Your privacy, powered by Civy

1. Information we collect

We only gather the data required to deliver and improve Civy. The exact information depends on how you use the product, including the AI twin, job assistant, and recruiter-facing experiences.

• Account details such as name, email address, authentication tokens, and billing status.
• Profile content you import or author — CVs, LinkedIn data, career highlights, testimonials, and media you upload to your public site.
• Usage insights like visits, conversation transcripts, recruiter questions, and feature engagement needed to surface analytics in your dashboard.
• AI job assistant inputs (job descriptions, tone guidance, application preferences) and generated outputs so you can revisit, edit, or resend them.
• Operational telemetry (device type, browser version, IP address, error logs) used for security, fraud prevention, and performance debugging.
• Payment identifiers processed by Stripe (card type, last four digits, billing address) — Civy never stores raw payment credentials.

2. How we use your information

We process personal data under legitimate interest, contract performance, and consent (where required). That includes:

• Delivering the core product — powering your AI twin, recruiter chat, and self-serve site.
• Generating tailored application assets and recommendations through the job assistant and AI inference services.
• Maintaining analytics dashboards, visit summaries, training reminders, and other notifications you enable.
• Protecting Civy with monitoring, rate limiting, anomaly detection, and incident response playbooks.
• Improving accuracy of AI models via aggregate insights, offline evaluation, and human-in-the-loop reviews (using redacted datasets).
• Complying with legal obligations, accounting requirements, and enforceable requests from regulators.

3. When we share data

We never sell your information. Limited sharing occurs only with vetted partners under strict confidentiality when needed to run Civy.

• Infrastructure and processing providers (hosting, storage, analytics, email delivery, logging).
• AI infrastructure partners who supply model hosting or inference acceleration — prompts and outputs are encrypted in transit and purged on rotation.
• Payment processors (Stripe) to manage subscriptions, invoices, and refunds.
• Compliance and safety partners when required to investigate abuse, enforce terms, or respond to lawful requests.
• Corporate transactions (merger, acquisition) where data transfers follow the same or stronger protections.

4. AI job assistant & automated outreach

The job assistant analyzes job descriptions, drafts tailored materials, and can send applications on your behalf. You control every automated action.

• Uploaded job content is stored so you can reuse or audit past applications. Delete a role to remove associated data from the workspace view.
• Outbound emails or form submissions are logged to track status and prevent duplicate outreach.
• We do not contact employers or recruiters without an explicit trigger you initiate inside the product.

5. Your choices & controls

You can manage most privacy settings from your Civy dashboard. For requests beyond the UI, email mj@cvchatly.com.

• Access, export, or correct personal data stored in your account.
• Disable analytics emails, training reminders, or recruiter notifications at any time.
• Request deletion of your account and associated content — we fulfill verified requests within 30 days unless retention is legally required.
• Opt out of experimental AI features via feature flags when available; opting out may disable related functionality.

6. Retention & deletion

We retain information for as long as you maintain a Civy account or as needed to deliver contracted services. Backups roll off on a fixed schedule and are encrypted.

When you delete data or close your account, we remove active records promptly and purge backups during the next retention window (typically 35 days).

7. Security

Security is layered across product, infrastructure, and people. Controls include encryption in transit and at rest, strict role-based access, audit logging, penetration tests, and incident response runbooks.

No system is perfectly secure; contact security@cvchatly.com if you discover an issue so we can investigate quickly.

8. International data transfers

Civy is operated from the European Union with cloud regions in the EU and US. Whenever data leaves its origin region, we rely on Standard Contractual Clauses and equivalent safeguards to keep it protected.

9. Changes to this policy

We will post updates on this page and update the “Last updated” date whenever material changes occur. If updates significantly impact your rights, we will notify you through email or in-product messaging.

10. Contact

Questions or concerns? Email mj@cvchatly.com or write to Maria Jose Gonzalez Antelo, Permoserstraße 6 202, 01307 Dresden, Germany.