Privacy Policy

This Privacy Policy describes how Self collects, uses, and shares personal information when you visit our website, use the studio to generate or manage pages, purchase a paid plan, or visit a Self-hosted page (the "Service"). By using the Service, you agree to this policy.

For personal information covered by this policy, Self acts as the data controller unless a different role is explicitly stated.

We collect information you provide directly and information collected automatically when you use the Service, including:

• Account information, such as your name, email address, authentication details, account preferences, and support identifier.
• Resume and portfolio content, including uploaded files, images, text, structured data extracted from your uploads, and edits or settings you apply in the studio.
• Billing information, such as selected plan, billing interval, subscription status, current billing period dates, cancellation status, and Stripe customer/subscription identifiers.
• Payment transaction metadata from our payment processor (for example payment status and invoice metadata). We do not store full payment card numbers.
• Usage and device data, such as IP address, browser type, user agent, device type, log files, referrer origin, page host/path/title, and timestamps.
• Analytics events for published pages, such as page views, page leave duration, and scroll-depth events.
• Approximate location signals (such as country) derived from IP address and pseudonymous identifiers (visitor ID/session ID) used to measure engagement.
• Cookies, local storage entries, and similar technologies used for authentication, security, preferences, and analytics.
• Communications and support requests you send to us.

We use personal information to:

• Provide, operate, and maintain the Service, including generating, hosting, publishing, and serving your pages.
• Authenticate users, secure the Service, and prevent fraud, abuse, or misuse.
• Process subscriptions and paid features, including billing operations, reconciliation, and billing support.
• Enforce plan entitlements, limits, and lifecycle rules (such as trial/publish windows, expiry, and reactivation eligibility).
• Provide analytics and insights for published pages.
• Communicate with you about updates, service notices, billing events, and support.
• Improve and troubleshoot the Service, including quality, performance, and reliability.
• Comply with legal obligations, resolve disputes, and enforce our Terms.

We may share personal information:

• With service providers that help us operate the Service, such as hosting, storage, AI processing, authentication, email delivery, analytics, and payment processing.
• With our payment processor (Stripe) for subscription checkout, customer billing portal access, fraud prevention, payment handling, and invoicing.
• With the public when you publish a page. Published content is publicly accessible by default and may be indexed by search engines.
• With page owners in analytics form (for example traffic and engagement metrics).
• For legal, security, compliance, or enforcement reasons, including responding to lawful requests.
• In connection with a merger, acquisition, financing, or sale of assets, where permitted by law.
• With your consent or at your direction.

Paid subscriptions are processed through Stripe-hosted checkout and customer portal flows. When you start, manage, or cancel a paid plan, relevant billing data is processed by Stripe under Stripe's terms and privacy policy.

Stripe acts as an independent payment processor. You can review Stripe's privacy policy at https://stripe.com/privacy.

We store limited billing profile data needed to operate subscriptions (for example plan tier, interval, subscription status, renewal/cancellation metadata, and processor identifiers).

If you publish a page, its content becomes public and may be indexed, cached, copied, or shared by third parties. Consider this before including sensitive information.

Published pages include analytics instrumentation. When visitors interact with a published page, we collect engagement events (such as page view, session duration, and scroll depth) and related technical metadata.

Analytics data is designed to be pseudonymous. We provide analytics insights to page owners and do not provide direct identity details of individual visitors.

We use cookies and similar technologies to keep you signed in, secure the Service, remember preferences, and measure usage.

For published-page analytics, we may store pseudonymous visitor/session identifiers in browser local storage to support session continuity and engagement measurement.

Where required by applicable law (including EEA/UK rules), we request consent before using non-essential cookies or local-storage-based analytics identifiers.

You can control cookies and local storage through your browser settings, but disabling them may limit Service functionality.

If you are located in the EEA or UK, our legal bases for processing personal information include: performing a contract with you, our legitimate interests in operating and improving the Service, your consent (where required), and compliance with legal obligations.

For storage/access to information on your device for non-essential analytics, we rely on consent where required by law.

We retain personal information for as long as reasonably necessary to provide the Service and for legitimate business purposes, including security, compliance, billing operations, and dispute resolution.

By default, raw analytics events are retained for up to 90 days. Aggregated analytics metrics may be retained longer.

If you request deletion of your account or content, we will delete or de-identify information as required by applicable law, subject to legal exceptions. Residual copies may remain in backups for a limited time.

• Account profile and service configuration data: generally retained while your account is active and for a reasonable period after closure.
• Billing and subscription records: retained for accounting, tax, audit, and legal compliance obligations.
• Raw analytics event records: retained up to the configured retention window (90 days by default).
• Aggregated analytics: may be retained longer because it is less identifiable and used for historical reporting.

We use reasonable administrative, technical, and physical safeguards to protect personal information. However, no system is completely secure, and we cannot guarantee absolute security.

Depending on your location, you may have the right to:

You can update many details in the studio. To exercise other rights, contact us at support@self.cv.

We may verify your identity before completing a rights request, and we may deny or limit requests where permitted by law.

• Access, correct, or delete your personal information.
• Request a copy of your information in a portable format.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Opt out of marketing communications.
• Lodge a complaint with your local supervisory authority (EEA/UK).

If you are a resident of a US state with privacy laws (such as California, Colorado, Connecticut, Utah, or Virginia), you may have additional rights to access, delete, correct, or obtain a copy of your personal information and to opt out of certain processing.

We do not sell personal information and do not share personal information for cross-context behavioral advertising as those terms are defined by applicable law.

To submit a privacy request, contact support@self.cv. Where applicable law allows, you may use an authorized agent to submit requests on your behalf.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us so we can delete it.

Self is based in the United States, and we may process and store information in the United States or other countries. These locations may have data protection laws that differ from your jurisdiction.

Where required by applicable law, we use recognized transfer safeguards (such as contractual protections) for cross-border data transfers.

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service or by other reasonable means. The "Last updated" date above reflects the latest version.

Questions about this Privacy Policy? Contact us at support@self.cv.

If you need additional legal/controller details for compliance requests (for example regulator or transfer inquiries), contact us at the same address.