GoGetCV logo

GoGetCV

Proof-Based CV & Cover Letter Builder
Log inSign up

Privacy Policy

Effective date: 2026-04-05
Last updated: 2026-04-05
Version: 1.0

This Privacy Policy explains how GoGetCV ("GoGetCV," "Qodoxo," "we," "us," or "our") collects, uses, discloses, and protects personal data when you access or use the GoGetCV websites, applications, AI features, and related services made available at or through gogetcv.com (collectively, the "Service").

GoGetCV is operated by Qodoxo AB, a company incorporated in Sweden.

By using the Service, you acknowledge the practices described in this Privacy Policy. If you do not agree, do not use the Service.

The English version controls. Any translation is provided for convenience only.

1) Who We Are and Scope

  • Data controller: Qodoxo AB
  • Mailing address: Qodoxo AB, Attn: Privacy Team, Nybodagatan 10, 171 42 Solna, Sweden
  • Contact: [email protected]

This Privacy Policy applies to personal data we process when you:

  • visit our website;
  • create or use a GoGetCV account;
  • upload CVs, resumes, cover letters, or related documents;
  • build or manage a candidate profile;
  • submit job postings or job URLs for analysis;
  • use AI-assisted drafting, generation, extraction, scoring, validation, or export features;
  • purchase or use a subscription, credits, or promotions; or
  • contact us for support, security, billing, or legal matters.

This Privacy Policy does not apply to third-party services, websites, or applications that are governed by their own privacy policies.

2) What We Collect

We collect personal data from you, from your device, from third-party services you choose to use, and from our service providers.

A) Account and Authentication Data

  • name, email address, and login credentials;
  • authentication and security data such as password hashes, refresh tokens, session records, login history, device/session metadata, and multi-factor authentication settings;
  • Google sign-in profile data if you choose Google authentication; and
  • preferences such as language, account settings, and notification choices.

B) Candidate Profile and Career Data

  • profile details you provide, including headline, summary, location, role interests, and related profile information;
  • work experience, job titles, employers, achievements, responsibilities, dates, skills, projects, and evidence claims;
  • education, certifications, languages, and other qualifications;
  • uploaded CVs, resumes, cover letters, and related files;
  • structured content extracted from your uploads; and
  • template selections, tailoring preferences, and document customization settings.

C) Job Posting and Application Data

  • job posting URLs or job descriptions you submit;
  • scraped or retrieved job posting content;
  • structured extraction of job responsibilities, requirements, signals, constraints, and related metadata;
  • application tracking data you create, such as statuses, notes, reminders, and events; and
  • AI-assisted application support content, including interview preparation and email drafts.

D) Generated and Derived Data

  • AI-generated CV drafts, cover letter drafts, application materials, evidence drafts, summaries, classifications, and recommendations;
  • PDF renderings and export metadata;
  • evidence validation results, quality signals, scores, and concept mappings; and
  • system-generated logs and records about requested AI operations.

E) Billing, Subscription, and Credit Data

  • subscription plan, plan status, renewal dates, cancellations, invoices, and billing history;
  • credit balance, credit consumption, ledger entries, promotional credits, and credit cost application records;
  • limited payment-related details made available by our payment processors, such as processor customer identifiers, last four digits, card brand, expiration month/year, billing country, and payment status; and
  • promotional code redemption data.

We do not store full payment card numbers.

F) Usage, Device, and Technical Data

  • IP address, browser type, device type, operating system, app version, time zone, language, and similar device or browser metadata;
  • pages viewed, features used, clicks, request timing, session activity, referrers, and diagnostic events;
  • logs relating to errors, crashes, latency, queue status, and system performance; and
  • security and abuse-prevention signals.

G) Communications

  • support requests, feedback, survey responses, billing inquiries, and security reports; and
  • marketing subscription preferences and related consent records.

H) Data From Third Parties

We may receive data from:

  • authentication providers such as Google;
  • payment processors such as Stripe;
  • infrastructure, analytics, monitoring, anti-bot, and fraud-prevention providers; and
  • public job posting websites or sources you instruct us to analyze.

3) How We Use Personal Data

We use personal data to:

  • create, secure, and maintain your account;
  • authenticate users and prevent fraud, abuse, and unauthorized access;
  • process uploaded documents and candidate profile data;
  • analyze job postings and generate structured job data;
  • generate, tailor, score, validate, regenerate, export, and store CVs, cover letters, PDFs, and related outputs;
  • operate the credit system, subscriptions, billing, renewals, and promotional programs;
  • provide customer support and respond to legal, billing, and security inquiries;
  • monitor performance, debug issues, and improve reliability and product quality;
  • enforce our Terms, detect misuse, and protect the Service, our users, and third parties;
  • comply with legal obligations, regulatory obligations, tax rules, and lawful requests; and
  • send administrative notices and, where permitted, marketing communications.

We may create aggregated or de-identified data for analytics, operations, security, product planning, and service improvement.

4) Legal Bases for Processing

If you are in the EEA, UK, or Switzerland, we generally rely on one or more of the following legal bases:

  • contract, where processing is necessary to provide the Service;
  • legitimate interests, including service security, abuse prevention, analytics, product improvement, support, and business operations;
  • consent, where required, including for certain marketing activities or optional connected services; and
  • legal obligation, where processing is required to comply with law, taxation, accounting, regulatory, or enforcement duties.

Where we rely on legitimate interests, we consider and balance the impact on your rights.

5) AI Features and Automated Processing

The Service uses automated systems, including third-party AI models, to process inputs and generate outputs.

What May Be Processed by AI Providers

Depending on the feature you use, we may send limited relevant data to AI providers, such as:

  • portions of your candidate profile;
  • content from uploaded CVs, resumes, and cover letters;
  • job posting text, URLs, or extracted job details;
  • your prompts, instructions, or edits; and
  • prior draft context needed to fulfill your request.

Why We Use AI Processing

We use AI processing to:

  • extract structured information from uploaded documents or job postings;
  • generate tailored CVs, resumes, cover letters, interview preparation, and related assistance;
  • score, validate, or improve evidence claims and content quality; and
  • support feature quality, formatting, and document generation workflows.

AI Providers and Model Changes

  • We may use multiple AI providers and model families, including OpenAI and AWS Bedrock-based services.
  • We may change providers, models, and model routing over time.
  • We instruct AI providers not to use your content for model training where supported by the applicable provider terms and configuration.

Important Accuracy Notice

AI outputs can be inaccurate, incomplete, misleading, or fabricated. You are responsible for reviewing and verifying generated content before using it. This accuracy notice is further addressed in our Terms of Service.

We do not use automated decision-making that produces legal or similarly significant effects about you without appropriate human involvement.

6) How We Share Personal Data

We may share personal data in the following circumstances:

Service Providers and Processors

We share data with vendors that help us operate the Service, including providers for:

  • cloud hosting, storage, networking, and databases;
  • payment processing and subscription management;
  • AI model access and inference;
  • authentication and anti-bot protection;
  • analytics, monitoring, logging, and error reporting;
  • email delivery and communications; and
  • customer support and security operations.

These providers process data on our behalf subject to contracts and legal safeguards.

Payment Processors

Payments are processed by Stripe or another processor we designate. Those processors handle payment information under their own terms and privacy policies.

Authentication Providers

If you use Google sign-in or another third-party login method, those providers process relevant authentication data under their own policies.

Legal, Compliance, and Protection

We may disclose personal data where reasonably necessary to:

  • comply with law, regulation, legal process, or lawful governmental request;
  • enforce our Terms or other agreements;
  • detect, investigate, or prevent fraud, abuse, security issues, or illegal activity; or
  • protect our rights, property, safety, users, or third parties.

Business Transfers

We may share or transfer personal data in connection with a merger, acquisition, restructuring, financing, asset sale, or insolvency transaction.

With Your Direction

We may share data when you ask us to do so or when sharing is inherent in a feature you choose to use.

We do not sell personal data, and we do not share personal data for cross-context behavioral advertising as those terms are used under certain privacy laws.

7) International Transfers

We are based in Sweden, and we or our providers may process personal data in other countries.

When required, we use appropriate safeguards for international transfers, such as:

  • the European Commission's Standard Contractual Clauses;
  • the UK International Data Transfer Addendum or equivalent mechanisms; and
  • supplementary contractual, technical, and organizational measures where appropriate.

You may contact us for more information about transfer safeguards.

8) Cookies, Similar Technologies, and Local Storage

We use cookies and similar technologies for purposes such as:

  • authentication and session management;
  • security, abuse prevention, and fraud detection;
  • preferences and language selection;
  • measuring traffic, performance, and usage; and
  • supporting core application functionality.

The frontend may also use limited browser storage for technical or performance purposes. We do not use local storage as the primary storage location for user-owned account data.

You can manage cookies through your browser settings, but disabling some technologies may reduce functionality.

9) Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, comply with law, resolve disputes, and enforce agreements.

Examples:

  • account data: while your account is active and for a reasonable period afterward;
  • candidate profiles, uploaded files, job postings, and generated outputs: until deleted by you, removed by us, or deleted as part of account deletion workflows, subject to backups and legal holds;
  • billing, subscription, and tax records: for the period required by law;
  • logs and security records: for as long as reasonably necessary for security, abuse prevention, troubleshooting, and compliance; and
  • backups: for limited retention periods according to our backup cycles.

If we are required to retain certain data by law or for dispute resolution, we may retain it for longer.

10) Data Security

We use technical and organizational measures designed to protect personal data, including:

  • encryption in transit;
  • access controls and least-privilege practices;
  • monitoring, logging, and security review processes;
  • vendor due diligence and contractual controls; and
  • procedures for incident response and system maintenance.

No system is completely secure. We cannot guarantee absolute security.

If you believe you have discovered a security issue, contact [email protected].

11) Your Rights and Choices

Depending on your location, you may have rights that include:

  • access to personal data;
  • correction of inaccurate personal data;
  • deletion of personal data;
  • restriction of processing;
  • data portability;
  • objection to certain processing based on legitimate interests; and
  • withdrawal of consent where processing is based on consent.

You may also:

  • update certain account information in the Service;
  • cancel marketing communications through unsubscribe links or account settings; and
  • request account deletion, subject to legal and operational limitations.

To exercise rights, contact [email protected]. We may need to verify your identity before acting on a request.

12) California Privacy Rights

If you are a California resident, you may have rights under California privacy law, including rights to know, access, correct, and delete certain personal information, subject to exceptions.

  • Categories of personal information collected are described in Section 2.
  • Sources and purposes are described in Sections 2 and 3.
  • We disclose personal information to service providers and processors as described in Section 6.
  • We do not sell personal information or share it for cross-context behavioral advertising.
  • We will not unlawfully discriminate against you for exercising applicable privacy rights.

To submit a request, contact [email protected].

13) Canada (PIPEDA)

If you are in Canada, you may request access to or correction of your personal data, subject to legal limitations. You may also withdraw consent where consent is the legal basis, subject to legal or contractual restrictions.

Contact [email protected] with privacy requests.

14) Brazil (LGPD)

If you are in Brazil, you may have rights under the LGPD, including confirmation of processing, access, correction, anonymization, portability, deletion where applicable, and information about sharing and legal bases.

Contact [email protected] with privacy requests.

15) Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If the law in your jurisdiction sets a higher age threshold, the Service is intended only for users meeting that threshold.

If you believe a child has provided personal data in violation of this section, contact [email protected].

16) Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

  • We will post the updated version and revise the effective or last updated date.
  • If changes are material, we may provide notice by email, in-app notice, website banner, or other reasonable means.
  • Your continued use of the Service after the effective date of the updated policy means you acknowledge the updated policy.

17) Contact Us

Qodoxo AB
Attn: Privacy Team
Nybodagatan 10, 171 42 Solna, Sweden
[email protected]

If you are in the EEA and believe we have not resolved your concern, you may have the right to lodge a complaint with your local supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (IMY).

18) Categories of Subprocessors

We may use subprocessors or service providers in categories such as:

  • cloud infrastructure and database hosting;
  • AI model providers and inference services;
  • payment processing and billing systems;
  • authentication and anti-bot providers;
  • email delivery and communications;
  • analytics, logging, and error monitoring; and
  • security and operational support tools.

Current providers may include services such as OpenAI, AWS, Stripe, Google, and Cloudflare, along with other infrastructure and support vendors we select over time.