GDPR & Your Data Rights

Last updated: 18 June 2026

If you’re in the EU, UK, or a CCPA jurisdiction, you have specific rights over your personal data. To exercise any of them, email privacy@desicv.com . We respond within the timeframe required by law.

Your rights

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure: ask us to delete your data (the “right to be forgotten”).
  • Portability: receive your data in a portable format.
  • Restriction & objection: limit or object to certain processing, including for advertising.
  • Withdraw consent: withdraw cookie or advertising consent at any time via the cookie banner.

Legal bases for processing

  • Contract: to deliver the conversion you requested.
  • Consent: for advertising cookies and any future AI training opt-in.
  • Legitimate interests: to secure the service against spam and abuse.
  • Legal obligation: Stripe retains transaction records as required by financial regulations and anti-money-laundering law. DesiCV retains order records (amount, date, email) to comply with tax and accounting obligations.

Stripe and payment data

Payment card data (card number, CVV, expiry) is entered directly into Stripe's secure, PCI DSS Level 1 certified environment and is never transmitted to or stored by DesiCV. Stripe processes payment data under its own privacy policy and acts as an independent data controller for the purposes of payment fraud prevention and financial regulation compliance. You can review Stripe's GDPR commitments at stripe.com/privacy.

DesiCV receives only a payment confirmation token, the last four digits of the card, and the transaction amount from Stripe — never full card details.

Data retention

Uploaded CVs are deleted within 24 hours of delivery. Request and order records (name, email, amount paid, date) are retained for up to 7 years to meet tax and accounting obligations. You may request erasure of any data not required for legal compliance.

Complaints

You may lodge a complaint with your local data protection authority (for example, the ICO in the UK). We’d appreciate the chance to resolve it with you first.