Privacy Policy
Last Updated: May 23, 2026
At CVDrop.app, your privacy is critically important to us. This Privacy Policy outlines what information we collect, how we use it, and the strict limits we place on data sharing.
1. Information We Collect
- Uploaded Files: When you use our service, we temporarily or permanently store the PDF document you upload on our secure cloud infrastructure.
- Analytics Data: When someone clicks your generated link, we collect the following data strictly to provide you with view analytics: the timestamp of the view, the viewer's approximate country (derived from Cloudflare network headers), time spent on each page of the document, and an anonymised SHA-256 hash of the viewer's IP address (used solely to count unique views - the raw IP address is never stored).
- Account Data: If you register via Google Authentication, we receive your email address, name, and profile picture.
- Payment Data: If you upgrade to a Pro plan, payments are processed securely by Dodo Payments. We do not process or store your credit card information on our servers.
2. Viewer Data & Third-Party Privacy
Viewers of your CVDrop link - such as recruiters or hiring managers - are third parties who have not created a CVDrop account. When they open your link, we automatically collect the data described in Section 1 to provide you with view analytics.
Specifically, we collect and store:
- A one-way SHA-256 hash of the viewer's IP address (cannot be reversed to the original IP)
- The viewer's country, derived from network headers
- Timestamps of each page view
- Time spent on each page of the document
We do not collect or store: raw IP addresses, device type, browser version, operating system, screen resolution, or any form of device fingerprint.
Viewer analytics data is retained for a maximum of 90 days, after which it is permanently deleted. This data is never sold, never used for advertising, and is associated only with the specific document link. Viewers may contact us at the email in Section 8 to request deletion of data associated with their session.
3. How We Use Your Information
We use the information we collect solely to:
- Host your document and serve it to the individuals you share your link with.
- Provide you with accurate tracking analytics regarding who opened your link.
- Authenticate you into your dashboard.
- Prevent abuse, spam, and illegal activities on our platform.
4. Data Sharing and Disclosure
We do not sell your personal information or your uploaded documents to anyone.We only share data with trusted third-party service providers (such as Cloudflare for secure cloud hosting, and Dodo Payments for payments) strictly necessary to operate the service. We may also disclose data if required by law or to protect our legal rights.
5. Public Link Visibility
The core feature of CVDrop.app is generating a unique URL for your file. While these URLs are cryptographically random and unguessable, the URLs are fundamentally public. Anyone who obtains the URL will be able to view and download your resume. You are responsible for ensuring the link is only shared with trusted parties.
6. Data Retention and Auto-Deletion
If you do not create an account, your uploaded document and its associated data are automatically and permanently deleted from our servers after 36 hours. If you create an account and "claim" the file, it will remain stored until you explicitly delete it from your dashboard or delete your account.
7. Security Limitations
While we use industry-standard security measures (such as TLS/SSL encryption and secure cloud buckets) to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security and are not liable for unauthorized access or data breaches.
8. Contact Us
If you have any questions regarding this Privacy Policy or wish to request the deletion of your account and associated data, please contact us at privacy@cvdrop.app.