Privacy Policy

Effective Date: July 6, 2025
Applies to: CV Poet Chrome extension
Developer: Levin Cloud Atlas, Neuchatel, Switzerland

TL;DR
• 🔑 When you register, ExtGate processes your email.
• 📄 CV data is used only to tailor and send it to you via email.
• 💳 When you purchase credits, Stripe processes your payment details.
• 🍪 No cookies, no analytics, no ads.

1. DATA WE HANDLE
• CV data is stored only in your browser; we do not store it on our servers.
• A user ID is created on first run; it is stored locally only to manage your access to the service.
• When you register, ExtGate handles your email address and the user ID only to manage your access to the service.
• When you purchase credits, Stripe handles your payment details.
• When you commission a tailored CV, your CV data is sent to our server which is hosted by Render. Our server orchestrates the use of OpenAI and Resend.
• Once a valid request for tailored CV is received, your CV data is processed by OpenAI only to generate its tailored version.
• When the tailored CV is ready, your email address is processed by Resend to send it to you.
• Baseline web traffic logs (IP address, timestamp, user-agent) for security.
• We set no cookies and use no analytics or advertising trackers.

2. PURPOSES AND LEGAL BASIS
We process personal data because as necessary to provide the service you request (contract performance) and for basic security logging (legitimate interest).

3. SELLING, SHARING AND INTERNATIONAL TRANSFERS
ExtGate, Render, OpenAI, Resend and Stripe act as our processors and handle data strictly to deliver the service, access management and payment processing. We do not sell or share data. When information moves internationally, it is done via standard contractual clauses or another approved transfer mechanism to safeguard your data.

4. RETENTION
• CV data remains on your device until you erase it or uninstall the extension.
• CV data is temporarily stored on OpenAI and deleted automatically within 30 days.
• User ID remains on your device until you uninstall the extension or clear browser data.
• Email and Stripe ID remain on ExtGate servers until you delete your account.
• User ID and email hash remain on ExtGate servers in anonymized form to prevent access abuse.
• Billing records are kept by Stripe for the periods required by law.

5. YOUR RIGHTS
You can erase all personal data by deleting your account, uninstalling the extension and clearing browser data. You may request access, correction, deletion, restriction, portability or objection in line with GDPR, CCPA/CPRA or other applicable laws by writing to daniil.levin@cloud-atlas.ch. You may also lodge a complaint with your local data-protection authority.

We will not discriminate against you for exercising any privacy right.

6. SECURITY
We apply commercially reasonable safeguards, but no method of transmission or storage is completely secure.

7. MINORS
We do not knowingly collect personal data from anyone under 18. If we learn that such data has been provided, we will delete it.

8. CHANGES
We may revise this privacy policy. If changes are material we will post the new version here and update the effective date. Continued use of the extension after a change takes effect signifies acceptance of the revised policy.

9. CONTACT
For questions about this policy, email daniil.levin@cloud-atlas.ch.