Privacy Policy

This Privacy Policy describes how Self, a product by Samblas Studios OÜ, collects, uses, and shares personal information when you visit our website, use the studio to generate or manage pages, purchase a paid plan, or visit a Self-hosted page (the "Service"). By using the Service, you agree to this policy.

For personal information covered by this policy, Samblas Studios OÜ acts as the data controller for Self unless a different role is explicitly stated.

We collect information you provide directly and information collected automatically when you use the Service, including:

• Account information, such as your name, email address, authentication details, account preferences, marketing subscription status, and support reference.
• Resume and portfolio content, including uploaded files, images, text, structured data extracted from your uploads, and edits or settings you apply in the studio.
• Billing information, such as selected plan, billing interval, subscription status, current billing period dates, cancellation status, and Stripe customer/subscription identifiers.
• Payment transaction metadata from our payment processor (for example payment status and invoice metadata). We do not store full payment card numbers.
• Usage and device data, such as IP address, browser type, user agent, device type, log files, referrer origin, page host/path/title, timestamps, and selected campaign parameters (`utm_source`, `utm_medium`, `utm_campaign`) when present on published-page URLs.
• Advertising measurement data from Self app pages (for example marketing, sign-in, and billing routes), such as page views and conversion events for completed registrations and confirmed Pro or Team subscription purchases, when Meta Pixel, Google Ads tags, or related advertising measurement tools are enabled.
• First-party signup attribution from Self app pages, such as standard campaign parameters (`utm_source`, `utm_medium`, `utm_campaign`, `utm_content`, `utm_term`), referrer origin/domain, landing path, and capture time when a new account is created.
• Analytics events for published pages, such as page views, session duration, and scroll-depth events.
• Approximate location signals (such as country) derived from IP address and pseudonymous identifiers (visitor ID/session ID) used to measure engagement.
• Cookies, local storage entries, and similar technologies used for authentication, security, preferences, and analytics.
• Communications and support requests you send to us.

We use personal information to:

• Provide, operate, and maintain the Service, including generating, hosting, publishing, and serving your pages.
• Authenticate users, secure the Service, and prevent fraud, abuse, or misuse.
• Process subscriptions and paid features, including billing operations, reconciliation, and billing support.
• Enforce plan entitlements, limits, and lifecycle rules (such as trial/publish windows, expiry, and reactivation eligibility).
• Provide analytics and insights for published pages.
• Communicate with you about product updates, service notices, billing events, and support.
• Improve and troubleshoot the Service, including quality, performance, and reliability.
• Comply with legal obligations, resolve disputes, and enforce our Terms.

We may share personal information:

• With service providers that help us operate the Service, such as hosting, storage, AI processing, authentication, transactional and marketing email delivery, analytics, and payment processing.
• With our payment processor (Stripe) for subscription checkout, customer billing portal access, fraud prevention, payment handling, and invoicing.
• With advertising and measurement partners such as Meta and Google when we use advertising measurement tools on Self app pages to measure ad performance and conversion events.
• With the public when you publish a page. Published content is publicly accessible by default and may be indexed by search engines.
• With page owners in analytics form (for example traffic and engagement metrics).
• For legal, security, compliance, or enforcement reasons, including responding to lawful requests.
• In connection with a merger, acquisition, financing, or sale of assets, where permitted by law.
• With your consent or at your direction.

Paid subscriptions are processed through Stripe-hosted checkout and billing portal flows. When you start, manage, or cancel a paid plan, relevant billing data is processed by Stripe under Stripe's terms and privacy policy.

Stripe acts as an independent payment processor. You can review Stripe's privacy policy at https://stripe.com/privacy.

Marketing email audience management and campaign delivery are handled through Loops. We sync account email address, product-update subscription status, and related contact metadata needed to keep Loops and Account Settings aligned.

We store limited billing profile data needed to operate subscriptions (for example plan tier, interval, subscription status, renewal/cancellation metadata, and processor identifiers).

If you publish a page, its content becomes public and may be indexed, cached, copied, or shared by third parties. Consider this before including sensitive information.

Published pages include analytics instrumentation. When visitors interact with a published page, we collect engagement events (such as page view, session duration, and scroll depth), related technical metadata, and selected campaign parameters from the landing URL when present.

Analytics data is designed to be pseudonymous. We provide analytics insights to page owners and do not provide direct identity details of individual visitors.

We use cookies and similar technologies to keep you signed in, secure the Service, remember preferences, and measure usage.

On Self app pages, we may use Meta Pixel, Google Ads tags, and related advertising measurement tools to measure advertising performance and conversions such as completed registrations and confirmed Pro or Team subscription purchases. This app-page instrumentation does not run on user-published resume pages.

For signup attribution, we may temporarily store one first-party campaign/referrer snapshot in local storage and attach it to your account when registration completes.

For published-page analytics, we may store pseudonymous visitor/session identifiers in browser local storage to support session continuity and engagement measurement.

Where required by applicable law (including EEA/UK rules), we request consent before using non-essential cookies or local-storage-based analytics identifiers.

You can control cookies and local storage through your browser settings, but disabling them may limit Service functionality.

If you are located in the EEA or UK, our legal bases for processing personal information include: performing a contract with you, our legitimate interests in operating and improving the Service, your consent (where required), and compliance with legal obligations.

For storage/access to information on your device for non-essential analytics, we rely on consent where required by law.

We retain personal information for as long as reasonably necessary to provide the Service and for legitimate business purposes, including security, compliance, billing operations, and dispute resolution.

By default, raw analytics events are retained for up to 90 days. Aggregated analytics metrics may be retained longer.

If you request deletion of your account or content, we will delete or de-identify information as required by applicable law, subject to legal exceptions. Residual copies may remain in backups for a limited time.

• Account profile and service configuration data: generally retained while your account is active and for a reasonable period after closure.
• Billing and subscription records: retained for accounting, tax, audit, and legal compliance obligations.
• Signup attribution records: generally retained with account analytics/debugging records while your account is active.
• Raw analytics event records: retained up to the configured retention window (90 days by default).
• Aggregated analytics: may be retained longer because it is less identifiable and used for historical reporting.

We use reasonable administrative, technical, and physical safeguards to protect personal information. However, no system is completely secure, and we cannot guarantee absolute security.

Depending on your location, you may have the right to:

You can update many details in the studio. To exercise other rights, contact us at contact@self.cv.

New verified accounts are subscribed to product updates by default. You can unsubscribe in Account Settings or from any marketing email.

We may verify your identity before completing a rights request, and we may deny or limit requests where permitted by law.

• Access, correct, or delete your personal information.
• Request a copy of your information in a portable format.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Opt out of marketing communications.
• Lodge a complaint with your local supervisory authority (EEA/UK).

If you are a resident of a US state with privacy laws (such as California, Colorado, Connecticut, Utah, or Virginia), you may have additional rights to access, delete, correct, or obtain a copy of your personal information and to opt out of certain processing.

We do not sell personal information and do not share personal information for cross-context behavioral advertising as those terms are defined by applicable law.

To submit a privacy request, contact contact@self.cv. Where applicable law allows, you may use an authorized agent to submit requests on your behalf.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us so we can delete it.

Self is based in the United States, and we may process and store information in the United States or other countries. These locations may have data protection laws that differ from your jurisdiction.

Where required by applicable law, we use recognized transfer safeguards (such as contractual protections) for cross-border data transfers.

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service or by other reasonable means. The "Last updated" date above reflects the latest version.

Questions about this Privacy Policy? Contact us at contact@self.cv.

If you need additional legal/controller details for compliance requests (for example regulator or transfer inquiries), contact us at the same address.