Privacy Policy
Last updated: April 2026
1. Introduction
CV Matching (cv-matching.com) is operated by iDial, based in Australia. We are committed to protecting your privacy and handling your data transparently. This policy explains what information we collect, how we use it, and your rights regarding your data.
2. Information We Collect
Account Information
When you register, we collect your email address and a securely hashed password. If you subscribe to a paid plan, your payment details are processed by Stripe — we never store card numbers or payment details directly.
CV and Job Description Data
When you upload CVs and job descriptions for matching, these documents are processed in real-time by our AI model. CV and JD content is held temporarily in our processing queue (Redis) with a 24-hour time-to-live and is automatically deleted. We do NOT store your uploaded CV files permanently.
Match Results
Match results (scores, summaries, strengths, and gaps) are generated in real-time and delivered to you immediately. We do not permanently store match results — they exist only in our processing queue during the matching session and are automatically deleted within 24 hours.
Usage Data
We track assessment counts for rate limiting and billing purposes. For anonymous users, we use a fingerprint derived from your IP address and browser user agent (SHA256 hash, first 16 characters) — this is not personally identifiable.
API Keys
If you use our API, we store your key name, a prefix for display, and a securely hashed version of your key. The full API key is shown only once at creation.
3. How We Use Your Information
- Providing and improving our CV-JD matching service
- Managing your account and subscription
- Processing payments through Stripe
- Enforcing usage limits and preventing abuse
- Responding to your enquiries and feedback
- Analysing aggregate usage to improve the service
4. Third-Party Services
We use the following third-party services:
| Service | Data Shared | Purpose |
|---|---|---|
| Modal | CV and JD text (temporarily) | AI model inference |
| Stripe | Email, payment information | Billing and subscriptions |
| Fly.io | Application data | Hosting (Sydney, Australia) |
We do not sell your data to any third party.
5. Data Retention
- CV and JD content: Automatically deleted after 24 hours
- Match results: Automatically deleted after 24 hours (not permanently stored)
- Account data: Retained until you request deletion via privacy@idial.io
- Usage logs: Retained for up to 90 days
- Payment records: Retained as required by law
6. Data Security
We protect your data using:
- TLS encryption for all data in transit
- bcrypt password hashing
- Automatic deletion of temporary data via Redis TTL
- Rate limiting to prevent abuse
- JWT-based authentication (no session cookies)
7. Your Rights
Under the Australian Privacy Act 1988, you have the right to:
- Access your personal information held by us
- Correct inaccurate personal information
- Request deletion of your account and associated data
- Object to processing of your personal information
To exercise these rights, contact us at the email below.
8. Cookies and Tracking
We use localStorage for authentication tokens — we do not use authentication cookies. Third-party analytics services may set their own cookies.
9. Children's Privacy
Our service is not intended for users under 16 years of age. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated through the service. Continued use after changes constitutes acceptance.
11. Contact Us
For privacy enquiries, contact us at: privacy@idial.io