CVHelp

Privacy Policy — CVHelp

Last updated: 4 July 2026 · Version: 1.0

CVHelp ("we", "us", "the service") helps immigrants and expats in Norway tailor their CV and application letter (søknad) to the Norwegian job market. This policy explains what personal data we process, why, on what legal basis, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR), which applies in Norway through the EEA agreement.

1. Who is responsible (data controller)

The data controller is:

If you believe we process your data unlawfully, you may contact us at the address above or lodge a complaint with the Norwegian supervisory authority, Datatilsynet (datatilsynet.no).

2. What data we process, why, and on what legal basis

2.1 Account data

DataSourcePurposeLegal basis (GDPR Art. 6)
Email addressYou / Google loginLogin, email verification, service messagesContract 6(1)(b)
NameYou / Google loginIdentify your accountContract 6(1)(b)
Password (hashed, never plaintext)You (email signup)AuthenticationContract 6(1)(b)
Profile image URLGoogle login (optional)Display in the appContract 6(1)(b)
Login provider + OAuth tokensGoogle (if you use Google login)Keep you signed inContract 6(1)(b)
Session token, IP address, browser user-agentAutomatic on loginKeep you signed in, securityLegitimate interest 6(1)(f) — account security
Plan (free / paid) and usage countersAutomaticEnforce the free-tier limit and your subscriptionContract 6(1)(b)

2.2 CV and job-posting content — not stored

The text of your CV and the job posting you paste (or the PDF you upload) is the most sensitive data you give us. We do not store it. It is held only in memory for the seconds it takes to produce your analysis, sent to our AI provider to generate the result, and then discarded. It is never written to our database. See section 3 for where it is sent during processing.

A CV can contain special categories of data under GDPR Art. 9 (for example a photo, health information, trade-union membership, religion or ethnic origin). You control what you include. We strongly recommend removing photos and any sensitive details before uploading — they are not needed for the analysis and Norwegian CVs normally do not include them. We process the content you choose to submit only to deliver the analysis you requested, based on your request (contract, Art. 6(1)(b)) and, for any special-category data you choose to include, your explicit consent (Art. 9(2)(a)) given via the consent checkbox at submission.

2.3 Payment data

Subscriptions (49 NOK/month) are handled by Stripe. We never see or store your full card number — Stripe processes the payment and gives us only a customer reference and your subscription status. Legal basis: contract 6(1)(b); and legal obligation 6(1)(c) for accounting records.

3. Who we share data with (processors) and where it goes

We use the following processors. We do not sell your data or use it for advertising.

ProcessorPurposeData sentLocation / transfer mechanism
Neon (Postgres database)Store account dataAccount data (§2.1)EEA — Frankfurt. No transfer out of the EEA.
VercelHosting the websiteRequests, IP addressEEA — Frankfurt region (fra1).
GoogleOptional "Sign in with Google"Email, name, profile imageUSA — certified under the EU-US Data Privacy Framework (DPF).
ResendVerification and account emailsEmail addressUSA — EU Standard Contractual Clauses (SCCs) per Resend's DPA; also DPF-certified.
StripePayments and subscriptionsName, email, payment details, customer referenceUSA — certified under the EU-US Data Privacy Framework (DPF).
DeepSeekAI analysis of your CV and the job posting (primary provider)The CV and job-posting text you submitChina — see the transfer notice below.
Anthropic (Claude)AI analysis (alternative provider)The CV and job-posting text you submitUSA — certified under the EU-US Data Privacy Framework (DPF).

⚠️ Transfer notice — DeepSeek (China)

Our primary AI provider, DeepSeek, is based in the People's Republic of China. There is no EU adequacy decision for China, and DeepSeek does not currently offer EU Standard Contractual Clauses. This means the protections of the GDPR do not travel with your data there: Chinese authorities may have legal access to data processed on Chinese infrastructure, and you may not have effective legal remedies in China.

Because of this, we send your CV and job-posting text to DeepSeek only with your explicit, informed consent (GDPR Art. 49(1)(a)), which you give via the consent checkbox each time you request an analysis. Before consenting, consider:

4. How long we keep data

DataRetention
CV / job-posting contentNot stored — discarded immediately after processing
Account dataUntil you delete your account, then removed within 30 days
Usage countersLife of the account
Payment records5 years, as required by the Norwegian Bookkeeping Act (bokføringsloven)
Session / login recordsLifetime of the session

5. Your rights

Under GDPR you have the right to:

To exercise any of these, contact personvern@cvhelp.no. We respond within one month.

Because we do not store your CV or job-posting content, there is nothing for us to return or delete in respect of that content — it never persists beyond your request.

6. Security

Data is transmitted over HTTPS/TLS. Passwords are hashed. The database is hosted in the EEA with access restricted to the service. We enforce a strict Content-Security-Policy and standard security headers. No system is perfectly secure, but we take measures appropriate to the sensitivity of the data — above all by not storing your CV at all.

7. Cookies

We use a strictly necessary session cookie to keep you signed in. We do not use advertising or third-party tracking cookies, and we do not use analytics cookies.

8. Children

The service is intended for adults in the job market and is not directed at children under 16.

9. Changes to this policy

We may update this policy. Material changes will be announced in the app or by email. The "Last updated" date at the top reflects the current version.

10. Contact

Pavlo Larichev · Kong Oscars Gate, 5017 Bergen, Norway · personvern@cvhelp.no

← Back to front page