Back to Home

Privacy Policy

Last Updated: June 23, 2026

1. Introduction

PureCV (“we”, “our”, or “us”), operated out of Kazanluk, Bulgaria, is committed to protecting your personal data. This Privacy Policy explains how we handle your information. We do not require user accounts, registrations, or login credentials, ensuring a stateless, high-privacy funnel for all visitors.

2. The GDPR Zero-Retention Guarantee

To guarantee absolute GDPR compliance and safeguard your sensitive career history, we operate on a strict Zero-Retention policy:

  • Immediate Processing: Uploaded career documents are processed entirely in server RAM for text extraction and are instantly garbage-collected from memory.
  • 2-Hour Session Expiration: All session data linking you to your files mathematically evaporates exactly 2 hours after creation. At this point, you can no longer access your files.
  • 24-Hour Physical Purge: The physical files (PDFs and HTML) generated by the AI are stored temporarily on a secure Cloudflare R2 bucket. An automated Object Lifecycle rule permanently purges all orphaned files within 24 hours. We retain no backup copies.

3. Data We Collect

We process the following data purely to generate your CV suite:

  • Uploaded Files & Text: Text from your resumes, profiles, screenshots, target job descriptions, and custom instructions.
  • Profile Pictures: Natively compressed in your browser and injected directly into the final HTML/PDF layouts. We do not store or use your photo for any other purpose.
  • IP Addresses: Processed temporarily by our Upstash Rate Limiter to protect the system from denial-of-service (DoS) attacks and abuse (limited to 5 requests per 24 hours per IP).

4. Third-Party Integrations & Security

We partner with enterprise-grade services to operate our SaaS funnel:

  • LemonSqueezy: Serves as our Merchant of Record for secure checkout and global tax/VAT compliance. We do not store or process your credit card details.
  • Cloudflare Turnstile: We use Turnstile to protect our upload forms from automated bots. It processes basic device signals and IP addresses strictly for security verification, without utilizing tracking cookies.
  • Resend: Used solely to dispatch your one-time transaction receipt and secure download recovery email.
  • Google AdSense: We display advertisements on the post-payment success screen. Google AdSense uses cookies to serve personalized ads. For EU/Bulgarian visitors, a Google Privacy & Messaging GDPR consent banner is utilized to manage tracking preferences.
  • API2PDF & Google Gemini APIs: Secure serverless engines used to analyze text and compile PDF layouts. Crucially, your data is NOT used by Google or API2PDF to train their AI models. Data sent via these enterprise APIs is processed ephemerally for your immediate generation request.

5. Your Rights

Since all user sessions and files evaporate automatically after 2 hours and we store no personal accounts or contact lists, we retain no data to retrieve, modify, or manually erase. Once the 2-hour window expires, all your trace data is permanently deleted.

6. Contact Information

For any inquiries regarding our zero-retention privacy protocols, please contact us at support@purecv.org.