Security

How data and access work

This page explains what is saved, what is temporary, how login works, and how deletion works.

Try the CV checkRead FAQ

What is temporary and what is saved

Guest checks are temporary. Signed-in users can save sessions. Raw CV text and job description text are only stored when the user chooses to save them.

  • Guest runs do not create saved session history
  • Signed-in users can use the app without saving raw CV or job description text
  • Saving a profile CV is optional

Saved results

When a signed-in user saves a session, the generated review result is protected before it is stored.

  • Saved review output is encrypted before storage
  • Saved company insights use the same protection
  • Raw CV and job description text are optional

Login and account actions

Account actions require a valid login session. Requests that change data are checked before they are accepted.

  • Session cookies are HTTP-only
  • Requests that change data use CSRF and origin checks
  • Admin actions use protected endpoints

Deleting data

Users can remove saved data later. This includes single sessions or the whole account.

  • Delete individual saved sessions
  • Delete your account and related saved data
  • Login sessions can be revoked when needed

Retention

Some saved raw text is cleaned up automatically after a retention period. Older saved sessions can also be removed later by policy.

  • Saved raw CV and job description text can be cleared automatically
  • Older saved sessions can be removed by retention policy
  • The system keeps only the data needed to run the service

Service logs and monitoring

The service uses limited logs and monitoring to keep the app working and to fix problems.

  • Logs and monitoring help detect failures
  • Authentication, usage limits, and rate limits help prevent abuse
  • The product is for CV review, not for selling profile data