SnapMyCV (a product of The Third Sourcers) takes your privacy seriously. This Privacy Policy explains what personal information we collect when you use the service at www.snapmycv.com and your personal subdomain (yourname.snapmycv.com), how we use it, and the rights you have over it.
1. What we collect
Account information
When you sign up, we collect:
- your email address;
- your chosen display name, username, and subdomain;
- a hashed password (if you sign up with email), or a Google account identifier (if you sign in with Google);
- your profile avatar URL if you upload or sync one.
CV content
Anything you enter into the CV editor — your name, contact details, work history, education, skills, projects, hobbies, summaries, social links, custom sections. This is stored in our database so you can edit and re-publish it.
Templates you create
The Handlebars and CSS source of any custom or forked template, plus its metadata (name, description, visibility setting).
Usage data
We record anonymous events when:
- someone visits one of your public CV pages (
cv_view); - someone downloads a public CV as PDF (
pdf_download); - someone clicks the "Copy link" button on a public CV (
link_copy); - someone views or forks a public template (
template_view,template_fork).
These events are stored against the CV or template ID along with a hashed IP, the referrer URL, and the user agent. Signed-in users are explicitly excluded — so your own activity in your account does not inflate your stats.
Technical data
Server logs (request paths, status codes, response times) collected by our hosting provider, and standard browser-side error reports if something crashes.
Cookies & similar technologies
We use the following cookies and local storage entries:
- Session cookie — a signed JWT that keeps you logged in across page loads.
- Local storage flags — dismissal preferences for the onboarding checklist and editor tips (e.g.
snapmycv_onboarding_skipped_v1). - Google Analytics cookies —
_ga,_ga_*for measuring site-wide traffic patterns. - Google AdSense cookies — set when ads are served, used by Google for ad personalisation and frequency capping.
2. How we use it
- To provide the service: render your CVs, host your public subdomain, generate PDFs and previews.
- To show you your own usage stats on the dashboard (views, downloads, link copies).
- To send transactional emails (password reset, account verification) via Resend.
- To detect and prevent abuse, security incidents, and fraud.
- To improve the product based on aggregate usage patterns.
We do not sell your personal data. We do not train AI models on your CV content. We do not read or analyse the contents of your private CVs except in narrow operational cases (debugging at your request, responding to a legal order).
3. Who we share data with
To run SnapMyCV we use the following third-party processors:
- Vercel — application hosting, edge network, log storage. Servers run in multiple regions worldwide.
- Vercel Blob — storage for template thumbnails, OG images, and uploaded avatars.
- MongoDB Atlas — primary database for user accounts, CVs, templates, and analytics events. Cluster hosted in AWS
us-east-1. - Resend — transactional email delivery (password resets, account notifications).
- Google (OAuth) — if you sign in with Google, Google handles authentication and shares your basic profile (email, name, avatar) with us.
- Google Analytics 4 — site-wide traffic analytics. We use property
G-QLJPEM0XRD. Google processes IP addresses, browser fingerprints, and behaviour data per its own privacy terms. - Google AdSense — serves the advertisements you may see on public pages. Google processes browser data to personalise ads per its own privacy terms.
We don't share data with anyone else, except (a) if compelled by valid legal process, (b) to defend our legal rights, or (c) as part of a merger or acquisition where the buyer is bound to honour this Privacy Policy.
4. Public CVs are public
When you set a CV to "Public", its content (name, headline, email, phone, location, work history, etc. — everything in that CV) becomes accessible at your subdomain. Anyone on the internet can view it, search engines can index it, and other sites can embed it via iframe. We add a structured-data Person schema so search engines can show your CV as a rich result for searches on your name.
Toggling the CV back to "Private" stops us serving it publicly, but does not retroactively remove cached copies that may exist in Google's index, the Internet Archive, or other third-party caches. If you need a public CV permanently removed, contact us and we'll do what we can on our side.
5. Your rights
Depending on where you live, you may have one or more of the following rights:
- Access — request a copy of the personal data we hold about you.
- Correction — fix inaccurate information. Most of this you can do yourself in your profile and CV editor.
- Deletion — delete your account (and with it your CVs, templates, and personal data) at any time from profile settings.
- Export — download a copy of your data in a portable format.
- Object & restrict — opt out of certain processing.
- Withdraw consent — for things you originally opted into (e.g. marketing emails, if we ever add them).
- Complain — to your local data-protection authority if you believe we've mishandled your data.
To exercise any of these rights, email hello@snapmycv.com.
6. Ad personalisation & tracking opt-outs
- Opt out of Google Analytics globally with the GA opt-out browser add-on.
- Manage Google ad personalisation at myadcenter.google.com.
- Send a Do Not Track signal from your browser — we don't currently treat DNT as a binding opt-out, but Google Analytics and AdSense may.
7. Children
SnapMyCV is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has created an account, please contact us and we'll delete it.
8. International data transfers
Our hosting and database providers operate servers in multiple countries (primarily the United States and the European Union). By using SnapMyCV you consent to your personal data being transferred to and processed in these jurisdictions, which may have different data-protection laws than your own.
9. Security
We use TLS/HTTPS for all data in transit, store passwords as salted bcrypt hashes, and keep our infrastructure provider stack patched and monitored. Database access is restricted, and we use least-privilege credentials. Despite our best efforts, no online service is 100% secure — please use a strong, unique password.
10. Data retention
- Account & CV data — kept for the lifetime of your account.
- After account deletion — your CVs and personal data are removed from our active database within 30 days. Backups containing the data may persist for up to 90 days before being overwritten.
- Analytics events — kept indefinitely in aggregated form. We may purge raw events older than 24 months.
- Server logs — typically 30 days.
11. Changes to this policy
We may update this Privacy Policy as the service evolves or as legal requirements change. If we make material changes, we'll notify you by email (to the address on your account) or by a notice on the dashboard at least 14 days before the changes take effect.
12. Contact
Questions, requests, or concerns about your privacy? Reach us at hello@snapmycv.com.
See also: Terms of Service. Effective 31 May 2026.