Privacy Policy

1. Information We Collect

We limit data collection to assets vital for personal account authorization and professional document composition. This includes: your phone number (for secure mobile verification and account identification), your full name, contact information, academic milestones, and detailed work history. We do not sell, lease, or distribute your personal details to advertising agencies or data brokers.

2. Third-Party AI Data Processing Safeguards

To generate clean career overviews and optimize professional summaries, select information sections are securely sent to our integrated third-party AI providers. These pipelines are funneled through private, business-tier API configurations. Under these exact enterprise agreements, none of your personal data or career histories can be used, viewed, or stored by those providers to train public models.

3. Financial Gateway Security & Compliance

We treat your payment security with strict enterprise-grade standards. Digital card transactions are processed directly via PayHere, a premier payment provider approved by the Central Bank of Sri Lanka. PayHere maintains active PCI DSS Compliance (Payment Card Industry Data Security Standard), which guarantees all transmission payloads are encrypted with high-grade security protocols. Crucially, no credit card numbers, expiry dates, or CVV numbers ever hit, pass through, or sit on our internal database servers.

For manual banking alternatives (local bank transfers), we collect only the payment reference screenshot or reference code you submit to verify that your payment matches our statement logs. We also monitor anonymous analytics details to identify browser rendering problems and optimize template layout behavior.

4. Data Retention Limits & Your "Right to be Forgotten"

To allow returning users to update their CVs for future applications, we store account datasets for up to 2 years of complete system inactivity. However, we strictly honor your Right to be Forgotten. You can permanently wipe your digital presence from our systems at any point. Simply reach out to us via email or our verified WhatsApp support line with your registered phone number, and your database record, profile metrics, and generated PDFs will be scrubbed from our servers within 48 hours.

5. Mandatory Cookie & Tracking Declarations

Our web architecture uses standard, "strictly necessary" cookies. These elements are required for structural platform functions, such as keeping your session securely authenticated as you click between steps and protecting form actions using CSRF verification codes. These cookies contain no personally identifiable details. Disabling them through your browser's preference panel will break the resume editor's layout tracking workflow.

6. Technical Security Configurations

All communication between your device and cv200.lk is encrypted using standard SSL/TLS protocols. Password blocks are secured using industrial hashing parameters before database insertion, meaning they are unreadable even to our system administrators. We use strict firewall configurations and server-side folder controls to block unauthorized data access attempts.