Privacy Policy

RoleGuide is the data controller responsible for processing your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us through our website.

We collect the following types of personal data: Account Information: - Email address - Name (optional) - Profile image (if provided via OAuth) - Password (encrypted) CV and Application Data: - CV drafts and content - CV snapshots and version history - Evaluation scores and feedback - Template preferences Technical Data: - IP address - Browser type and version - Device information - Usage data and analytics - Session tokens and authentication data OAuth Provider Data (if you sign in with Google): - Google account email - Google account name - Google profile picture - OAuth tokens (stored securely)

We process your personal data based on the following legal grounds under GDPR: - Contract Performance: To provide you with our CV building services as per our Terms of Service - Legitimate Interests: To improve our services, ensure security, and prevent fraud - Consent: Where you have given explicit consent (e.g., for marketing communications) - Legal Obligation: To comply with applicable laws and regulations

We use your personal data for the following purposes: - To provide and maintain our CV building service - To create, store, and manage your CV drafts - To generate CV evaluations and scores - To authenticate your account and manage sessions - To send you service-related communications (e.g., account verification, password resets) - To improve our services and develop new features - To ensure security and prevent fraud - To comply with legal obligations - To analyze usage patterns and optimize user experience

We do not sell your personal data. We may share your data only in the following circumstances: Service Providers: - We use third-party service providers (e.g., hosting, email services) who process data on our behalf under strict contractual obligations OAuth Providers: - If you sign in with Google, Google's privacy policy applies to the data they collect Legal Requirements: - We may disclose data if required by law or to protect our rights and safety We ensure all third parties comply with GDPR requirements and have appropriate data protection measures in place.

Your data may be processed and stored outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as: - Standard Contractual Clauses approved by the European Commission - Adequacy decisions by the European Commission - Other legally recognized transfer mechanisms We take measures to ensure your data receives an adequate level of protection regardless of where it is processed.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy: Active Accounts: - Data is retained while your account is active - You can delete your account at any time Deleted Accounts: - Account data is soft-deleted and retained for 30 days for recovery purposes - After 30 days, data is permanently deleted - Some data may be retained longer if required by law CV Drafts: - Retained until you delete them or your account is deleted You can request deletion of your data at any time by contacting us or using the account deletion feature.

You have the following rights regarding your personal data: Right of Access (Article 15): - Request a copy of all personal data we hold about you - Export your data in a machine-readable format Right to Rectification (Article 16): - Correct inaccurate or incomplete data - Update your account information at any time Right to Erasure (Article 17): - Request deletion of your personal data ("right to be forgotten") - Delete your account through account settings Right to Restrict Processing (Article 18): - Request restriction of data processing in certain circumstances Right to Data Portability (Article 20): - Receive your data in a structured, commonly used format - Export your CV data and account information Right to Object (Article 21): - Object to processing based on legitimate interests - Object to direct marketing Right to Withdraw Consent: - Withdraw consent at any time where processing is based on consent To exercise these rights, please contact us through our website. We will respond within one month.

We implement appropriate technical and organizational measures to protect your personal data: - Encryption of data in transit (HTTPS/TLS) - Encryption of passwords using bcrypt hashing - Secure authentication tokens - Regular security assessments - Access controls and authentication - Secure database storage - Regular backups However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We use cookies and similar technologies to: - Maintain your session and authentication - Remember your language preferences - Analyze website usage and improve our services Essential Cookies: - Required for the website to function properly - Cannot be disabled Analytics Cookies: - Help us understand how users interact with our website - Can be disabled through your browser settings You can control cookies through your browser settings. Disabling cookies may affect website functionality.

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately and we will delete such information.

We use automated processing, including AI-powered CV evaluation, to provide our services. This includes: - CV scoring and evaluation - ATS optimization suggestions - Content recommendations You have the right to request human review of any automated decision that significantly affects you.

We may update this Privacy Policy from time to time. We will notify you of any material changes by: - Posting the new Privacy Policy on this page - Updating the "Last Updated" date - Sending an email notification (for significant changes) We encourage you to review this Privacy Policy periodically.

If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with a supervisory authority. In Germany, this is: Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) Graurheindorfer Str. 153 53117 Bonn, Germany Website: https://www.bfdi.bund.de You can also contact your local data protection authority in your EU member state.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through our website. For data protection inquiries, please specify "GDPR Request" in your message.