Privacy Policy

Effective Date: May 7, 2025

This Privacy Policy governs the manner in which Mobotechnology LLC (“we”, “us”, or “our”) collects, uses, maintains, and discloses information collected from users (each, a “User”) of the mobile applications and website associated with cvpdf.com (the “Service”). This policy applies to all versions of the Service, including but not limited to the Android, iOS, and Web platforms. By accessing or using the Service, you acknowledge that you have read, understood, and agreed to the practices described herein. If you do not agree with any part of this policy, you must discontinue use of the Service immediately.

1. Information Collection

We collect several types of information to provide and improve our Service, ensure security, and comply with legal obligations. The data we gather falls into the following categories:

• Personal Identification Information: This includes but is not limited to your full name, email address, phone number, postal address (if provided), professional titles, social media profiles (when linked). We collect this information when you register for an account, subscribe to newsletters, or engage in transactions.
• Non-Personal Identification Information: We automatically collect technical data such as device type (model, manufacturer), operating system version, browser type (Chrome, Safari, etc.), IP address (anonymized where possible), screen resolution, language preferences, and unique device identifiers (e.g., Android ID, Advertising ID). This helps us optimize compatibility and performance.
• Usage Data: We track interactions with the Service, including pages visited, time spent per feature, clickstream patterns, error logs, and navigation paths. This data is aggregated to analyze trends and improve user experience.
• Document Data: All files uploaded, generated, or edited through cvpdf.com (CVs, resumes, cover letters, templates) are stored securely. We process this data solely to deliver the requested services and do not scan content for advertising purposes.
• Third-Party Data: If you integrate external accounts (e.g., Google Drive, Dropbox), we may access metadata (file names, sizes) but not content without explicit permission.

2. Methods of Data Collection

Data is collected through multiple channels to ensure comprehensive service delivery:

• Direct User Input: Information provided via registration forms, surveys, customer support requests, or interactive features (e.g., profile customization).
• Automated Technologies: Cookies (small text files stored on your device), SDKs (software development kits embedded in our mobile apps), and pixels (tracking codes on web pages) collect usage data. These tools help remember preferences, authenticate sessions, and prevent fraud.
• Third-Party Integrations: When you sign in via Google, Apple, or other OAuth providers, we receive limited profile data (name, email) as permitted by their policies. We do not access passwords or full account details.
• Analytics Services: Tools like Google Analytics and Firebase provide aggregated insights into user behavior, demographics, and device statistics. These services use anonymized identifiers where feasible.

3. Use of Collected Information

We process your data for the following lawful purposes, grounded in contractual necessity, legitimate interest, or consent:

• Service Operation: To create and manage user accounts, authenticate logins, process payments, and enable core functionalities (e.g., CV editing, PDF generation).
• Personalization: To tailor content recommendations (e.g., resume templates based on your industry), display language-localized interfaces, and remember preferences (font sizes, color themes).
• Communication: To send transactional emails (account verification, password resets), respond to support inquiries, and (with consent) deliver marketing newsletters or promotional offers. You may opt out of non-essential communications at any time.
• Security: To detect and prevent fraudulent activities, unauthorized access attempts, and other malicious behaviors by monitoring login patterns and system logs.
• Legal Compliance: To fulfill tax obligations, respond to lawful subpoenas, and maintain records as required by applicable laws (e.g., financial regulations for paid services).
• Research & Development: To analyze feature adoption rates, identify usability issues, and prioritize future enhancements based on aggregated metrics.

4. Disclosure of Information

We adhere to strict confidentiality standards and disclose data only under the following circumstances:

• Service Providers: Trusted vendors assisting with hosting (AWS, Google Cloud), payment processing (ApplePay, GooglePay, Stripe, PayPal), customer support (Zendesk), and analytics (Mixpanel) may access data under binding contracts that prohibit independent use.
• Legal Requirements: We may disclose information if compelled by court orders, government agencies, or to defend against legal claims. Where permitted, we will notify affected users unless legally prohibited.
• Business Transfers: In the event of a merger, acquisition, or asset sale, user data may transfer to the successor entity, subject to the same privacy commitments.
• Public Safety: If we believe disclosure is necessary to prevent imminent harm to individuals or the public, we may share limited data with authorities.
• Aggregated/Anonymized Data: We may publish statistical insights (e.g., "60% of users prefer minimalist templates") that cannot identify individuals.

5. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy, unless extended retention is required by law. Specific retention periods include:

• Account Data: Retained for 3 years after last activity for lapsed users, then anonymized or deleted.
• Documents: User-uploaded files are stored until account deletion or 12 months of inactivity, whichever occurs first. Backup copies may persist for up to 90 days post-deletion.
• Financial Records: Transaction data (invoices, payment logs) kept for 7 years to comply with tax laws.
• Cookies: Session cookies expire when you close the browser; persistent cookies may last up to 24 months unless deleted manually.

Upon request, we will permanently erase your data unless retention is legally mandated (e.g., fraud investigations).

6. Data Security

We implement a multi-layered security framework to protect your information:

• Encryption: All data transmissions use TLS 1.2+ protocols. Documents at rest are encrypted via AES-256.
• Access Controls: Role-based permissions limit employee access to personal data on a need-to-know basis. All staff undergo privacy training.
• Infrastructure Safeguards: Regular penetration testing, intrusion detection systems, and DDoS mitigation are employed.
• Incident Response: A dedicated team monitors for breaches. If a security incident affects your data, we will notify you within 72 working hours as required by applicable laws.

Despite these measures, no system is infallible. Users should safeguard passwords and enable two-factor authentication where available.

7. International Data Transfer

As a global service, your data may be processed in jurisdictions outside your home country, including the United States, European Union, and Singapore. We ensure compliance via:

• Standard Contractual Clauses (SCCs): For EU/UK transfers, we use EU-approved contractual terms with subprocessors.
• Adequacy Decisions: Where possible, data is routed through countries with recognized privacy standards (e.g., Japan, Canada).
• Supplemental Measures: Additional technical safeguards (pseudonymization, strict access logs) are applied for high-risk transfers.

By using our Service, you consent to such transfers and the protections outlined herein.

8. User Rights and Controls

Depending on your residency, you may exercise the following rights:

• Access/Portability: Request a copy of your data in a structured, machine-readable format (JSON, CSV).
• Rectification: Update inaccurate or incomplete profile details via account settings or by contacting support.
• Erasure: Demand deletion of personal data, subject to legal exceptions (e.g., pending transactions).
• Restriction: Temporarily halt processing while disputes are resolved (e.g., contested accuracy).
• Objection: Opt out of direct marketing or profiling for legitimate interests.
• Withdraw Consent: Revoke permissions previously granted (e.g., email newsletters).

To exercise these rights, email contact@cvpdf.com. We respond within 30 working days and may request identity verification to prevent fraud.

9. Children’s Privacy

cvpdf.com is designed for users aged 16+ and complies with the Children’s Online Privacy Protection Act (COPPA):

• We do not knowingly collect data from children under 13. If such data is inadvertently received, it is promptly deleted.
• Parents/guardians may contact us to review or remove a minor’s information.
• Age gates prevent registration by underage users in jurisdictions with stricter limits (e.g., 16 under GDPR).

10. Cookies and Tracking Technologies

We utilize the following tracking tools:

• Essential Cookies: Necessary for core functions (session management, shopping carts). Disabling these may impair service.
• Performance Cookies: Track page load times, error rates (Google Analytics).
• Advertising Cookies: Used only in free tiers to deliver non-intrusive ads (opt-out via Admob, AdChoices etc).
• SDKs: Firebase for crash reporting; Braze for push notifications (configurable in device settings).

Most browsers allow cookie management via settings. Note that opt-outs are device/browser-specific.

11. Third-Party Services

We integrate with these external platforms, each governed by their own policies:

• Cloud Storage: Google Drive, iCloud (for document syncing).
• Analytics: Amplitude, Hotjar (heatmaps, session recordings).
• Payments:Apple Pay, Google Pay, Stripe (PCI-DSS compliant).

We vet third parties for privacy compliance but encourage users to review their policies independently.

12. Modifications to This Policy

We may update this policy periodically to reflect:

• New service features requiring data collection.
• Changes in laws (e.g., new state privacy regulations).
• Feedback from users or regulatory bodies.

Material changes (e.g., expanded data sharing) will be announced via email 30 days in advance. The "Effective Date" at the top indicates the latest revision.

13. Contact Us

For privacy-related inquiries or complaints:

Email: contact@cvpdf.com (preferred for fastest response)
Postal Address: Mobotechnology LLC, Attn: Data Protection Officer, Casper USA

We acknowledge all requests within 5 business days and resolve most within 30 days. If unsatisfied, you may lodge a complaint with your local supervisory authority.

14. Data Processing Agreements (DPAs)

Business customers requiring GDPR-compliant DPAs for employee/candidate data processed through cvpdf.com may request a signed agreement outlining roles (controller/processor), subprocessor lists, and audit rights. Contact contact@cvpdf.com for templates.

15. Automated Decision-Making

We do not use fully automated systems (e.g., AI profiling) to make decisions that significantly impact users. Template suggestions are based on manual inputs (job title selections) rather than algorithmic predictions.

16. Do Not Track (DNT) Signals

Our website currently does not respond to browser DNT settings due to lack of industry standardization. However, we limit cross-site tracking and provide opt-outs for targeted ads.

17. California Privacy Rights (CCPA/CPRA)

California residents may:

• Request disclosure of data categories sold/shared in the past 12 months.
• Opt out of "sales" (as defined by CCPA) via a "Do Not Sell My Info" link in the footer.
• Designate an authorized agent to submit requests on their behalf.

18. Nevada Privacy Rights

Nevada users may direct us not to sell covered personal information (as defined by SB220) by emailing contact@cvpdf.com with "Nevada Opt-Out" in the subject line.

19. Virginia Consumer Data Protection Act (VCDPA)

Virginia residents have the right to:

• Confirm whether we process their data and access such data.
• Correct inaccuracies.
• Delete personal data.
• Obtain a copy of their data.
• Opt out of targeted advertising, profiling, or sales.

20. Colorado Privacy Act (CPA)

Colorado users may exercise similar rights as Virginia residents, with additional protections for sensitive data (racial origin, health information). We do not collect such data unless voluntarily provided in resume content.

21. Utah Consumer Privacy Act (UCPA)

Effective December 2023, Utah residents gain rights to access, delete, and opt out of sales. Requests can be submitted through our universal privacy portal at cvpdf.com/privacy-requests.

22. Biometric Data Policy

We do not collect biometric identifiers (fingerprints, facial recognition) except where device-native authentication (Face ID, Touch ID) is optionally enabled by users for app access. Such data remains on-device and is not transmitted to our servers.

23. Whistleblower Protections

Employees or contractors reporting privacy violations internally or to regulators are protected from retaliation under our whistleblower policy. Reports can be made anonymously via contact@cvpdf.com.

24. Data Protection Officer (DPO)

Our appointed DPO oversees compliance with GDPR and other frameworks. Contact: contact@cvpdf.com for complex inquiries or audits.

25. Breach Notification Protocol

In the unlikely event of a data breach involving unauthorized access to personal data, we will:

• Notify affected users within 72 hours of confirmation (where legally required).
• Provide details on the nature of the breach, categories of data exposed, and mitigation steps.
• Cooperate with authorities and follow incident response plans aligned with NIST standards.

26. User Consent Mechanisms

We obtain explicit consent through:

• Granular opt-in checkboxes for marketing communications.
• Cookie banners with classification (essential/optional) per ePrivacy Directive.
• Just-in-time notices before sensitive data collection (e.g., payment details).

Consent can be modified or withdrawn at any time via account settings.

27. Accessibility Commitment

This policy is available in screen-reader compatible formats. Request alternative versions (Braille, audio) at contact@cvpdf.com.

28. Governing Law and Jurisdiction

Disputes related to privacy practices are governed by the laws of [State/Country], with exclusive jurisdiction granted to courts in [Jurisdiction City]. EU users may file complaints with their member state’s Data Protection Authority.

29. Non-Discrimination Clause

We will not discriminate against users who exercise privacy rights, including denying services, charging fees, or providing degraded functionality. Premium features remain available to all users regardless of opt-out status.

30. Definitions

Personal Data: Any information relating to an identifiable individual.
Processing: Any operation performed on data (collection, storage, deletion).
Controller: Mobotechnology LLC determines processing purposes.
Processor: Third parties acting on our instructions.

Last updated: May 7, 2025