Cookie & Storage Policy
Remans Design Consulting · Y-tunnus 3532887-4 · Finland
Last updated: March 2025
🍪 We use browser local storage for essential functionality: daily run count, theme preference, account session, CV history, and user settings. We do not use tracking cookies or any third-party analytics.
What We Store (Local Storage Only)
- cva4 — daily run count and date of last reset. Enforces per-plan usage limits (Free: 1/day & 5/month, Pro: 10/day & 50/month, Pro+: 150/month). Resets automatically. Not clearable via "Clear Session Data" to prevent quota bypass — can only be cleared via browser developer tools. Contains no personal data.
- cva4_theme — UI theme preference ("dark" or "light"). Contains no personal data.
- cva4_consent — your cookie/storage consent choice ("accepted" or "rejected"). Required under GDPR Art. 7 to record your consent.
- cva5_auth — account session data (email, display name, plan tier). Stored only when you sign in. Contains no passwords or payment information.
- cva5_history — your saved CV run history, stored locally. Limited by plan tier (Free: 0, Pro: 5, Pro+: 15 saves). Clearable via "Clear Session Data".
- cva5_settings — user interface preferences and settings. Clearable via "Clear Session Data".
What We Do Not Store
- No cross-site identifiers or fingerprinting data.
- No CV content, job description text, or any user-generated content.
- No third-party tracking cookies, analytics, or advertising pixels.
Legal Basis
Local storage for run-count tracking is strictly necessary for the service to function (ePrivacy Directive Art. 5(3) exemption for "strictly necessary" storage). Theme preference storage requires your consent, which you provide by clicking Accept on the consent banner.
Managing Your Storage
You can clear all stored values at any time by: (a) clicking "Clear Session Data" in the profile menu, or (b) clearing your browser's local storage via your browser settings. This will not affect your ability to use the service.
Third-Party Services
CV Architect Pro uses the following third-party services, which may process data under their own privacy policies:
- Google Gemini API — processes CV and JD content in real time for AI analysis. Zero-retention policy for API inputs. See Google Privacy Policy.
- Supabase — authentication and account data storage (email, name, plan tier). Hosted on AWS (EU/US regions). See Supabase Privacy Policy.
- Stripe — payment processing for Pro and Pro+ subscriptions. PCI-DSS Level 1 certified. We never receive or store card details. See Stripe Privacy Policy.
- Fontshare (Monotype) — loads the Satoshi typeface from Fontshare's CDN. See Fontshare Terms.
- Google Fonts — loads the Instrument Serif, Fira Code, and Unbounded typefaces. See Google Privacy Policy.
- Cloudflare CDN — serves JavaScript libraries. See Cloudflare Privacy Policy.