Last Updated: 2 June 2026
RealtimeCV ("RealtimeCV", "we", "us", or "our") operates the website realtimecv.com and related services (the "Service"). This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our Service.
Our privacy commitment is simple:
If you have questions about this policy, contact us at [email protected].
RealtimeCV operates the resume builder platform at realtimecv.com. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), we are the data controller responsible for your personal data.
Data Protection Contact: [email protected]
Account information: Name, email address, password (stored in hashed form only).
Resume and CV content: Work history, education, skills, personal summary, contact details, references, certifications, languages, hobbies, projects, and any other information you choose to enter into your resume. This may include sensitive personal data such as nationality, date of birth, or other details you voluntarily include.
Cover letter content: Text and formatting you enter when using our cover letter writing service.
LinkedIn profile content: Information you provide when using our LinkedIn profile writing service.
Custom resume design content: Information, preferences, and materials you provide when purchasing our custom resume design service.
Resume writing content: Career details, achievements, and other materials you provide when purchasing our professional resume writing service.
Payment information: Billing name, billing address, and payment card details. Payment data is processed and stored by Stripe, our payment processor. We do not store full card numbers on our servers.
Communications: Emails, support tickets, chat messages, and feedback you send us.
Public profile information: If you enable a public profile URL, the resume content you choose to make publicly accessible.
Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, language preferences.
Usage data: Pages visited, features used, templates selected, clicks, time spent on pages, referral URLs, search queries within the Service.
Cookies and similar technologies: Session cookies, authentication tokens, analytics identifiers. See Section 9 for full details.
Log data: Server logs including timestamps, error reports, and request metadata.
Stripe: Payment confirmation, subscription status, failed payment notifications, transaction ID and amount.
Google Analytics: Aggregated and pseudonymised usage statistics.
Social login providers (if applicable): If you sign in using Google or another OAuth provider, we receive your name, email address, and profile picture. We do not access your contacts, files, or other account data.
We process your personal data on the following legal bases under the UK GDPR and EU GDPR:
Processing necessary to provide you with the Service you signed up for:
Where our interests do not override your fundamental rights and freedoms:
We carry out a legitimate interest assessment before relying on this basis. If you have questions about any specific assessment, contact [email protected].
Where you have given specific, informed consent:
You can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Where required by law:
We do not sell your personal data. We do not share your personal data with data brokers, advertisers, or any third party for their own marketing, profiling, or data enrichment purposes.
We share data only in the following limited circumstances:
All service providers are bound by written data processing agreements, process data only on our instructions, and are prohibited from using your data for their own purposes.
Stripe processes your billing name, email, and payment details for payment processing. Stripe acts as a data processor for certain data and as an independent controller for fraud prevention. Stripe's privacy policy governs their independent processing.
Cloud hosting provider stores all Service data in encrypted form on our behalf.
Email service provider receives your name and email address to deliver transactional and (where you have opted in) marketing emails.
Google Analytics receives pseudonymised usage data with IP anonymisation enabled.
AI processing provider receives the specific resume content you submit to AI features to generate suggestions, and only for that purpose. See Section 5.
If you purchase a Writing Service (resume writing, cover letter writing, LinkedIn profile writing, or custom resume design), the content and materials you provide may be shared with professional writers or designers working on your behalf. These individuals operate under confidentiality agreements and data processing agreements and may only use your data to deliver the service you purchased.
If you enable a public profile, the resume content you choose to make public will be accessible to anyone with the URL, including search engines. You control what is included and can disable your public profile at any time.
We may disclose your information:
We will never disclose your data to third parties for their own marketing or commercial purposes.
Our Service includes AI powered features such as content suggestions, phrase recommendations, and resume writing assistance.
How AI processing works:
When you actively use an AI feature, the relevant section of your resume content is sent to our AI processing provider to generate suggestions. Only the content you submit to the AI feature is processed, not your entire account data.
What we do NOT do with your data:
Your control:
You can use the Service without AI features. AI features are clearly identified in the interface. Free users receive limited AI suggestions; paid users receive full access.
Active account data: Retained for the duration of your active account.
Cancelled subscription data: 90 days after cancellation. During this period, your data remains visible to you and you can resubscribe to regain full access or export your data.
Soft deleted data: After the 90 day post cancellation period, your data enters a 180 day soft delete state. It is not accessible to you, but can be recovered if you contact [email protected] during this window.
Permanent deletion: 270 days after cancellation (90 + 180), your data is permanently and irreversibly deleted from our systems and backups.
Account deletion by request: You may request full account deletion at any time by emailing [email protected]. We will delete your account and data within 30 days, subject to legal retention requirements.
Payment records: Retained as required by tax and accounting laws (typically 6 years in the UK, 7 years in the US).
Server logs: 90 days.
Support communications: 2 years after resolution, or longer if required for ongoing legal matters.
Marketing consent records: Retained while consent is active, plus 3 years after withdrawal for compliance documentation.
Writing Services records: Records of professional services delivered (resume writing, cover letter writing, LinkedIn profile writing, custom resume design) are retained for 2 years after delivery for quality assurance and dispute resolution purposes.
De identified and aggregated data: We may retain anonymised, aggregated data (such as total number of resumes created per month) indefinitely. This data cannot be used to identify you and is no longer personal data under applicable law.
You have the following rights regardless of which plan you use:
Access: Request a copy of all personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention requirements.
Restriction of Processing: Request that we limit how we use your data while a concern is being resolved.
Data Portability: Receive your data in a structured, commonly used, machine readable format (JSON or PDF export of your resumes).
Objection: Object to processing based on legitimate interests, including direct marketing. We will stop unless we demonstrate compelling legitimate grounds.
Withdraw Consent: Where processing is based on consent, withdraw at any time without affecting the lawfulness of prior processing.
Automated Decision Making: You have the right not to be subject to decisions based solely on automated processing. Our AI features provide suggestions only; no automated decisions are made about you, your eligibility, or your suitability for any purpose.
How to exercise your rights: Email [email protected] with your request. We will verify your identity and respond within one month. Complex requests may take up to three months with notice.
Complaint: You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or your local EU supervisory authority.
If you are a California resident:
Right to Know: Request details about the categories and specific pieces of personal information we have collected, the sources, the purposes, and the third parties we share with.
Right to Delete: Request deletion of your personal information.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross context behavioural advertising. No opt out is required, but you may submit a request to confirm this at any time.
Right to Limit Use of Sensitive Personal Information: We only process sensitive personal information as strictly necessary to provide the Service.
Right to Non Discrimination: We will not deny you service, charge different prices, or provide a different quality of service for exercising your rights.
Do Not Sell or Share My Personal Information: We do not sell your personal data. We do not share your personal data for cross context behavioural advertising purposes. This applies to all users, not only California residents.
To submit a verifiable consumer request, email [email protected]. We will verify your identity before processing. You may also designate an authorised agent to make a request on your behalf.
If you are located in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or other US states with comprehensive privacy laws, you may have rights similar to those described above, including the right to access, correct, delete, and opt out of targeted advertising and profiling. Contact [email protected] to exercise your rights.
Your data may be transferred to and processed in countries outside the UK and the European Economic Area (EEA), including the United States, where our service providers operate.
When transferring data internationally, we ensure appropriate safeguards are in place:
You may request a copy of the safeguards we use by contacting [email protected].
Strictly Necessary: Authentication, security, session management. Cannot be disabled. Duration: session or up to 30 days.
Functional: Remembering your preferences such as language and template choices. Duration: up to 1 year.
Analytics: Understanding how you use the Service via Google Analytics with IP anonymisation enabled. Duration: up to 2 years.
Marketing (if applicable): Measuring advertising effectiveness for our own campaigns. Not used for third party advertising. Duration: up to 1 year.
On your first visit, we present a cookie consent banner. You can accept all cookies, reject non essential cookies, or customise your preferences.
You can change your cookie preferences at any time via the cookie settings link in our website footer, or through your browser settings.
We do not use cookie walls. Rejecting non essential cookies does not affect your ability to use the Service.
We honour Do Not Track (DNT) browser signals by disabling non essential tracking when detected.
We implement appropriate technical and organisational measures to protect your data:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law.
No system is 100% secure. If you become aware of any security issue or suspect unauthorised access to your account, contact us immediately at [email protected].
The Service is not intended for individuals under 16 years of age (or under the age of digital consent in their jurisdiction). We do not knowingly collect personal data from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child under 16 has provided us with personal data, contact us at [email protected].
The Service may contain links to third party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing them with your data.
We may update this Privacy Policy from time to time. When we make material changes:
Minor corrections (typographical errors, updated hyperlinks) that do not affect your rights may be made without prior notification.
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:
Email: [email protected]
For data protection complaints that we have not resolved to your satisfaction, you may contact the UK Information Commissioner's Office at ico.org.uk.
This Privacy Policy was last updated on 2 June 2026.