GetCV

Powered by DeCompliance · AI GRC Intelligence
← Back to GetCV
Legal

Privacy Policy

Last updated: July 2026

01 Who We Are

GetCV is an AI-powered resume builder operated by DeCompliance ("we", "us", "our") from the United Kingdom. GetCV is a product of DeCompliance, an independent AI Governance, Risk & Compliance initiative published at decompliance.uk. The data controller for personal data processed through GetCV is Darshan Krishnappa, Founder of DeCompliance.

02 What Data We Collect

When you use GetCV, we collect and process:

Account data

  • Your name (if provided during signup)
  • Your email address
  • A cryptographically hashed version of your password (we never store or see your actual password)
  • Account creation and last-login timestamps

Resume content you provide

  • Contents of resume files you upload (typically containing your name, contact details, work history, education, skills, and any other information you choose to include)
  • Text you type directly into the builder (summaries, bullet points, skills, and similar)
  • Resumes you choose to save to your account
  • Templates and preferences you select

Technical data

  • A session cookie to keep you signed in (essential — the app cannot function without this)
  • Basic request logs (IP address, timestamp, request path) for security, rate limiting, and debugging

We do not collect payment information at this time. We do not collect sensitive categories of personal data (health, religious beliefs, biometric data, and so on). GetCV is not intended for children under 16 and we do not knowingly collect their data.

03 How We Use Your Data

We use your data solely to:

  • Operate the GetCV service — parse your uploaded resume, populate the builder, generate previews, produce downloads
  • Save your resumes and preferences to your account so you can return to them
  • Keep you signed in via the session cookie
  • Prevent abuse through rate limiting
  • Respond to any queries you send us directly

We do not use your data to train AI models. We do not use it for advertising, profiling, or any purpose beyond delivering the GetCV service to you.

04 Legal Basis for Processing (UK GDPR)

Our legal bases under Article 6 of UK GDPR are:

  • Contract — processing necessary to provide you the GetCV service you signed up for (account, resume storage, downloads)
  • Legitimate interests — security, abuse prevention, and service improvement, balanced against your rights
  • Consent — where you explicitly opt in to specific features (for example, saving a resume to your account)

You can withdraw consent or object at any time by deleting your account (see section 08).

05 Third Parties Involved

To provide GetCV, we use these carefully selected service providers:

Anthropic (based in the USA) — provides the Claude AI model that parses and enhances resume content. When you upload a resume or ask AI to help with a section, the relevant content is sent to Anthropic for processing and returned to you. Anthropic operates under its own privacy commitments and does not retain your data for training under our API terms. See Anthropic's privacy policy at anthropic.com/legal/privacy.

Railway (based in the USA) — hosts the GetCV application and stores account and resume data on their infrastructure. Railway operates under GDPR-compliant contractual terms.

Cloudflare — provides DNS and edge networking. Cloudflare may see the IP addresses of visitors as they connect.

Because Anthropic and Railway are US-based, some of your data may be processed outside the UK. These transfers are protected by standard contractual clauses under UK GDPR Article 46 and by each provider's own compliance commitments.

We do not sell, rent, or trade your personal data. Ever.

06 Data Retention

  • Account data: retained while your account exists. Deleted permanently within 30 days of account deletion (see section 08).
  • Saved resumes: retained while saved in your account. Deleted permanently when you delete them or delete your account.
  • Session cookies: expire after 30 days of inactivity or when you log out.
  • Request logs: retained for up to 90 days for security and debugging, then automatically deleted.
  • AI-processed content: sent to Anthropic for processing only. We do not store separate copies beyond what's saved to your account.

07 Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectify — correct inaccurate data (most fields are editable directly in the app)
  • Erase — delete your account and all associated data (the "right to be forgotten")
  • Restrict — ask us to pause processing of your data while a query is resolved
  • Portability — receive your saved resumes in a machine-readable format
  • Object — to processing based on legitimate interests
  • Withdraw consent — at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. There is no fee for reasonable requests.

08 Deleting Your Account

You can delete your account at any time by emailing [email protected] with the subject "Delete my GetCV account" from the email address you signed up with.

Account deletion removes:

  • Your account record and login credentials
  • All saved resumes in your account
  • All active sessions

Some data may remain in system backups for up to 30 days before being fully purged. After that, no trace of your account remains.

09 Security

We implement industry-standard measures to protect your data:

  • Passwords are cryptographically hashed using scrypt — we never store or transmit your actual password
  • All connections use HTTPS/TLS encryption
  • Session cookies are HttpOnly and Secure to prevent theft
  • Rate limiting prevents brute-force and abuse
  • Data is stored on encrypted infrastructure

No online service can guarantee absolute security. If we ever suffer a personal data breach affecting your data, we will notify you and the UK Information Commissioner's Office within 72 hours as required by UK GDPR.

10 Cookies

GetCV uses one cookie — a session cookie called gcv_session — which is essential for keeping you signed in. This is a first-party, HttpOnly, Secure cookie. It contains only a random session identifier, not your personal data.

We do not use tracking cookies, advertising cookies, or third-party analytics.

11 Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk. We would appreciate the chance to address your concerns first — please contact us at [email protected].

12 Changes to This Policy

We may update this Privacy Policy as GetCV evolves. Material changes will be notified to registered users by email and posted here with an updated date. Continued use of GetCV after any changes constitutes acceptance of the updated policy.

13 Contact

For any privacy-related queries, contact: [email protected]

← Back to GetCV Terms of Use →