Plain English
Privacy policy
Last updated 31 May 2026. This page describes what data Dr CV collects, why, where it goes, and how long we keep it. Written so a person (not a lawyer) can actually read it.
What we collect
We collect only what we need to run the product, never as a business model, never to sell, never to train models.
- •The text of your CV, as a PDF upload, pasted text, or pulled from a public LinkedIn URL you provide. We send this to our LLM provider to generate the diagnosis and rewrite.
- •Optional job description, when you paste a JD or a job URL, we extract its text to tailor your rewrite / cover letter to that role.
- •Account email + display name, when you sign up via Dr CV (email / password or Google), Neon Auth stores the standard account fields so we can log you in next time.
- •Buyer email, when you pay, your email goes on the payment record so we can deliver the prescription email and tie the prescription to your account.
- •LinkedIn basic profile, only if you explicitly click Connect LinkedIn from the dashboard. We receive your name, email, LinkedIn user id, and profile picture via OAuth (OpenID Connect scope:
openid profile email). - •Salted IP hash, to rate-limit free diagnoses (1 per IP per 24 hours). The salt rotates daily, so the hash is not traceable across days. We never store your raw IP at rest.
What we don't do
- •We do not train models on your CV.
- •We do not sell, rent, or share your CV with anyone outside the sub-processors listed below.
- •We do not show ads or set tracking cookies. Google Analytics runs in production for aggregate funnel reporting only.
How long we keep things
- •Raw CV text: the original text of your CV (as parsed from upload, paste, or LinkedIn) is nulled out 24 hours after diagnosis. We only need it once to run the analysis.
- •Diagnosis result: the archetype, verdict, vital scores, and recruiter quote are kept indefinitely so your shareable diagnosis link keeps working. You can delete it any time from your dashboard.
- •Paid prescription (rewritten CV, tailored variants, LinkedIn copy, etc.): kept until you delete it. There is no scheduled expiry. Buyers explicitly delete from the dashboard; deleted rows are permanently purged 7 days later (so an accidental click can be reversed by support).
- •Account: kept until you delete it from the dashboard. Deleting your account permanently removes your prescriptions, your LinkedIn connection record, and your authentication record.
- •Payment records: retained for accounting and refund-window purposes for a minimum of 7 years as required by Nigerian tax law. These records contain payment metadata (amount, reference, date, email used at checkout) but not your CV content.
Talent pool (opt-in)
If — and only if — you explicitly opt in (the “Join the talent pool” box on your result page or dashboard), we keep a structured profile built from your CV so we can match you to roles and recommend you to companies that are hiring. You can use Dr CV fully without ever joining the pool.
- •What we keep: a derived profile — your role area, seniority, skills, target roles, location, CV quality score, and the email you gave us. We do not keep your raw CV; it's still deleted within 24 hours.
- •Why: to match you to live openings and put you forward to employers, on merit.
- •Who sees it: Dr CV, and an employer only when we recommend you for a specific role — we ask for your say-so before introducing you to any named company.
- •Lawful basis: your consent (NDPA / GDPR). It is separate and unbundled from getting a diagnosis.
- •Your control:switch “open to work” off, or withdraw and permanently delete your pool profile, any time — from your dashboard or by emailing [email protected].
- •No fee to you, ever. Employers pay Dr CV; candidates never pay to be recommended.
Sub-processors
We send data to the following third-party services to run the product. Each is bound by their own privacy policy and security practices.
- •Anthropic Claude(via Azure AI Foundry), generates the diagnosis, rewrite, tailored CVs, cover letters, LinkedIn audits, and interview prep. CV text is sent at request time and processed under Anthropic's zero-retention API tier.
- •Neon, Postgres database hosting (also powers our authentication via Neon Auth / Better Auth).
- •Apify (harvestapi), only when you opt in by pasting a LinkedIn URL into "Build CV from LinkedIn". Apify scrapes your public LinkedIn profile and returns it to us. We send only the URL you pasted.
- •Paystack, processes all payments. We receive a transaction reference and the email you entered at checkout; we never see your card number.
- •Resend, delivers prescription emails, password reset emails, account-claim invites, and receipts.
- •Adzuna, Greenhouse, Lever, Ashby, Workable, Remotive, RemoteOK, Arbeitnow, Jobicy, The Muse, job-board APIs we query to find matched roles for you. These are outbound calls; we don't send your CV to them, only short search terms derived from your skills.
- •Caddy, Cloudflare, TLS termination + DDoS protection. No content inspection.
- •Google, "Sign in with Google" OAuth provider via Neon Auth, plus Google Analytics for aggregate funnel reporting (production only).
LinkedIn import, important detail
When you use "Build CV from LinkedIn URL", we use a third-party scraping service (Apify) to fetch your publicly available LinkedIn profile. We do this only when you explicitly paste a URL and click Fetch.
We are actively pursuing access to LinkedIn's official Member Data Portability API, which will replace the scraping path with member-authorized data export the moment we're granted access. Until then, the scraping path is opt-in and never automatic.
Your rights
- •Access: see everything Dr CV has on you from your dashboard at /dashboard. Request a machine-readable export by emailing [email protected].
- •Deletion: delete any prescription or your entire account from the dashboard. We honour the request immediately; permanent purge happens within 7 days. Payment records are retained for tax purposes per the section above.
- •Correction:all CV / contact data lives in your account and is editable. We'll never send unsolicited marketing email, only transactional ones tied to product use.
- •Withdraw consent: disconnect LinkedIn, delete prescriptions, or close your account at any time, no friction, no waiting list.
Where we operate
Dr CV is operated from Nigeria. Production data lives in Neon's US-East region. Payments are processed in Naira via Paystack. We comply with the Nigeria Data Protection Act 2023 (NDPA) and apply GDPR-style principles globally even where they don't legally apply.
Contact
Questions or requests? Email [email protected]. We aim to respond within 3 business days.