Get started
Privacy Policy
1. Introduction

Execuro UG (“we”, “us”, “our”), a company registered in Berlin, Germany, operates CV Upgrade (https://getcvupgrade.com), a CV improvement SaaS platform.
We are committed to protecting your privacy and handling your personal data responsibly in compliance with:
  • EU General Data Protection Regulation (GDPR)
  • German Federal Data Protection Act (BDSG)
  • California Consumer Privacy Act (CCPA) (for US residents)
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
By using our website and services, you agree to the practices described in this Privacy Policy.

2. Data We Collect
We collect and process the following categories of data:
  • a) Account & Billing DataFirst name, last name
  • Email address
  • Billing information (processed via Stripe)
  • b) CV Content (User-Provided Data)Personal details (name, email, phone, location, links such as LinkedIn, GitHub, website, X/Twitter)
  • Work experience (job titles, companies, descriptions, responsibilities, achievements)
  • Education, skills, certifications, languages, projects, awards, volunteer experience, publications, hobbies
  • Optional job descriptions (if provided for analysis)
⚠️ Sensitive data: We do not intentionally collect or request sensitive categories of data (e.g., health, ethnicity, religion, political views). If you include such information in your CV, you are responsible for disclosing it voluntarily.
  • c) Technical & Usage DataCookies and analytics data (Google Analytics)
  • Device, browser, and IP information
  • Interaction with the platform (e.g., use of “auto-fix” or “manual fixes”)
3. How We Use Your Data
We use your data for:
  • Delivering our CV review, scoring, and improvement services
  • Processing payments (via Stripe)
  • Improving our platform and features
  • Analyzing website performance (Google Analytics)
  • Ensuring legal compliance and security
We may also use anonymized data for statistical and product improvement purposes.
4. Use of AI (OpenAI)
We use OpenAI’s API to analyze CV content and provide recommendations. This means that portions of your CV text may be transmitted securely to OpenAI’s servers for processing.
  • OpenAI does not use your data to train their models.
  • All transmissions are encrypted.
  • We only send data strictly necessary for the analysis.

5. Data Storage & Transfers
  • Your data is hosted on Heroku servers located in the United States.
  • By using our service, you acknowledge that your data will be stored and processed outside the EU/EEA.
  • We rely on Standard Contractual Clauses (SCCs) as safeguards for international data transfers in compliance with GDPR.
6. Data Retention
  • Free accounts: CVs and related data are stored for 30 days after the last change, then deleted.
  • Paid accounts: Data is retained as long as your subscription is active. If canceled, data will be treated as free accounts (30-day deletion rule).
  • User-initiated deletion: You can delete your account and data at any time.
We may retain minimal billing and transactional data as required by German tax law.
7. Legal Basis for Processing (GDPR)
We process your data based on the following legal grounds:
  • Art. 6(1)(b) GDPR – Contractual necessity (to provide our services)
  • Art. 6(1)(f) GDPR – Legitimate interest (improving services, preventing fraud)
  • Art. 6(1)(c) GDPR – Legal obligation (tax/accounting compliance)
  • Consent where explicitly required (cookies, analytics, optional marketing communication)
8. Sharing of Data
We only share your personal data with trusted service providers:
  • Stripe (payment processing)
  • Heroku (Salesforce) (hosting)
  • OpenAI (AI-powered CV analysis)
  • Google Analytics (usage analytics)
We do not sell your personal data.
9. Your Rights.
Depending on your location, you may have the following rights:
  • Under GDPR (EU/EEA residents):Access, rectification, and erasure of your data (Art. 15–17)
  • Restriction or objection to processing (Art. 18–21)
  • Data portability (Art. 20)
  • Right to lodge a complaint with your local supervisory authority
  • Under CCPA (California residents):Right to know what data we collect and how it’s used
  • Right to request deletion of personal data
  • Right to opt out of sale of personal data (we do not sell personal data)
  • Under PIPEDA (Canada residents):Right to access and correct your personal information
  • Right to withdraw consent to processing
You can exercise these rights at any time by contacting us at inbox@execuro.com.

10. Cookies & Tracking
We use cookies for:
  • Authentication & session management
  • Analytics (Google Analytics)
  • Improving website functionality
You can manage cookies via your browser settings.
11. Security
We implement appropriate technical and organizational measures to protect your data, including encryption in transit and secure storage. However, no system is 100% secure.
12. Contact Us
Execuro UG
Berlin, Germany
Email: inbox@execuro.com
If you are in the EU, you may also contact the Berlin Data Protection Authority
(Berliner Beauftragte für Datenschutz und Informationsfreiheit).
September, 1 / 2025