Privacy Policy

Last updated: March 5, 2026

1. Controller

The controller responsible for data processing on this website is Unique Moments UG (haftungsbeschränkt). Contact details can be found on our Impressum page.

2. Data We Collect

We collect the following personal data:

  • Account data: email address, password (hashed), display name
  • Profile data: biography, skills, projects, work history, and other content you provide for your portfolio
  • Usage data: chat message counts, feature usage (no message content is stored)
  • Payment data: processed by Stripe — we do not store credit card numbers
  • Technical data: IP address (anonymized), browser type, and device information for security purposes

3. Legal Basis (Art. 6 GDPR)

  • Contract performance (Art. 6(1)(b)): account creation, portfolio hosting, AI chatbot functionality
  • Legitimate interest (Art. 6(1)(f)): security measures, abuse prevention, service improvement
  • Consent (Art. 6(1)(a)): analytics (Plausible, cookie-free), marketing communications
  • Legal obligation (Art. 6(1)(c)): tax and accounting records for paid subscriptions

4. AI Processing

The AI chatbot is powered by Mistral AI, an EU-based AI provider. Your portfolio content (bio, skills, projects) is sent to Mistral to generate chatbot responses. Chat messages from visitors are processed in real time and are not stored by mycv.chat or Mistral after the response is generated.

No automated decision-making with legal effects (Art. 22 GDPR) is performed.

5. Data Processors

We use the following third-party processors, all with appropriate data processing agreements:

  • Supabase (EU region): authentication and database hosting
  • Mistral AI (France): AI chatbot processing
  • Stripe (EU): payment processing
  • Cloudflare (EU): CDN, DNS, and API proxy
  • Resend: transactional email delivery
  • Plausible Analytics (EU): privacy-friendly, cookie-free web analytics

6. Data Storage & Location

All data is processed and stored within the European Union. We do not transfer personal data to countries outside the EU/EEA. Our infrastructure is hosted on EU-based services to ensure compliance with GDPR data residency requirements.

7. Data Retention

  • Account data: retained for the duration of your account, deleted within 30 days of account deletion
  • Usage data: aggregated and anonymized after 90 days
  • Payment records: retained for 10 years as required by German tax law
  • Chat messages: not stored — processed in real time only

8. Your Rights (Art. 15–22 GDPR)

You have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data — "right to be forgotten" (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability — export your data in a machine-readable format (Art. 20)
  • Object to processing based on legitimate interest (Art. 21)
  • Withdraw consent at any time without affecting prior processing (Art. 7(3))

To exercise these rights, use the data export feature in your dashboard settings or contact us at privacy@mycv.chat.

9. Cookies

mycv.chat uses only essential cookies required for authentication and session management. We use Plausible Analytics, which is cookie-free and does not track individual users. No third-party tracking cookies are used.

10. Security

We implement industry-standard security measures including TLS encryption, hashed passwords, rate limiting, input validation, and Row Level Security on all database tables. Security incidents will be reported to the relevant supervisory authority within 72 hours as required by Art. 33 GDPR.

11. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority depends on your place of residence.

12. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email. The current version is always available at this page.

13. Contact

For privacy-related inquiries, contact us at privacy@mycv.chat.