Privacy Policy

Name: CVOR
Author: CVOR Technologies

Effective Date: 2025-06-04
Last Updated: 2026-02-28

At CVOR, privacy is a core design principle. All CVOR products are built to minimise centralised data collection and to operate primarily through local, user-controlled processing.

This Privacy Policy explains how information is handled when you use CVOR software and services, including:

the CVOR Mobile Application, and
the CVOR Scout Desktop Job Matching Engine (together, the “CVOR Products”), as well as CVOR-related websites and official support channels.

CVOR is operated by CVOR Technologies Ltd, incorporated in England & Wales. Where applicable under data protection law, CVOR Technologies Ltd acts as a data controller only with respect to the limited categories of data it actually processes, and not for user content that remains on the user’s device or within user-controlled third-party services.

1. Scope of This Policy

This Privacy Policy applies to the following CVOR Products and services:

CVOR Guard — the CVOR mobile application for iOS and Android
CVOR Scout — the CVOR desktop job matching engine for macOS and Windows
CVOR websites and official support channels

This Privacy Policy does not apply to third-party services, APIs, job sources, cloud providers, operating systems, or language models that you independently connect to the CVOR Products. Such services are governed by their own privacy policies and terms.

2. Core Privacy Architecture

CVOR Products are designed around the following principles:

Local-First Processing: Sensitive document and job matching operations are designed to run on your device
User-Owned Infrastructure: You connect and control your own third-party accounts, APIs, and storage
Minimal Centralised Processing: CVOR does not provide hosted document storage or centralised job-matching services
No Behavioural Profiling: CVOR does not require account creation or sign-up and does not intentionally aggregate or monetise user behaviour

As a result, the majority of data processed through CVOR Products is handled locally or within user-controlled third-party services.

3. Categories of Data CVOR Does Not Intentionally Collect

CVOR is designed not to collect or store:

Resumes, CVs, cover letters, or identity documents
Job match histories, applications, or outcomes
Centralised user profiles
Advertising identifiers
Cross-app or cross-website tracking data
User documents or job data on CVOR-operated servers

CVOR does not sell, rent, or trade personal data, and does not use personal data for advertising, ranking, or behavioural profiling.

4. User-Provided Content & Local Processing

4.1 Mobile App – Secure Document Utilities & Job Matching

The CVOR mobile app includes:

CVOR Guard — document and image utilities (e.g., watermarking, PDF tools)
CVOR Scout — job matching and results viewing using data you control

CVOR Guard — Local Document Utilities

These features are designed to process content locally on your device, with no transmission to CVOR-controlled servers, including:

PDFs, images, and related files
File names, labels, watermark text, and recipient identifiers
Embedded document metadata

Key Points:

Your files remain your sole property
CVOR does not design these features to upload documents to CVOR servers
CVOR does not intentionally receive or store user files
Documents remain under your control on your device or within services you choose to use

Any data you enter or process in the App remains local unless explicitly shared by you using your device’s sharing tools. Any sharing action is voluntary, and CVOR is not responsible for misuse once content leaves your device.

CVOR Scout — CV Job Match Viewer

The mobile app can:

sign in using Google OAuth (optional)
retrieve job listings via a third-party API you configure
generate job-match results locally on your device using a rules-based algorithm
read and write job-match results stored locally on your device
display results and open third-party job listings in your device browser
track and manage job listing status via the app

Key Points:

The app uses Google OAuth only after you explicitly authorise access
Any job matching and analysis runs locally on your device
The app does not perform job scraping, enrichment, or AI analysis on CVOR servers
CVOR does not receive or store job listings, match results, or Google data
Status tracking data is stored on your device and managed locally by the app

All substantive processing happens on your device or directly between your device and Google or other third-party services you choose to connect.

Watermarking & Content Responsibility

You may choose to embed visible or invisible watermark data into documents, including:

Timestamp, recipient label, purpose, project name, or other free-text fields

Watermarking is processed entirely on-device. CVOR does not access, transmit, or log this information. You are solely responsible for any content embedded or shared.

4.2 Desktop Job Matching Engine – Local Automation

The CVOR desktop job match engine is a locally installed application that performs job-search and matching automation on your computer.

At your direction, it may:

retrieve job listings via a third-party API you configure
Compare job listings against your CV locally
Generate relevance scores and explanations
Write structured outputs to your own cloud storage (e.g., Google Drive/Sheets)

These operations are designed to occur locally or directly between your device and third-party services. CVOR does not operate centralised infrastructure for receiving or storing CVs, job listings, match results, or API credentials.

5. Use of Local Language Models (Desktop Engine)

5.1 Local Model Execution

The CVOR desktop engine may use a local, open-source language model to assist with job-matching analysis and explanation generation.

The model runs locally on your device
Prompts, documents, and outputs are processed on-device
CVOR does not receive or transmit model inputs or outputs

5.2 Model Distribution via Hugging Face

Language models may be downloaded from Hugging Face Hub, an independent third-party model distribution platform.

Downloads occur directly between your device and Hugging Face
CVOR does not proxy, relay, or host model downloads
Standard network information (such as IP address) may be processed by Hugging Face as part of normal download requests

CVOR does not train, fine-tune, or modify language models using user data.

6. Third-Party APIs & Services You Connect

6.1 Google Drive & Google Sheets APIs - Summary

CVOR Products may access Google Drive and Google Sheets only after you explicitly authorise access via Google OAuth.

Authentication occurs directly between your device and Google
OAuth tokens are stored locally on your device
CVOR does not receive or store OAuth tokens
Access scopes are limited to user-requested functionality
Permissions are revocable at any time via the Google account settings

6.2 Google User Data — Detailed Disclosure

CVOR Products may access limited Google user data only after you explicitly authorise access via Google OAuth. This section provides a detailed disclosure of the data accessed, its use, storage, sharing, and retention, in accordance with Google API Services User Data Policy requirements.

6.2.1 Google APIs & Scopes Requested

CVOR Products request the following Google API scopes solely to enable user-requested functionality:

Google Drive API — drive.file
Access to files and folders that you explicitly create, select, or manage using CVOR Products.
Google Sheets API
Access to Google Sheets that are explicitly created or selected by you for storing job matching outputs or entitlement indicators.

CVOR does not request full Drive access and cannot access files that are unrelated to CVOR-generated or user-selected content.

6.2.2 Types of Google User Data Accessed

Depending on your actions, CVOR Products may access:

File metadata (file name, file ID, folder structure) for CVOR-related files
Spreadsheet cell data contained in Google Sheets you explicitly authorise
Folder paths created by the CVOR desktop engine (e.g., a “CVOR” folder)

CVOR does not access:

Gmail data
Contacts
Calendar data
Google Profile information
Files unrelated to CVOR workflows

6.2.3 How Google User Data Is Used

Google user data is accessed and used only to provide the functionality you explicitly request, including:

Writing job-search and matching results generated locally on your device (mobile app or desktop engine) to your Google Sheets
Reading job-match results from your Google Sheets for display within the CVOR mobile app
Reading entitlement indicators stored in your Google Drive to enable subscribed features

CVOR Products:

Do not modify job data beyond formatting for display
Do not enrich, analyse, or profile Google user data centrally
Do not use Google user data for advertising, analytics, or marketing
Do not use Google user data to train AI or machine learning models

All substantive processing occurs locally on your device or directly between your device and Google.

6.2.4 Data Sharing & Third Parties

CVOR does not share Google user data with any third parties.

Specifically:

Google user data is not transmitted to CVOR-operated servers
Google user data is not sold, rented, or disclosed to advertisers, recruiters, or data brokers
CVOR does not allow third parties to access Google user data through its products

Any access to Google services occurs directly between your device and Google’s servers under Google’s own terms and privacy policy.

6.2.5 Data Storage & Security

OAuth authentication is handled directly by Google
OAuth tokens are stored locally on your device
CVOR does not store OAuth tokens or Google user data on CVOR-controlled servers

Security protections rely on:

Google’s OAuth security controls
Your device’s operating system security
Your Google account security settings

You may revoke CVOR’s access at any time via your Google Account permissions.

6.2.6 Data Retention & Deletion

Google user data remains in your Google Drive or Google Sheets under your control
CVOR does not retain copies of Google user data
Uninstalling CVOR Products removes local OAuth tokens and application data
You may delete any CVOR-related files directly from your Google Drive at any time

Because CVOR does not store Google user data on its own servers, deletion requests are fulfilled by you through Google’s standard file deletion mechanisms.

6.2.7 Google API Limited Use Compliance

CVOR’s use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

Google user data is:

Used only to provide user-requested features
Not used for advertising or behavioural profiling
Not transferred except as necessary to provide core functionality
Not used to train AI or machine learning models

6.3 Job Listings via SERP API

If you configure SERP API:

You create and manage your own SERP API account
Requests are made directly from your device
CVOR does not receive job listings or API credentials

SERP API operates independently and is governed by its own policies.

You can refer to the SERP API policy here.

6.4 Other Third-Party APIs

Any additional APIs you connect operate independently of CVOR. CVOR is not responsible for their data handling practices or legal compliance.

6.5 Open Source Libraries

CVOR uses third-party open-source libraries in the App, which are governed by their respective open-source licenses. These libraries are integrated for the purpose of enhancing the functionality of the App.

By using the App, you agree to comply with the terms and conditions of these open-source licenses.
For inquiries, contact us on [email protected].

7. Billing & Payments

Payments may be processed via platform providers (e.g., Apple App Store, Google Play).

Billing information is collected and processed by the relevant provider (ios - App Store Billing, Android - Google Play Billing)
CVOR does not store full payment credentials
CVOR may maintain a non-identifying entitlement indicator (e.g., paid/unpaid status) to enable access to purchased features saved locally to your google drive.

8. Automatically Collected Technical Data (Mobile App Only)

We use third-party services solely for performance and crash diagnostics. These providers may process limited anonymized data, such as crash logs and device metadata.

Firebase Crashlytics/Google Analytics for Firebase - Crash diagnostics - Anonymised error logs, Device type & OS
Google Play / Apple Services - Subscription & billing management - Purchase & OS-level metadata

Google Analytics for Firebase is configured with:

Data sharing and ad personalization disabled
No user identifiers or advertising IDs
IP anonymization enabled by default

We do not authorize these services to use your data for behavioural advertising or profiling.

These providers are subject to their own privacy policies and compliance obligations, including:

Standard Contractual Clauses (SCCs) under the GDPR
Data Privacy Framework (DPF), where applicable

⚠️ CVOR does not control how these services handle data beyond our limited use and configuration. We rely on their published compliance with applicable privacy laws and best practices.

Note: Raw crash reports that might contain transient technical details are automatically anonymised and aggregated by Firebase before being made available to us. No personal identifiers, advertising IDs, or user-specific information are ever stored or accessible to us. Aggregated, non-personal analytics (such as total crash-free users or average crash rates) may be retained by Firebase for longer periods in accordance with their retention practices. These statistics are used only to understand long-term app stability and trends, not to profile or identify users. Because the data is fully anonymised and cannot reasonably be linked to any individual, it is not considered personal data under GDPR or similar laws.

You can find their policies below:

9. Support Communications

When you contact CVOR support (e.g., via [email protected] or official support channels):

Data Collected:

Your email address
Message content and any attachments you provide
Technical details you voluntarily share (e.g., device type, OS version, logs)

How We Use It:

To respond to your inquiry and provide technical assistance
To diagnose and resolve bugs or issues
To improve product documentation and support resources

Data Sharing:

Support communications are not sold, rented, or shared with third parties
Limited disclosure may occur to service providers (e.g., email hosting) under confidentiality obligations

Retention:

Support messages are deleted within 30 days of issue resolution
You may request earlier deletion by contacting support

Legal Basis (GDPR/UK GDPR):

Processing is necessary to take steps at your request prior to entering into a contract, or
Legitimate interest in providing customer support and improving our products

10. Data Retention

User content remains on your device or within services you control
Uninstalling CVOR Products removes local application data

11. Children's Privacy

CVOR Products are general-purpose tools and are not directed at children.

App store age ratings: Android 3+, iOS 4+
CVOR does not knowingly collect personal data from children

12. Security Responsibilities

CVOR Products rely on device-level security. Users are responsible for securing their devices and third-party accounts.

13. Your Rights

Depending on your jurisdiction, you may have rights under GDPR, UK GDPR, or CPRA. These rights generally apply only to limited data such as support communications.

14. International Data Transfers

Limited technical data may be processed outside your jurisdiction using appropriate safeguards.

15. Website Analytics & Cookies

We do not place advertising cookies or behavioural trackers on our website.
We do not use your data for automated decision-making or profiling, and we do not use advertising identifiers or behavioural targeting.

16. Policy Updates

Material changes will be communicated via the app or website.

17. Governing Law

This Privacy Policy is governed by the laws of England & Wales, without prejudice to mandatory local protections.

18. Contact

📧 [email protected]

Legal Clarifications

CVOR is a software tool, not a job board, recruiter, employer, or data broker.
CVOR does not guarantee employment outcomes.
Users remain responsible for content they create and services they connect.

Privacy Policy

Effective Date: 2025-06-04
Last Updated: 2026-02-28

At CVOR, privacy is a core design principle. All CVOR products are built to minimise centralised data collection and to operate primarily through local, user-controlled processing.

This Privacy Policy explains how information is handled when you use CVOR software and services, including:

the CVOR Mobile Application, and
the CVOR Scout Desktop Job Matching Engine (together, the “CVOR Products”), as well as CVOR-related websites and official support channels.

1. Scope of This Policy

This Privacy Policy applies to the following CVOR Products and services:

CVOR Guard — the CVOR mobile application for iOS and Android
CVOR Scout — the CVOR desktop job matching engine for macOS and Windows
CVOR websites and official support channels

2. Core Privacy Architecture

CVOR Products are designed around the following principles:

Local-First Processing: Sensitive document and job matching operations are designed to run on your device
User-Owned Infrastructure: You connect and control your own third-party accounts, APIs, and storage
Minimal Centralised Processing: CVOR does not provide hosted document storage or centralised job-matching services
No Behavioural Profiling: CVOR does not require account creation or sign-up and does not intentionally aggregate or monetise user behaviour

As a result, the majority of data processed through CVOR Products is handled locally or within user-controlled third-party services.

3. Categories of Data CVOR Does Not Intentionally Collect

CVOR is designed not to collect or store:

Resumes, CVs, cover letters, or identity documents
Job match histories, applications, or outcomes
Centralised user profiles
Advertising identifiers
Cross-app or cross-website tracking data
User documents or job data on CVOR-operated servers

CVOR does not sell, rent, or trade personal data, and does not use personal data for advertising, ranking, or behavioural profiling.

4. User-Provided Content & Local Processing

4.1 Mobile App – Secure Document Utilities & Job Matching

The CVOR mobile app includes:

CVOR Guard — document and image utilities (e.g., watermarking, PDF tools)
CVOR Scout — job matching and results viewing using data you control

CVOR Guard — Local Document Utilities

These features are designed to process content locally on your device, with no transmission to CVOR-controlled servers, including:

PDFs, images, and related files
File names, labels, watermark text, and recipient identifiers
Embedded document metadata

Key Points:

Your files remain your sole property
CVOR does not design these features to upload documents to CVOR servers
CVOR does not intentionally receive or store user files
Documents remain under your control on your device or within services you choose to use

CVOR Scout — CV Job Match Viewer

The mobile app can:

sign in using Google OAuth (optional)
retrieve job listings via a third-party API you configure
generate job-match results locally on your device using a rules-based algorithm
read and write job-match results stored locally on your device
display results and open third-party job listings in your device browser
track and manage job listing status via the app

Key Points:

The app uses Google OAuth only after you explicitly authorise access
Any job matching and analysis runs locally on your device
The app does not perform job scraping, enrichment, or AI analysis on CVOR servers
CVOR does not receive or store job listings, match results, or Google data
Status tracking data is stored on your device and managed locally by the app

All substantive processing happens on your device or directly between your device and Google or other third-party services you choose to connect.

Watermarking & Content Responsibility

You may choose to embed visible or invisible watermark data into documents, including:

Timestamp, recipient label, purpose, project name, or other free-text fields

Watermarking is processed entirely on-device. CVOR does not access, transmit, or log this information. You are solely responsible for any content embedded or shared.

4.2 Desktop Job Matching Engine – Local Automation

The CVOR desktop job match engine is a locally installed application that performs job-search and matching automation on your computer.

At your direction, it may:

retrieve job listings via a third-party API you configure
Compare job listings against your CV locally
Generate relevance scores and explanations
Write structured outputs to your own cloud storage (e.g., Google Drive/Sheets)

5. Use of Local Language Models (Desktop Engine)

5.1 Local Model Execution

The CVOR desktop engine may use a local, open-source language model to assist with job-matching analysis and explanation generation.

The model runs locally on your device
Prompts, documents, and outputs are processed on-device
CVOR does not receive or transmit model inputs or outputs

5.2 Model Distribution via Hugging Face

Language models may be downloaded from Hugging Face Hub, an independent third-party model distribution platform.

Downloads occur directly between your device and Hugging Face
CVOR does not proxy, relay, or host model downloads
Standard network information (such as IP address) may be processed by Hugging Face as part of normal download requests

CVOR does not train, fine-tune, or modify language models using user data.

6. Third-Party APIs & Services You Connect

6.1 Google Drive & Google Sheets APIs - Summary

CVOR Products may access Google Drive and Google Sheets only after you explicitly authorise access via Google OAuth.

Authentication occurs directly between your device and Google
OAuth tokens are stored locally on your device
CVOR does not receive or store OAuth tokens
Access scopes are limited to user-requested functionality
Permissions are revocable at any time via the Google account settings

6.2 Google User Data — Detailed Disclosure

6.2.1 Google APIs & Scopes Requested

CVOR Products request the following Google API scopes solely to enable user-requested functionality:

Google Drive API — drive.file
Access to files and folders that you explicitly create, select, or manage using CVOR Products.
Google Sheets API
Access to Google Sheets that are explicitly created or selected by you for storing job matching outputs or entitlement indicators.

CVOR does not request full Drive access and cannot access files that are unrelated to CVOR-generated or user-selected content.

6.2.2 Types of Google User Data Accessed

Depending on your actions, CVOR Products may access:

File metadata (file name, file ID, folder structure) for CVOR-related files
Spreadsheet cell data contained in Google Sheets you explicitly authorise
Folder paths created by the CVOR desktop engine (e.g., a “CVOR” folder)

CVOR does not access:

Gmail data
Contacts
Calendar data
Google Profile information
Files unrelated to CVOR workflows

6.2.3 How Google User Data Is Used

Google user data is accessed and used only to provide the functionality you explicitly request, including:

Writing job-search and matching results generated locally on your device (mobile app or desktop engine) to your Google Sheets
Reading job-match results from your Google Sheets for display within the CVOR mobile app
Reading entitlement indicators stored in your Google Drive to enable subscribed features

CVOR Products:

Do not modify job data beyond formatting for display
Do not enrich, analyse, or profile Google user data centrally
Do not use Google user data for advertising, analytics, or marketing
Do not use Google user data to train AI or machine learning models

All substantive processing occurs locally on your device or directly between your device and Google.

6.2.4 Data Sharing & Third Parties

CVOR does not share Google user data with any third parties.

Specifically:

Google user data is not transmitted to CVOR-operated servers
Google user data is not sold, rented, or disclosed to advertisers, recruiters, or data brokers
CVOR does not allow third parties to access Google user data through its products

Any access to Google services occurs directly between your device and Google’s servers under Google’s own terms and privacy policy.

6.2.5 Data Storage & Security

OAuth authentication is handled directly by Google
OAuth tokens are stored locally on your device
CVOR does not store OAuth tokens or Google user data on CVOR-controlled servers

Security protections rely on:

Google’s OAuth security controls
Your device’s operating system security
Your Google account security settings

You may revoke CVOR’s access at any time via your Google Account permissions.

6.2.6 Data Retention & Deletion

Google user data remains in your Google Drive or Google Sheets under your control
CVOR does not retain copies of Google user data
Uninstalling CVOR Products removes local OAuth tokens and application data
You may delete any CVOR-related files directly from your Google Drive at any time

Because CVOR does not store Google user data on its own servers, deletion requests are fulfilled by you through Google’s standard file deletion mechanisms.

6.2.7 Google API Limited Use Compliance

CVOR’s use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

Google user data is:

Used only to provide user-requested features
Not used for advertising or behavioural profiling
Not transferred except as necessary to provide core functionality
Not used to train AI or machine learning models

6.3 Job Listings via SERP API

If you configure SERP API:

You create and manage your own SERP API account
Requests are made directly from your device
CVOR does not receive job listings or API credentials

SERP API operates independently and is governed by its own policies.

You can refer to the SERP API policy here.

6.4 Other Third-Party APIs

Any additional APIs you connect operate independently of CVOR. CVOR is not responsible for their data handling practices or legal compliance.

6.5 Open Source Libraries

By using the App, you agree to comply with the terms and conditions of these open-source licenses.
For inquiries, contact us on [email protected].

7. Billing & Payments

Payments may be processed via platform providers (e.g., Apple App Store, Google Play).

Billing information is collected and processed by the relevant provider (ios - App Store Billing, Android - Google Play Billing)
CVOR does not store full payment credentials
CVOR may maintain a non-identifying entitlement indicator (e.g., paid/unpaid status) to enable access to purchased features saved locally to your google drive.

8. Automatically Collected Technical Data (Mobile App Only)

We use third-party services solely for performance and crash diagnostics. These providers may process limited anonymized data, such as crash logs and device metadata.

Firebase Crashlytics/Google Analytics for Firebase - Crash diagnostics - Anonymised error logs, Device type & OS
Google Play / Apple Services - Subscription & billing management - Purchase & OS-level metadata

Google Analytics for Firebase is configured with:

Data sharing and ad personalization disabled
No user identifiers or advertising IDs
IP anonymization enabled by default

We do not authorize these services to use your data for behavioural advertising or profiling.

These providers are subject to their own privacy policies and compliance obligations, including:

Standard Contractual Clauses (SCCs) under the GDPR
Data Privacy Framework (DPF), where applicable

⚠️ CVOR does not control how these services handle data beyond our limited use and configuration. We rely on their published compliance with applicable privacy laws and best practices.

You can find their policies below:

9. Support Communications

When you contact CVOR support (e.g., via [email protected] or official support channels):

Data Collected:

Your email address
Message content and any attachments you provide
Technical details you voluntarily share (e.g., device type, OS version, logs)

How We Use It:

To respond to your inquiry and provide technical assistance
To diagnose and resolve bugs or issues
To improve product documentation and support resources

Data Sharing:

Support communications are not sold, rented, or shared with third parties
Limited disclosure may occur to service providers (e.g., email hosting) under confidentiality obligations

Retention:

Support messages are deleted within 30 days of issue resolution
You may request earlier deletion by contacting support

Legal Basis (GDPR/UK GDPR):

Processing is necessary to take steps at your request prior to entering into a contract, or
Legitimate interest in providing customer support and improving our products

10. Data Retention

User content remains on your device or within services you control
Uninstalling CVOR Products removes local application data

11. Children's Privacy

CVOR Products are general-purpose tools and are not directed at children.

App store age ratings: Android 3+, iOS 4+
CVOR does not knowingly collect personal data from children

12. Security Responsibilities

CVOR Products rely on device-level security. Users are responsible for securing their devices and third-party accounts.

13. Your Rights

Depending on your jurisdiction, you may have rights under GDPR, UK GDPR, or CPRA. These rights generally apply only to limited data such as support communications.

14. International Data Transfers

Limited technical data may be processed outside your jurisdiction using appropriate safeguards.

15. Website Analytics & Cookies

We do not place advertising cookies or behavioural trackers on our website.
We do not use your data for automated decision-making or profiling, and we do not use advertising identifiers or behavioural targeting.

16. Policy Updates

Material changes will be communicated via the app or website.

17. Governing Law

This Privacy Policy is governed by the laws of England & Wales, without prejudice to mandatory local protections.

18. Contact

📧 [email protected]

Legal Clarifications

CVOR is a software tool, not a job board, recruiter, employer, or data broker.
CVOR does not guarantee employment outcomes.
Users remain responsible for content they create and services they connect.