Last updated: 13 April 2026 ยท UK GDPR & Data Protection Act 2018
Our commitment in plain English
Data Controller: Webxcell Digital & Technology Ltd, trading as CVBold (cvbold.io)
Data Protection Contact: privacy@cvbold.io
We are registered as a data controller under the UK Data Protection Act 2018. As controller, we determine the purposes and means of processing your personal data.
| Category | Examples | Legal Basis |
|---|---|---|
| Identity | Name, email address | Contract |
| CV content | Work history, education, skills, personal statement | Contract |
| Financial | Stripe customer ID, purchase records | Contract + Legal obligation |
| Usage | Pages visited, downloads, AI request count | Legitimate interests |
| Technical | IP address (public CV views only), user-agent | Legitimate interests |
| Communications | Support emails, feedback | Legitimate interests |
UK GDPR grants you the following rights. We will respond to all valid requests within 30 calendar days at no charge. We may ask for proof of identity before fulfilling a request.
Right of Access (Article 15)
Request a full copy of all personal data we hold about you, including your account details, CV data and usage records.
โ Email us at privacy@cvbold.io with the subject "Data Access Request". We will respond within 30 days.
Right to Rectification (Article 16)
Have inaccurate or incomplete personal data corrected. You can update most data directly in the app (Settings โ Profile).
โ Update in-app or email us if you cannot access the relevant setting.
Right to Erasure (Article 17)
Request deletion of all personal data we hold about you ("right to be forgotten"). This will permanently delete your account, all CVs, cover letters and associated data.
โ Go to Settings โ Account โ Delete Account, or email privacy@cvbold.io.
Right to Data Portability (Article 20)
Receive your CV data in a structured, machine-readable format (JSON) so you can transfer it to another service.
โ Email us at privacy@cvbold.io with the subject "Data Export Request".
Right to Restriction (Article 18)
Ask us to pause processing your data while a complaint or dispute is being resolved.
โ Email privacy@cvbold.io explaining the restriction requested.
Right to Object (Article 21)
Object to processing based on our legitimate interests, including profiling. You can also opt out of marketing emails at any time.
โ Unsubscribe link in every marketing email, or email privacy@cvbold.io.
Right not to be subject to automated decisions (Article 22)
CVBold's AI score is a tool to help you improve your CV โ it does not make any automated decisions that produce legal or similarly significant effects.
โ No action needed. Human review is always available on request.
We use the following third-party processors under appropriate Data Processing Agreements:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication | EU (Ireland) |
| Anthropic | AI content generation (CV text only) | USA (SCCs applied) |
| Stripe | Payment processing | EU / USA (SCCs applied) |
| Vercel | Hosting, edge delivery | EU / USA (SCCs applied) |
| Resend | Transactional email | EU |
Where data is transferred outside the UK/EEA (e.g. to Anthropic or Vercel's US infrastructure), we rely on Standard Contractual Clauses (SCCs) approved by the ICO to ensure an adequate level of protection.
We use only one cookie: a session cookie set by Supabase Auth to keep you logged in. No advertising, analytics or tracking cookies are set. No consent banner is required.
In the event of a personal data breach, we will:
If you are unhappy with how we have handled your personal data, please contact us first at privacy@cvbold.io. We aim to resolve all complaints within 14 days.
You also have the right to lodge a complaint directly with the UK supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
For any data rights request or privacy question:
privacy@cvbold.io
For full details on how we process data, see our Privacy Policy.