where: (i) you have given separate, specific, lawful consent in your jurisdiction; (ii) the disclosure is required by law (e.g., fraud prevention, legal process, statutory tax retention, vital interest); or (iii) the disclosure is part of a corporate transaction (merger, acquisition, financing, or asset sale), in which case the recipient is bound by this Privacy Policy or an equivalent successor. Sub-processors are listed in section 5 below and at /sub-processors; each is bound by a written Data Processing Agreement.

5. Data Sharing & Sub-Processors

We do NOT sell your personal CV content and we do NOT use it to train foundation AI models. We share data only with vetted sub-processors under a Data Processing Agreement. The full, versioned list — with location, purpose, and transfer mechanism — is published at /sub-processors. The active sub-processors as of the date above are:

Google (Gemini API): AI generation, parsing, OCR, transcription, embedding. Processes your CV / cover-letter / SOP content under the Gemini API no-training terms — see /ai-training for the exact provider guarantee.
Cloudflare R2: Object storage for generated PDFs and (optionally) the passport-style photo you upload.
Supabase: Database, authentication, row-level security. Hosted in the Frankfurt region for proximity to EU users; cross-border transfer to / from India for owner-side operations is covered by the SCCs.
Upstash Redis: Short-lived wizard drafts, rate-limit counters, AI response cache.
Razorpay: Payments, GST invoicing, UPI / card / NetBanking / wallet acceptance. RBI-licensed; PCI DSS Level 1.
Resend: Transactional email (receipts, share-link delivery, trial-end notices).
MSG91: WhatsApp template messages and OTP / SMS delivery, primarily for India and GCC users who select WhatsApp delivery of share links.
Hostinger (KVM VPS) + Coolify: Application hosting on a dedicated Hostinger VPS. Standard Node.js runtime behind Traefik with Let's Encrypt TLS. The current region is listed at /sub-processors.
Sentry: Error tracking (no CV content or PII transmitted).
Law enforcement: Disclosure only when required by valid legal process, court order, or to protect safety.

For EU / UK / Swiss data subjects, cross-border transfers rely on the European Commission Standard Contractual Clauses (SCCs, 2021/914) and the UK IDTA, as detailed in our Data Processing Addendum. Enterprise / agency customers may request a countersigned DPA at [email protected].

5a. Retention Schedule

Data Category	Retention
Uploaded source files (Transform flow)	In-memory only; zeroed after parse
Wizard drafts (Redis)	7 days TTL
AI cache (Redis)	24 hours TTL
Generated PDFs (R2)	Life of account — user-deletable any time
AtomicFacts & generation metadata	Tied to the PDF — deleted together
Recruiter share-link activity	90 days raw, then aggregated
Application / security logs	365 days (longer if part of an investigation)
Account profile	Life of account + 30 days
Tax invoices & payment records	7 years (statutory — Indian GST Act 2017 + equivalent)
Anonymized aggregate analytics	Indefinite (no personal data)

When you create a share link from /cvjinny/library, the share-recipient (typically a recruiter or admissions committee) can view and download a watermarked PDF copy of the selected CV / cover letter / SOP via a tamper-resistant URL. The recipient does not need a CVJinny account.

What the recipient sees: the rendered PDF, the name on the document, and (optionally) a one-line cover note you write.
What we record per share link: creation timestamp, view / download / print events, the country resolved from the recipient's IP (no precise location, no raw IP retained beyond the request), expiry date you set, and a forensic per-link fingerprint embedded in the PDF.
Recipient identification: we do not require recipients to log in. If you supply a recipient email or phone for delivery, we forward the link via Resend / MSG91 and discard the contact value once delivery confirms.
Expiry & revocation: you may revoke any share link at any time from your library. Revoked links return a 410 to the recipient and the activity history is preserved for 90 days then aggregated.
No identified-form profiling: we never use recipient-side data for cross-recipient advertising or audience-building. Aggregated "X recruiters in country Y opened a share link in industry Z" metrics are produced in de-identified form only.

5c. AI Providers & Limited-Use Disclosure

CVJinny's AI pipeline is driven primarily by Google's Gemini API (with provider-routing to OpenAI / Anthropic available on the agency tier under BYOK). Our use and transfer of information sent to and received from these APIs adheres to the respective provider's data-processing terms:

We use AI-provider data only to generate the CV / cover letter / SOP / ATS score / interview-prep questions / humanise rewrite / OCR text the user has explicitly requested.
We do not use AI-provider data for advertising, lookalike-audience building, ML model training of our own, or transfer to data brokers.
We do not allow humans to read AI inputs or outputs except (a) with the user's affirmative prior consent for specific data; (b) where necessary to investigate a security or abuse incident; (c) where required to comply with applicable law; or (d) where the data has been aggregated and de-identified.
Provider-side retention: Google's Gemini API is configured under the no-training / zero-retention terms applicable to paid-tier API usage. Detailed per-provider commitments live at /ai-training.
BYOK (agency-tier only): if you supply your own API key, your data is sent to the provider you nominated under your agreement with that provider. CVJinny operates as a pass-through; your BYOK key is encrypted at rest and never logged.

6. Data Security

We implement industry-standard security measures:

BYOK API keys encrypted at rest with AES-256-GCM (per-user envelope).
R2 backup snapshots: sensitive columns (e.g., the value field of administrator-managed API secrets) encrypted at rest inside the backup file with AES-256-GCM, so a compromised R2 access token does not leak production keys.
Country-cookie signing: the country cookie used for geo-pricing is signed with HMAC-SHA256 against the request IP so it cannot be forged by editing it in DevTools.
Approval / preview tokens signed with HMAC-SHA256.
Passwords hashed by Supabase Auth (bcrypt) — never seen by us in plaintext.
All data transmitted over TLS 1.3.
Row-level security (RLS) on every Supabase table; service-role bypass restricted to server-only code paths.
Free-form user instructions are sanitised (HTML strip, role-reset pattern strip, length cap, structured-delimiter wrap) before they reach the AI model — defence against prompt injection.
Uploaded files are scanned for malware / oversized payloads / mismatched MIME before processing.
Rate limiting on every API endpoint; CORS restricted to our domain.

7. Cookies & Tracking

We use a small set of strictly-necessary cookies. We do not use advertising cookies, tracking pixels, third-party advertising audiences, or cross-site behavioural advertising.

Authentication / session (Supabase Auth) — keeps you signed in.
CSRF token — protects against cross-site request forgery on state-changing endpoints.
country / country_sig — caches your detected country and a tamper-resistant HMAC signature so the same visitor sees consistent pricing across pages.
country_ip_hash — a non-cryptographic mixer of your IP (not the raw IP) used to bind the country signature to your current request.
locale — your preferred UI language.
cookie-consent banner state — remembers your consent choice.
analytics (only if you consent in jurisdictions requiring opt-in) — Google Analytics 4 with IP anonymisation. Aggregated, no advertising audiences.

Full disclosures at /cookie-policy.

7a. Data Breach Notification

We maintain a 24×7 incident response program. In the event of a personal data breach that poses a risk to the rights and freedoms of data subjects, we will notify the relevant supervisory authority within 72 hours of becoming aware (GDPR Art. 33; equivalent timeframes under DPDP / LGPD / PIPEDA) and affected users without undue delay. Process details and contact channels live at /incident-response.

7b. AI Training & Model Usage

Your CV / cover-letter / SOP content, target inputs, and generated outputs are never used by CVJinny to train, fine-tune, or evaluate foundation models. The upstream AI provider (Google Gemini, and optionally OpenAI / Anthropic under BYOK) is configured under its no-training enterprise / API terms. See /ai-training for the per-provider guarantee.

8. Your Rights

Depending on your jurisdiction (GDPR / UK GDPR, CCPA / CPRA, LGPD, PIPEDA, India DPDP Act 2023, Privacy Act 1988 (AU), PIPL, KVKK, PDPA, and others), you may have the right to:

Access: Request a copy of your personal data in a structured, commonly-used machine-readable format (JSON export available from /cvjinny/account).
Correction: Request correction of inaccurate data (you can edit profile fields directly in /cvjinny/account).
Deletion ("right to be forgotten"): Delete your account and associated personal data — see section 8.1 below.
Portability: Receive your CVs, cover letters, SOPs, and account data in a structured format you can transfer to another controller.
Objection / Restriction: Object to or restrict specific processing.
Withdrawal of consent: Withdraw any consent you previously gave, at any time, with no detriment to other rights.
No automated decision-making: See section 10a — we do not subject you to solely-automated decisions with legal or similarly-significant effect.
California residents (CCPA / CPRA): Right to know, right to delete, right to correct, right to limit sensitive-PI processing, right to opt-out of sale / share / cross-context behavioural advertising — we do not sell or share your personal data and we do not engage in cross-context behavioural advertising; the opt-out is available at [email protected] regardless.
EU / UK / Swiss residents: Right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, your DPA in the EU / EEA, FDPIC in Switzerland).
India residents (DPDP Act 2023): Right to access, correction, erasure, grievance redressal, and nomination of a representative — submit via [email protected]; the Owner (Danu AI Solutions) is the Data Fiduciary.
Brazil residents (LGPD): Rights of access, correction, anonymisation, blocking, deletion, portability, information about sharing, withdrawal of consent, and review of automated decisions.

To exercise these rights, contact us at [email protected]. We respond within 30 days (extendable by 60 days for complex requests, with notification). Identity verification may be required to prevent unauthorized disclosure.

8.1 How to Delete Your Data — Step-by-Step

You have multiple paths to delete data from CVJinny depending on what you want to remove:

Delete a single CV / cover letter / SOP from your library: Open /cvjinny/library → select the document → "Delete". The R2 object and database row are hard-deleted within 7 days; any active recruiter share links pointing at the document return 410.
Revoke a recruiter share link: Open the document in your library → "Share links" tab → "Revoke". The link returns 410 immediately; activity history is retained for 90 days.
Remove your passport-style photo: Profile → "Photo" → "Remove". The R2 object is deleted within 7 days; future renders fall back to no-photo layout.
Delete your entire CVJinny account & all data: Visit /cvjinny/account → "Account" section → "Delete account". We hard-delete all profile data, generated documents, share links, drafts, and BYOK keys within 30 days. Financial & tax records are pseudonymised (your name and email are unlinked from the transaction) and retained for the statutory minimum (7 years for Indian GST and equivalent regimes) — they cannot be deleted without breaching tax law.
Email-based deletion (no login required): Email [email protected] from the address on your account with subject line "Delete my data". We verify identity, then proceed with deletion within 30 days. Plain-English instructions are duplicated at /privacy/data-deletion.

9. Children's Privacy

CVJinny is a career-document tool intended for working-age professionals. The Service is not intended for, and may not be used by, anyone under 18 years of age, except in jurisdictions where the lawful minimum is younger and the user has obtained verifiable parental consent. We do not knowingly collect, store, or process personal information from children under 13 (USA — COPPA), under 16 (EU — GDPR Art. 8 default), or under any other applicable jurisdiction's minimum digital-age threshold. If we become aware that we have collected personal information from a child below the applicable age, we will delete that information from our records as quickly as feasible (typically within 7 days). Parents or legal guardians who believe a minor has provided personal information to CVJinny may contact us at [email protected] to request immediate deletion.

10. International Data Transfers

Your data may be processed in the European Union (Supabase Frankfurt, and the Hostinger VPS region listed in /sub-processors), India (Razorpay payment processing, Owner-side operations), the United States (Cloudflare R2 global edges, Sentry, Google Gemini regional endpoints), and other jurisdictions where our sub-processors operate. For transfers out of the EEA, UK, or Switzerland we rely on the European Commission Standard Contractual Clauses (Module Two, 2021/914), the UK International Data Transfer Addendum, and — where applicable — Adequacy Decisions. For transfers into India under the DPDP Act 2023 we operate as the Data Fiduciary. See the DPA and sub-processor list for per-vendor transfer mechanisms.

10a. Automated Decision-Making

We do not use your personal data for solely-automated decisions producing legal or similarly-significant effects on you (GDPR Art. 22). AI generation, ATS scoring, and humanise rewriting are tools that assist you — the output is yours to accept, edit, or discard. Abuse-detection signals are reviewable by a human on request before any account-level action is taken.

11. Changes to This Policy

We may update, supplement, restructure, or replace this Privacy Policy at any time, in our sole and absolute discretion. The effective date of any modification depends on the materiality of the change:

Material changes — new processing purposes, the addition of a new sub-processor with access to personal data, an expansion of the data categories we collect, a change to retention periods, or any change that affects the lawful basis for processing — take effect 30 days after we notify registered users by email at the address on file. This 30-day window satisfies GDPR Art. 13(3), DPDP Act 2023, LGPD Art. 9 §2, and equivalent transparency obligations in other jurisdictions.
Non-material clarifications — typo fixes, link updates, vendor-name spelling, formatting changes, and clarifications that do not change the substance of how data is processed — take effect upon posting.
Legally-required changes — when a regulator, statute, court order, or binding self-regulatory obligation requires an earlier effective date, we follow the legal requirement.

While we will endeavor to notify registered users of material changes via email, failure or delay in providing such notice does not invalidate the modification, nor does it give rise to any claim, refund, or right to compensation beyond your right to discontinue use during the 30-day window. Continued use after the effective date constitutes your full and unconditional acceptance.

12. Contact

For privacy inquiries: [email protected]
Data Fiduciary (DPDP Act 2023): Danu AI Solutions — registered office details available at /contact.
Grievance Officer (DPDP / India): contactable at the same address.
EU Representative (Art. 27 GDPR), if applicable: published at /sub-processors when required.

Product

Company

Legal

Trust