BCVBold
Sign inBuild my CV free โ†’
Legal

Privacy Policy

Last updated: 13 April 2026 ยท Effective immediately

CVBold is operated by Webxcell Digital & Technology Ltd, a company registered in England and Wales. We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect, why we collect it, and how you can control it.

Questions? Email us at privacy@cvbold.io.

1. Who We Are

Data Controller: Webxcell Digital & Technology Ltd, trading as CVBold (cvbold.io).
Contact: privacy@cvbold.io

2. Data We Collect

2.1 Account data

  • Name and email address (provided at registration)
  • Encrypted password (managed by Supabase Auth โ€” we never see your plain-text password)
  • Subscription plan and billing status

2.2 CV and cover letter content

  • Personal details you enter: name, phone, location, LinkedIn, portfolio URL
  • Work experience, education, skills, certifications and any other sections you add
  • Cover letter text generated or edited in the app

This content is stored in our Supabase (PostgreSQL) database, hosted in the EU (Ireland region). You own this data and can delete it at any time.

2.3 AI usage data

When you use AI features, your CV content or job description is sent to Anthropic's Claude API to generate suggestions. Anthropic's privacy policy governs their handling of that data. We do not share your name or email with Anthropic.

2.4 Payment data

Payments are processed by Stripe. We never see or store full card numbers. We store only: Stripe customer ID, subscription/payment intent IDs, and purchase metadata (plan, amount, format).

2.5 Usage and analytics data

  • Pages visited, features used, download events (logged in our own database)
  • IP address and user-agent for public CV profile view counting
  • We do not use third-party analytics trackers (no Google Analytics, no Facebook Pixel)

3. Legal Basis for Processing

  • Contract performance โ€” to provide the CVBold service you signed up for
  • Legitimate interests โ€” security, fraud prevention, product improvement
  • Legal obligation โ€” tax records, compliance with UK law
  • Consent โ€” marketing emails (you can withdraw at any time)

4. How We Use Your Data

  • To provide, operate and improve CVBold
  • To process payments and manage your subscription
  • To send transactional emails (account confirmation, receipts, plan changes)
  • To detect and prevent abuse or fraud
  • To count views on public CV profile pages

We do not sell your data to third parties. Ever.

5. Data Sharing

We share data only with the following sub-processors, all of whom operate under appropriate data protection agreements:

  • Supabase โ€” database and authentication (EU-hosted)
  • Anthropic โ€” AI generation (CV content only, not account PII)
  • Stripe โ€” payment processing
  • Vercel โ€” hosting and edge infrastructure
  • Resend โ€” transactional email delivery

6. Data Retention

  • Account and CV data: retained while your account is active
  • On account deletion: all CV data is permanently deleted within 30 days
  • Billing records: retained for 7 years to meet UK HMRC requirements
  • Server logs: retained for 90 days then purged

7. Your Rights (UK GDPR)

You have the right to:

  • Access โ€” request a copy of all data we hold about you
  • Rectification โ€” correct inaccurate data
  • Erasure โ€” request deletion of your account and all associated data
  • Portability โ€” receive your CV data in a machine-readable format (JSON)
  • Restriction โ€” ask us to pause processing while a dispute is resolved
  • Objection โ€” object to processing based on legitimate interests

To exercise any of these rights, email privacy@cvbold.io. We will respond within 30 days. You can also delete your account directly in Settings โ†’ Account โ†’ Delete Account.

8. Cookies

We use only strictly necessary cookies โ€” specifically the Supabase authentication session cookie. We do not set advertising or tracking cookies.

9. Security

All data is transmitted over HTTPS. Database access requires authentication tokens. Passwords are hashed using bcrypt. We conduct periodic security reviews. In the event of a breach affecting your data, we will notify you within 72 hours as required by UK GDPR.

10. Children

CVBold is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has registered, contact us and we will delete the account promptly.

11. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email or via an in-app banner at least 14 days before the change takes effect. Continued use of CVBold after that date constitutes acceptance.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.