T
TrussCV

Privacy Policy

Last updated: June 2026

1. WHO WE ARE

TrussCV ("we", "us", "our") is operated by TrussCV, registered at Karachi, Pakistan.

Contact: faizan.ali7005@gmail.com.

2. WHAT DATA WE COLLECT

We collect:

  • Account data: email address, full name (provided at registration)
  • CV/Resume content: the text extracted from your uploaded document
  • Voice recordings: audio captured during mock interview sessions
  • Interview transcripts: text transcriptions of your spoken answers
  • Performance data: scores and metrics derived from your interview
  • Payment data: processed securely by Stripe — we never store credit card numbers
  • Usage data: IP address, browser type, pages visited, session duration
  • Technical data: device type, operating system (via Sentry for error monitoring)

3. HOW WE USE YOUR DATA

We use your data solely to:

  • Provide the mock interview and CV analysis service
  • Generate your performance report and CV recommendations
  • Display your anonymized profile to recruiters (only with your consent and ≥80% score)
  • Process payments via Stripe
  • Send you transactional emails (results, account updates) via Resend
  • Monitor and fix technical errors (Sentry)
  • Comply with legal obligations

We do NOT sell your data. We do NOT use your data for advertising.

4. VOICE DATA — SPECIAL NOTICE

Your voice recordings are biometric-adjacent data.

  • They are stored in encrypted private cloud storage (Supabase)
  • They are automatically and permanently deleted after 30 days
  • They are used only for transcription via Groq's Whisper API
  • Groq's data retention policy applies to transcription requests: see groq.com/privacy
  • You can request immediate deletion at any time (see Section 8)

5. CV DATA

Your CV text is:

  • Extracted and stored to enable the interview simulation
  • Retained until you delete your account or request erasure
  • Never shared with third parties except for AI processing (DeepSeek API)
  • DeepSeek's privacy policy applies to API requests: see deepseek.com/privacy

6. LEGAL BASIS FOR PROCESSING (GDPR)

We process your personal data under the following legal bases:

  • Consent (Article 6(1)(a)): for voice recording and CV analysis — you may withdraw at any time
  • Contract (Article 6(1)(b)): to deliver the service you signed up for
  • Legitimate Interests (Article 6(1)(f)): for fraud prevention and service improvement
  • Legal Obligation (Article 6(1)(c)): for tax and financial records

7. DATA SHARING

We share data only with:

  • Supabase (database and storage) — EU/US data processing
  • DeepSeek (AI analysis) — text data only, no voice
  • Groq (audio transcription) — audio files, deleted after transcription
  • Google (Gemini AI, CV vision parsing) — used only for complex CV layouts
  • Stripe (payment processing) — financial data only
  • Resend (email delivery) — email address and content only
  • Sentry (error monitoring) — anonymized technical data

All processors are bound by Data Processing Agreements.

8. YOUR RIGHTS (GDPR / CCPA / UK GDPR)

You have the right to:

  • Access: request a copy of all data we hold about you
  • Correction: fix inaccurate data
  • Erasure: permanently delete all your data (Right to be Forgotten)
  • Portability: receive your data in machine-readable format
  • Restriction: limit how we process your data
  • Object: opt out of legitimate interest processing
  • Withdraw Consent: stop voice/CV processing at any time

To exercise any right: email faizan.ali7005@gmail.com or use the "Delete My Account & Data" button in your account settings. We will respond within 30 days. Erasure requests are completed within 72 hours.

9. DATA RETENTION

  • Voice recordings: 30 days from creation, then permanently deleted
  • CV text: retained until account deletion
  • Interview transcripts: retained until account deletion
  • Performance scores: retained until account deletion
  • Payment records: 7 years (legal requirement)
  • Anonymized talent pool profile: deleted immediately on erasure request

10. COOKIES

We use:

  • Essential cookies: session authentication (required, cannot be disabled)
  • Analytics: None — we do not use analytics cookies.
  • No advertising or tracking cookies

11. CHILDREN

Our service is not directed at anyone under 16. If you are under 16, do not use this service.

12. SECURITY

We implement: TLS encryption in transit, AES-256 encryption at rest, row-level security on all database tables, private storage buckets with signed URLs, and regular security audits.

13. INTERNATIONAL TRANSFERS

Your data may be processed in the US, EU, and China (DeepSeek). For transfers outside the EEA, we rely on Standard Contractual Clauses.

14. CHANGES

We will notify you by email 30 days before material changes to this policy.

15. CONTACT

Data Controller: TrussCV

Email: faizan.ali7005@gmail.com

Address: Karachi, Pakistan

DPO (if applicable): Not applicable