Effective date: June 25, 2026

Privacy Policy

This Privacy Policy explains how Gravity Coders ("we", "us", or "our") collects, uses, stores, and protects your personal data when you use FitMyCV (the "Service"). It also describes your rights under the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data controller

Gravity Coders Piotr Obrębski
Albatrosów 4, 43-100 Tychy, Polska
Email: privacy@fitmycv.com

1. What data we collect

We collect only the data we need to run the Service:

  • Account data: your email address, authentication provider identifier (if you sign in with Google), and any optional profile information.
  • CV data: the text, structure, and content of your CV, including employment history, education, skills, contact details, and anything else you choose to include.
  • Job offer data: the text of job offers you paste, or the URL you give us to fetch an offer.
  • Your answers to improvement questions: when the Service asks you follow-up questions to refine your CV, we store your answers so we can tailor the result.
  • Generated content: ATS analyses, recruiter notes, and CVs generated by the Service.
  • Payment data: transaction history, credit balance, and purchase records. We do not store full payment card details; Stripe handles those.
  • Technical data: browser type, language preference, IP address, and cookies needed for authentication and basic functionality.
  • Anti-fraud identifiers: a one-way hash of your browser fingerprint and IP address, collected when you claim the welcome credit (including attempts that are blocked for fraud prevention). These are stored as hashes and cannot be used to see your browsing history or to identify you outside of fraud prevention.

2. Why we can process your data

Under the GDPR, we rely on these legal grounds:

  • Performance of a contract: processing your CV and job offer data to generate tailored CVs and analyses.
  • Your consent: for optional marketing communications and any processing you explicitly agree to.
  • Legal obligation: keeping payment records as required by Polish tax and accounting law.
  • Legitimate interest: keeping the Service secure, preventing fraud, and making improvements.

3. How we use your data

We use your data to:

  • Provide, operate, and improve the Service.
  • Analyze job offers and CVs using AI to generate compatibility scores and tailored CVs.
  • Manage your account, credits, and payments.
  • Communicate with you about your account, security, and support requests.
  • Send marketing communications only if you have given explicit consent.

4. AI processing and third-party services

To generate CVs and analyses, we send your CV text and job offer text to OpenAI via their API. OpenAI acts as a data processor under a Data Processing Addendum. OpenAI does not use data submitted through the API to train its models. Your data may be processed in the United States under Standard Contractual Clauses approved by the European Commission.

We also use the following sub-processors:

  • Supabase (database hosting, authentication): data stored in the EU (Ireland, eu-west-1).
  • Stripe (payment processing): data processed according to Stripe's terms and privacy policy.
  • Google (optional OAuth sign-in): if you choose to sign in with Google, Google processes your basic profile information.

5. Data retention

We retain your data for the following periods:

  • CV data and generated content: up to 1 year after your last activity. After this period, the data is automatically deleted.
  • Account data: retained until you delete your account or until you are inactive for an extended period, after which we may delete your account.
  • Payment and transaction records: retained for 7 years as required by Polish tax and accounting law.
  • Technical logs: retained for 30 days (security logs) or 90 days (error logs).
  • Anti-fraud identifiers: retained for up to 30 days after a successful welcome credit claim, or 14 days after a blocked attempt, after which they are automatically deleted.

6. Your rights

Under GDPR, you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): delete your data or account.
  • Restrict processing in certain circumstances.
  • Data portability: receive your data in a structured format.
  • Object to processing based on legitimate interests or direct marketing.
  • Withdraw consent at any time.

You can exercise most of these rights from your account Settings page. For other requests, contact us at privacy@fitmycv.com.

7. Cookies and similar technologies

We use cookies and local storage for essential functions such as authentication, language preferences, and dark mode. We do not use marketing or analytics cookies unless you explicitly consent to them. For more details, see our Cookie Policy.

8. Data security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest, Row Level Security (RLS) in our database, and secure authentication. Only authorized personnel can access production data.

9. Children's privacy

The Service is not intended for users under the age of 16. If we become aware that we have collected data from a child under 16, we will delete that data.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. The current version is always available at fitmycv.com/privacy.

11. Complaints

If you believe we have not handled your data in accordance with the law, you have the right to lodge a complaint with the Polish supervisory authority:

Prezes Urzędu Ochrony Danych Osobowych (UODO)
Stawki 2, 00-193 Warszawa, Polska
Website: uodo.gov.pl