Privacy Policy

Last updated: 26/06/2025

Thank you for using promptCv.
This Privacy Policy explains how your personal data is collected, used, and protected when you interact with the promptCv platform, whether through our website, prototype, or test versions.

We take your privacy seriously and commit to handling your data responsibly, transparently, and in accordance with the European Union’s General Data Protection Regulation (GDPR).

1. Data Controller

Since promptCv is currently a personal, non-commercial project, the data controller is an individual person responsible for processing your personal data.

Controller: Emanuele Paolini
Email: baroxit@gmail.com
Via Cenisio, 8, 20154 Milano MI

If you have any questions about how we process your data, you can contact us directly at the email above.

2. What Data We Collect

We may collect the following types of personal data when you use promptCv:

• Basic identity data: such as your name and email address
• User-generated content: such as the text, audio, or video you upload or create for your CV
• Technical data: such as your IP address, browser type, operating system, and usage data (collected through cookies or analytics tools)
• Sensitive data: only if voluntarily shared by you within your content (e.g. age, grades, etc.)

We do not actively request sensitive personal data. Please avoid including it unless strictly necessary for your CV.

3. Why We Collect Your Data

We collect and process your data for the following purposes:

• To deliver and improve the service (e.g. help you generate your CV)
• To respond to your questions or feedback
• To perform basic analytics on how the platform is used (anonymous or aggregated whenever possible)
• To comply with legal obligations, where applicable
• If you consent: to send occasional updates or information about the project

We rely on the following legal bases: performance of a service, legitimate interest, legal obligation, or your explicit consent (where applicable).

4. How We Process Your Data

Your data is processed using secure digital tools, following technical and organizational safeguards to protect against loss, misuse, or unauthorized access.
We do not sell your data or use it for profiling or advertising purposes.

5. How Long We Keep Your Data

We retain personal data only as long as necessary to provide the service or fulfill the purpose for which it was collected.
In general:

• Your data will be kept for up to 12 months after your last activity.
• You can ask for deletion at any time by contacting us.

6. Who Can Access Your Data

We may share your data only with:

• Technology providers we rely on (e.g. cloud storage, AI processing tools, analytics)
• Collaborators or service providers involved in development and testing
• Public authorities, if legally required

All third parties are selected carefully and required to comply with privacy and security standards.

7. International Data Transfers

If we use services hosted outside the European Union (e.g. US-based cloud or AI tools), we ensure that your data is transferred in compliance with GDPR, through mechanisms such as:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions, where applicable

8. Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Request correction or deletion
• Limit or object to certain processing
• Request portability of your data
• Withdraw consent at any time

To exercise any of these rights, please contact: baroxit@gmail.com
We will respond as quickly as possible, and always within the legal time limits.

9. Changes to This Policy

This Privacy Policy may be updated over time to reflect changes in our project, technology, or regulations.
We encourage you to review it periodically. Substantial changes will be communicated clearly.