CVsprings logo CVsprings App EU AI Act Bias & Monitoring Terms Integrations

Privacy Policy

This page explains, in plain language, what data CVsprings processes and stores, for how long, who it is shared with, and how to exercise your rights. Last updated 12 June 2026 (v1.3.0).

Who is responsible for what: when an employer or recruitment team (the client) uses CVsprings to assess applications, the client is the data controller for candidate data. Chaulin, the operator of CVsprings, acts as the data processor, handling candidate data only on the client’s instructions. A Data Processing Agreement is available to clients.
A · For recruiters and client organizations

Account data we store

  • Your email address, your organization name, and your role (owner/member).
  • Your password as a bcrypt hash — never in plain text.
  • Session records (hashed tokens, expiry dates) and login metadata (last login, failed-attempt counters used for lockout protection).

The two candidate-data flows

  • CV content (transient). Uploaded CV files (PDF/DOCX) are content-checked, their text extracted, scored, and the files deleted from the server immediately after analysis. The extracted text is not stored. Scoring runs inside the CVsprings backend — no CV content is sent to any third-party AI or LLM service. Images, including photos, are never extracted or processed.
  • Audit records (stored on save). When you click “Save to Audit” (or have batch autosave enabled), the following is stored server-side in your organization’s account: candidate name (or anonymized label), file name, the four sub-scores and overall score, the weights used, verdict text, your decision and notes, a 300-character snippet of the job description, role tag, anonymization flag, the app and scoring-engine versions, the analysis timestamp, and your reviewer email.

Who can see stored data

Audit records, templates, role statistics and exports are scoped to your organization: users of one organization can never read, modify or delete another organization’s records (cross-organization requests are rejected server-side).

Retention — defaults and controls

  • Default: 365 days. A daily job permanently deletes audit records (and their change history) older than your organization’s retention setting.
  • Org owners can set retention between 30 and 1095 days, or 0 to keep records until manually deleted (Settings → Data Retention).
  • Per-candidate erasure: any record can be found by candidate-name search and individually deleted — this is the mechanism for honouring a candidate erasure request.
  • Org-wide controls (owners): export all audit records and templates as JSON (data portability / offboarding), or permanently delete all audit data with typed-name confirmation.
  • Account/session data is kept for as long as the account exists.

Subprocessors and third parties

NamePurposeLocation / regionTerms
Render Hosting of the CVsprings backend and database (incl. stored audit records). Render, Inc. (US company). Service region: TODO — operator: confirm the region selected in the Render dashboard (e.g. Frankfurt/EU or Oregon/US) and update this row. Render DPA
Plausible Analytics Cookieless, aggregate usage analytics on the app pages. According to Plausible’s published policy, no personal data or persistent identifiers are stored. Plausible Insights OÜ (Estonia, EU); states that data is hosted in the EU. Plausible data policy
Google Fonts The Inter typeface is loaded by your browser from Google’s CDN; that request exposes your IP address to Google. No candidate data is involved. Google LLC (US). Google privacy policy
Resend (optional) Password-reset emails to recruiter accounts — only if the operator has configured it. Processes recruiter email addresses only; never candidate data. TODO — operator: state whether Resend is enabled in production. Resend, Inc. (US). Resend DPA

No AI subprocessor: CVsprings’ scoring is a deterministic matching engine that runs inside the backend. CV content is not sent to any external AI/LLM provider.

International transfers

  • Hosting: if the Render service region is inside the EU/EEA, candidate data at rest does not leave the EU/EEA; if a non-EU region is selected, a transfer safeguard is required. TODO — operator: confirm region; if outside the EU/EEA, verify Render’s safeguard (SCCs and/or EU–US Data Privacy Framework status) and document it here.
  • Analytics: Plausible states EU hosting (no transfer).
  • Fonts: the Google Fonts request transfers the visitor’s IP address to Google (US). This affects app users (recruiters/visitors), not candidate CV data.
  • Email (if enabled): Resend is US-based and would process recruiter email addresses. TODO — operator: if enabled, verify Resend’s transfer safeguard.

Cookies and tracking

CVsprings sets no cookies. The app uses your browser’s localStorage for functional settings only (session token, saved preferences such as scoring weights, API address, cached templates) — this data stays in your browser and is not used for tracking. Analytics run via Plausible, which is cookieless and, per its published policy, collects no personal data. For these reasons the app does not show a cookie consent banner.

Contact for privacy requests

Privacy requests (access, correction, deletion, questions): TODO — operator: set PRIVACY_CONTACT_EMAIL in the server environment; it will be shown here automatically.

B · For candidates (whose CVs are processed)

If you applied for a job and your CV was assessed with CVsprings, here is what that means:

  • Your CV may be analyzed by this tool on behalf of the employer you applied to. The tool compares your CV’s text against the job requirements and produces an advisory score for the recruiter.
  • The employer is the data controller. CVsprings (operated by Chaulin) processes your data only on the employer’s instructions, as a processor.
  • No solely automated decisions are made. The tool never accepts or rejects anyone; scores are advisory, and decisions are made by the employer’s recruiters. The product is designed so that a score cannot be converted into a decision automatically.
  • Your CV file is not kept. It is deleted from the server right after analysis. If the recruiter saves the result, what is kept is a summary record (your name — or an anonymized label — scores, the recruiter’s decision and notes), retained under the employer’s retention settings.
  • To exercise your GDPR rights — access, rectification, erasure, restriction, or objection — contact the employer you applied to. They can find and delete your records in the product; CVsprings assists them in fulfilling such requests.
Related pages: EU AI Act compliance · scoring methodology, bias & monitoring. This policy describes actual product behaviour as of v1.3.0; open items are marked TODO rather than guessed.