Last updated: April 2026
This Service is operated by an individual controller ("we", "us") based in the EU. Contact: privacy@cvtally.com.
Customer data: your email address (to send the results link).
Candidate data: the contents of the CVs you upload — which may include names, contact details, employment history, education, and any other information contained in the documents.
Payment data: handled entirely by Polar.sh; we do not receive or store payment card details.
We do not use candidate data for any purpose other than delivering your order.
Processing your email: performance of the service contract. Processing candidate CVs: you (the customer/recruiter) are the data controller with legitimate interest or another basis under Art. 6 GDPR; we act as your data processor under the DPA.
Original CVs are deleted within approximately 5 minutes of processing completion. Analysis results and unified PDFs are deleted 48 hours after processing. Your email is deleted at the same time. You can trigger immediate deletion using the "Delete now" button.
All candidate data is stored in Cloudflare's EU jurisdiction (R2 with jurisdiction=eu). Email is sent via Resend's EU sending region. Anthropic (Claude API) processes data under their API terms; they do not train on customer API data.
| Processor | Purpose | Location |
|---|---|---|
| Cloudflare | Infrastructure, storage, CDN | EU (jurisdiction binding) |
| Polar.sh | Payment processing, MoR | USA |
| Anthropic | AI analysis (Claude API) | USA |
| Resend | Transactional email | EU region |
Under GDPR you have the right to access, rectify, erase, restrict and port your personal data. Use the "Delete now" button for immediate erasure. For other requests: privacy@cvtally.com.
We use Cloudflare Turnstile (bot protection) which sets a transient cookie. No marketing or tracking cookies. No analytics beyond Cloudflare's default network-level metrics (no individual user tracking).