Legal

Privacy Policy

Last updated: July 16, 2026

This Privacy Policy explains how Samblas Studios OÜ, the company behind Self, collects, uses, and shares personal information when you use the Service. It also describes your rights and choices.

1. Scope

This Privacy Policy describes how Self, a product by Samblas Studios OÜ, collects, uses, and shares personal information when you visit our website, use a Self browser extension, use Studio to generate or manage pages, use AI features, create or share social cards, choose a free or paid plan, or visit a Self-hosted page (the "Service").

This policy is a privacy notice. Our Terms of Service govern your agreement to use the Service.

For personal information covered by this policy, Samblas Studios OÜ acts as the data controller for Self unless a different role is explicitly stated.

2. Information We Collect

We collect information you provide directly and information collected automatically when you use the Service, including:

  • Account information, such as your name, email address, authentication details, account preferences, marketing subscription status, and support request references.
  • Resume, portfolio, and project media content, including uploaded files, images, videos, text, structured data extracted from your uploads, generated video posters or thumbnails, and edits or settings you apply in Studio.
  • Resume-to-website extension data, including the resume file you deliberately select, a short-lived authentication token held in browser session memory, an opaque upload handoff identifier, and page titles or published URLs returned by Self for display in that extension.
  • Resume Autofill for Jobs data, including the Self page you select, short-lived authentication data, blank form-field labels and control metadata, exact native select/radio/checkbox options, a limited job title, company, or description excerpt when confidently detected, direct, normalized, or AI-derived fill suggestions, and content-free usage and retry records used for quota, idempotency, and abuse prevention. Eligible field context and generated suggestions may concern sensitive or legally consequential subjects. Retry records may include hashed identifiers and request fingerprints, processing state, and timestamps, but not the request or generated answer. Existing form answers, full page HTML, and full browsing URLs are not sent to Self for autofill planning.
  • AI feature inputs and outputs, such as resume or portfolio content sent for extraction, AI Chat prompts, recent chat context, draft resume/settings/theme data, AI-generated suggestions, change summaries, and limited AI edit usage events used for quota and abuse prevention.
  • Share Kit and social-card data, such as selected card type, format, colors, card-only text overrides, share-card cache keys, generated social card images, and public promo URLs.
  • Third-party media reference data you provide for project media, such as YouTube URLs or video IDs and cached poster/thumbnail metadata.
  • Billing information, such as selected plan, billing interval, subscription status, current billing period dates, cancellation status, and Stripe customer/subscription identifiers.
  • Payment transaction metadata from our payment processor (for example payment status and invoice metadata). We do not store full payment card numbers.
  • Usage and device data, such as IP address, browser type, user agent, device type, log files, referrer origin, page host/path/title, timestamps, and selected campaign parameters (`utm_source`, `utm_medium`, `utm_campaign`) when present on published-page URLs.
  • Advertising measurement data from Self app pages (for example marketing, sign-in, and billing routes), such as page views and conversion events for completed registrations and confirmed Pro or Team subscription purchases, when Meta Pixel, Google Ads tags, or related advertising measurement tools are enabled.
  • First-party signup attribution from Self app pages, such as standard campaign parameters (`utm_source`, `utm_medium`, `utm_campaign`, `utm_content`, `utm_term`), referrer origin/domain, landing path, and capture time when a new account is created.
  • Analytics events for published pages, such as page views, session duration, and scroll-depth events.
  • Approximate location signals (such as country) derived from IP address and pseudonymous identifiers (visitor ID/session ID) used to measure engagement.
  • Cookies, local storage entries, and similar technologies used for authentication, security, preferences, and analytics.
  • Communications and support requests you send to us.

3. How We Use Information

We use personal information to:

  • Provide, operate, and maintain the Service, including generating, hosting, publishing, and serving your pages.
  • Provide the resume-to-website extension's single purpose: help you convert a resume or CV you select into a hosted website, continue customization and publication in Self's website editor, and display your published website URL.
  • Provide Resume Autofill for Jobs when you explicitly activate it: inspect eligible empty fields on the active page, semantically map their labels, questions, and options to information from the Self page you selected and limited job context, normalize or generate grounded direct or inferred answers, fill approved values, support one-step undo, and enforce your autofill quota.
  • Authenticate users, secure the Service, and prevent fraud, abuse, or misuse.
  • Process subscriptions and paid features, including billing operations, reconciliation, and billing support.
  • Enforce freemium and paid-plan entitlements, usage limits, and publish limits.
  • Provide analytics and insights for published pages.
  • Power AI-assisted extraction and AI Chat editing, including applying validated AI-generated edits to your page draft.
  • Generate and serve public social sharing cards and Share Kit promo URLs when you choose to use those features.
  • Process project media, including image optimization, video validation, poster generation, and YouTube poster fetching when you add supported YouTube media.
  • Communicate with you about product updates, service notices, billing events, and support.
  • Improve and troubleshoot the Service, including quality, performance, and reliability.
  • Comply with legal obligations, resolve disputes, and enforce our Terms.

4. AI Features

Self uses AI providers to extract structured resume or portfolio data and to power AI Chat edits in Studio. When you use these features, we send the relevant inputs to the configured AI provider. Depending on the feature, those inputs may include uploaded content, extracted resume data, the current draft resume/settings/theme, your AI Chat prompt, recent chat context, and the latest AI-applied change snapshot used for one-step revert support.

Resume Autofill for Jobs uses Google Cloud AI processing to semantically map eligible form fields to professional information from your selected Self page. Private email, phone, and profile-link values remain on Self's server; Google Cloud receives value-free descriptors for those sources, and Self resolves an exact value only after AI maps a clearly applicant-owned field. AI may otherwise copy a supported value, normalize its format, extract part of a broader value, choose semantically equivalent native select/radio/checkbox options, or generate a concise answer to any supported blank application question using the selected page and limited job context. Question support is semantic and does not rely on a dictionary of recognized phrases. High- or medium-confidence derived and generated results may not repeat the page's exact wording, may concern sensitive or legally consequential subjects, and may be inaccurate. The feature does not submit the form. You remain responsible for reviewing every inserted value and the complete application before submitting it.

AI Chat history is kept in memory for the current editor session in the app. The backend records limited AI edit usage events, such as user, page, and timestamp references, to enforce plan quotas, prevent abuse, and troubleshoot the Service.

AI outputs may be used to generate or update your page draft. You should review AI-generated content before publishing or sharing it, especially if your resume or portfolio contains sensitive information.

5. How We Share Information

We may share personal information:

  • With service providers that help us operate the Service, such as hosting, storage, AI processing, authentication, transactional and marketing email delivery, analytics, advertising measurement, media processing, and payment processing.
  • For resume-to-website extension data, only as needed to authenticate your Self account, upload and process the file you select, host your page, protect the Service, comply with law, or act on your direction.
  • For Resume Autofill for Jobs data, only as needed to authenticate your Self account, retrieve the Self page you select, semantically plan and apply requested autofill values, process bounded professional context and minimized form or job context through Google Cloud, enforce quotas, protect the Service, comply with law, or act on your direction.
  • With our payment processor (Stripe) for subscription checkout, customer billing portal access, fraud prevention, payment handling, and invoicing.
  • With advertising and measurement partners such as Meta and Google when we use advertising measurement tools on Self app pages to measure ad performance and conversion events.
  • With third-party media services at your direction, such as when you add a YouTube project media URL and we fetch or display related thumbnail/embed information.
  • With the public when you publish a page. Published content is publicly accessible by default and may be indexed by search engines.
  • With the public and social platforms when you create or share Share Kit cards or promo URLs. Social platforms and messaging apps may fetch, cache, display, or reshare the public metadata and card images associated with those links.
  • With page owners in analytics form (for example traffic and engagement metrics).
  • For legal, security, compliance, or enforcement reasons, including responding to lawful requests.
  • In connection with a merger, acquisition, financing, or sale of assets, where permitted by law.
  • With your consent or at your direction.

6. Billing and Payment Processing

Paid subscriptions are processed through Stripe-hosted checkout and billing portal flows. When you start, manage, or cancel a paid plan, relevant billing data is processed by Stripe under Stripe's terms and privacy policy.

Stripe acts as an independent payment processor. You can review Stripe's privacy policy at https://stripe.com/privacy.

Marketing email audience management and campaign delivery are handled through Loops. We sync account email address, product-update subscription status, and related contact metadata needed to keep Loops and Account Settings aligned.

We store limited billing profile data needed to operate subscriptions (for example plan tier, interval, subscription status, renewal/cancellation metadata, and processor identifiers).

7. Public Pages, Share Kit, and Visitor Analytics

If you publish a page, its content becomes public and may be indexed, cached, copied, or shared by third parties. Consider this before including sensitive information.

If you use Share Kit, the public promo URL and generated card image may include your published profile information and any card-only text overrides you choose. Even when Self marks promo pages as non-indexable, social networks, messaging apps, crawlers, and recipients may fetch, cache, or redistribute the link preview and image.

Project media that you publish, including uploaded images, uploaded videos, generated posters, cached YouTube posters, and linked YouTube videos, becomes part of your public page.

Published pages include analytics instrumentation. When visitors interact with a published page, we collect engagement events (such as page view, session duration, and scroll depth), related technical metadata, and selected campaign parameters from the landing URL when present.

Analytics data is designed to be pseudonymous. We provide analytics insights to page owners and do not provide direct identity details of individual visitors.

8. Cookies, Local Storage, and Similar Technologies

We use cookies and similar technologies to keep you signed in, secure the Service, remember preferences, and measure usage.

On Self app pages, we may use Meta Pixel, Google Ads tags, and related advertising measurement tools to measure advertising performance and conversions such as completed registrations and confirmed Pro or Team subscription purchases. This app-page instrumentation does not run on user-published resume pages.

For signup attribution, we may temporarily store one first-party campaign/referrer snapshot in local storage and attach it to your account when registration completes.

For published-page analytics, we may store pseudonymous visitor/session identifiers in browser local storage to support session continuity and engagement measurement.

Where required by applicable law (including EEA/UK rules), we request consent before using non-essential cookies or local-storage-based analytics identifiers.

You can control cookies and local storage through your browser settings, but disabling them may limit Service functionality.

Self browser extensions do not run advertising or product-analytics instrumentation. The resume-to-website extension keeps its authentication token and pending opaque upload handoff only in extension session storage. Resume Autofill for Jobs keeps authentication data and one content-free pending retry record in session storage; that record contains only an opaque retry key, a request digest and binding identifiers, state, and timestamps. It stores only your disclosure version, locale, and selected opaque Self page ID in local extension storage. Session data is cleared when the browser restarts, the extension is reloaded or disabled, or you disconnect it.

9. Legal Bases for Processing (EEA/UK)

If you are located in the EEA or UK, our legal bases for processing personal information include: performing a contract with you, our legitimate interests in operating and improving the Service, your consent (where required), and compliance with legal obligations.

For storage/access to information on your device for non-essential analytics, we rely on consent where required by law.

10. Data Retention

We retain personal information for as long as reasonably necessary to provide the Service and for legitimate business purposes, including security, compliance, billing operations, and dispute resolution.

By default, raw analytics events are retained for up to 90 days. Aggregated analytics metrics may be retained longer.

If you request deletion of your account or content, we will delete or de-identify information as required by applicable law, subject to legal exceptions. Residual copies may remain in backups for a limited time.

  • Account profile and service configuration data: generally retained while your account is active and for a reasonable period after closure.
  • Billing and subscription records: retained for accounting, tax, audit, and legal compliance obligations.
  • Signup attribution records: generally retained with account analytics/debugging records while your account is active.
  • AI edit usage events: retained as needed to enforce plan quotas, troubleshoot AI features, and protect against abuse.
  • Autofill usage and retry events: retained as needed to enforce the rolling quota, make retry accounting idempotent, and protect against abuse. They may contain hashed retry identifiers and request fingerprints, processing state, and timestamps. Self does not persist the raw retry key, request body, form labels, job excerpts, prompts, resume values, or generated autofill answers as part of those events.
  • Project media and Share Kit assets: generally retained while the related page or asset remains active, subject to cleanup of removed or deleted content.
  • Browser-extension session data: retained only for the current browser session. Resume bytes are not stored in extension storage; uploaded copies and generated content follow the Service retention rules described above. Resume Autofill for Jobs may keep one content-free pending retry record for a short, bounded period within that session. It keeps the latest undo values only in the active page and loses them when that page is closed or reloaded.
  • Raw analytics event records: retained up to the configured retention window (90 days by default).
  • Aggregated analytics: may be retained longer because it is less identifiable and used for historical reporting.

11. Security

We use reasonable administrative, technical, and physical safeguards to protect personal information. However, no system is completely secure, and we cannot guarantee absolute security.

12. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal information.
  • Request a copy of your information in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Opt out of marketing communications.
  • Lodge a complaint with your local supervisory authority (EEA/UK).

You can update many details in Studio. To exercise other rights, contact us at contact@self.cv.

New verified accounts are subscribed to product updates by default. You can unsubscribe in Account Settings or from any marketing email.

We may verify your identity before completing a rights request, and we may deny or limit requests where permitted by law.

13. US State Privacy Rights

If you are a resident of a US state with comprehensive privacy laws, you may have additional rights to access, delete, correct, or obtain a copy of your personal information and to opt out of certain processing.

We do not sell personal information for money. Depending on applicable law and how advertising measurement tools are configured, some app-page advertising measurement may be considered a sale, sharing, targeted advertising, or cross-context behavioral advertising. Where these rights apply, you may request to opt out of that processing.

To submit a privacy request or opt-out request, contact contact@self.cv. Where applicable law allows, you may use an authorized agent to submit requests on your behalf.

14. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us so we can delete it.

15. International Transfers

Self is operated by Samblas Studios OÜ, an Estonian company. We target and serve users worldwide, including in the United States, and we may process and store information in Estonia, the EEA, the United States, or other countries where we or our service providers operate. These locations may have data protection laws that differ from your jurisdiction.

Where required by applicable law, we use recognized transfer safeguards (such as contractual protections) for cross-border data transfers.

16. Browser Extensions and Chrome Web Store Limited Use

Self's use and transfer of information received through its browser extensions complies with the Chrome Web Store User Data Policy, including the Limited Use requirements.

The resume-to-website extension accesses only files you explicitly select. It does not read your browsing history, active-tab content, cookies, unrelated website data, personal communications, or browsing activity.

Resume Autofill for Jobs receives temporary access to the active page only after you click its Autofill action. It reads eligible empty form-field context and limited job context for the requested autofill. It does not read browsing history, cookies, personal communications, unrelated tabs, existing answers, passwords, or files. Eligible blank-field context and generated answers may concern payment, health, identity, demographic, salary, work-authorization, legal, or other sensitive subjects. It does not click Next or submit applications.

Data obtained through either extension is used only to provide or improve its stated user-facing workflow. We do not sell that data, use or transfer it for personalized advertising, or use it to determine creditworthiness or lending eligibility.

We do not permit humans to read extension-derived user data except with your affirmative consent for a specific support purpose, when necessary for security or abuse investigation, to comply with law, or after aggregation and de-identification for internal operations. You can disconnect the extension to clear its session data and use Self's website editor to manage or delete uploaded and generated content.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service or by other reasonable means. The "Last updated" date above reflects the latest version.

18. Contact

Questions about this Privacy Policy? Contact us at contact@self.cv.

If you need additional legal/controller details for compliance requests (for example regulator or transfer inquiries), contact us at the same address.

Privacy | Self - self.cv