Privacy & Data Security

Your data never leaves our secure processing environment. We prioritize privacy by design.

Our Privacy Commitment

What we do to protect your data.

SecurityZero RetentionFiles processed in-memory only
InfrastructureEU HostedSecure cloud infrastructure
PrivacyNo TrainingYour data is never used to train models
ProcessingInstant DestroyFiles wiped after processing
ComplianceGDPR CompliantFull data protection compliance

How We Protect Your Data

1Upload Securely

Your document is uploaded via HTTPS encrypted connection.

2Process in Memory

Files are loaded directly into RAM for processing. No disk writes.

3Extract Data

Automated processing extracts structured data and generates response.

4Destroy

Original file is immediately wiped from memory. Never stored.

Privacy Policy

What We Collect
  • API Requests: Documents sent for processing (processed in-memory, never stored)
  • Usage Data: API call counts for billing (no document content)
What We Do Not Collect
  • We do not store your documents after processing
  • We do not use your data for model training
  • We do not sell any data to third parties
  • We do not profile your API usage for advertising

GDPR Compliance Documentation

Expand each section to view our compliance documentation.

Data Processing Agreement

Enterprise DPA Available

We offer a Data Processing Agreement for enterprise customers. Contact us to discuss your requirements.

  • Data processing scope and purposes
  • Technical and organizational security measures
  • Sub-processor requirements
  • Breach notification procedures
  • Audit rights and compliance verification
Request a DPA

Terms of Service

Customer Responsibilities

  • Lawful Basis: You confirm you have lawful basis to process all documents you upload (consent, contract, legitimate interests, etc.)
  • Data Controller: You are the data controller for documents you upload. We are a data processor on your behalf.
  • Human Oversight: Our output is decision-support only. You must apply human judgment before making hiring decisions.
  • Non-Discrimination: You will not use our output to discriminate illegally against candidates.
  • Compliance: You will comply with all applicable laws including GDPR, employment law, and anti-discrimination law.

Acceptable Use

  • Process documents only with lawful basis
  • Do not upload documents obtained without proper authorization
  • Do not attempt to reverse engineer our systems
  • Do not resell the API in violation of our pricing terms

Disclaimer

The API provides extracted information based on documents submitted. We strive for accuracy but cannot guarantee completeness. Always validate critical information independently. Our outputs (scores, recommendations, identified patterns) are informational tools, not definitive judgments. Users are solely responsible for final decisions.

Limitation of Liability

We provide our API “as is” without warranties of any kind. We are not liable for hiring decisions made based on our output, discrimination claims arising from misuse of our output, inaccuracies in extracted data, or any consequential damages arising from API use. Users indemnify CVault against claims arising from their use of the API.