Back to Home
Legal

Privacy Policy

CV Studio is committed to protecting your privacy. This policy describes exactly how we collect, use, and safeguard your personal data across all our services: resume parsing, applicant ranking, email communications, and LinkedIn integrations.

Last updated: 26 February 2026  ·  Effective: 26 February 2026

Overview

CV Studio ("we", "our", or "the Platform") is a business-to-consumer (B2C) AI-powered Applicant Tracking System (ATS) offered as a Software-as-a-Service (SaaS). Our platform helps recruiters and hiring managers streamline the entire hiring lifecycle: from posting jobs on LinkedIn, to parsing resumes, ranking applicants, and managing candidate communications.

This Privacy Policy applies to all users of the CV Studio platform and explains how we handle personal data for:

  • Recruiters and hiring teams (our paying customers)
  • Job applicants whose data is processed through the platform
  • Users who connect LinkedIn accounts to the platform

We comply with applicable data protection regulations including the GDPR (EU/EEA), UK GDPR, CCPA, and other applicable privacy laws.

Data We Collect

We collect data across three categories of individuals who interact with our platform:

Recruiter / Company Data

  • Name & email address
  • Company name & billing details
  • Job descriptions & requirements
  • Platform usage & activity logs
  • OAuth tokens (LinkedIn, email)

Applicant Data

  • Name, email, phone number
  • Resume content (CV files)
  • Work history & skills
  • Assessment responses
  • Email replies & communication history

Platform-Generated Data

  • Applicant ranking scores
  • AI-parsed resume attributes
  • Interview slots & schedules
  • Email delivery metadata
  • LinkedIn post & application data
No sensitive categories without consent. We do not intentionally collect sensitive personal data such as racial or ethnic origin, health information, political opinions, or biometric data. If a candidate voluntarily includes such information in their resume, it is processed only to provide the service and never used for discriminatory ranking.

Resume Processing & Applicant Ranking

A core function of CV Studio is the automated parsing of resumes and the AI-driven ranking of candidates against a job description. Here is exactly how we handle this:

When a recruiter uploads or receives a candidate's resume, our systems automatically extract structured information including:

  • Contact details (name, email, phone)
  • Work experience, titles, and dates
  • Education background and qualifications
  • Skills, certifications, and languages
  • Projects and portfolio links

This parsed data is stored securely and associated with the specific job application.

Our AI engine compares parsed resume attributes against criteria defined by the recruiter in the job description. A relevance score is generated for each applicant. This score is:

  • Based only on job-relevant factors (skills, experience, education match)
  • Never based on protected characteristics (race, gender, age, disability, etc.)
  • Always presented to recruiters as a decision-aid, not a final decision
  • Subject to human review before any hiring decisions are made

Applicants are informed (via the job posting or application flow) that their resume will be processed by an automated system. Recruiters using CV Studio are obligated (under our Terms of Service) to ensure their candidates have been appropriately informed about automated processing and have provided consent where required by local law (e.g., GDPR Article 22).

We may use anonymised and aggregated resume data to train, evaluate, and improve the accuracy of our AI parsing and ranking models. The purpose of this is solely to deliver better results for all users of the platform (for example, improving how accurately we extract skills or match candidates to job descriptions).

  • Data used for model improvement is de-identified before use wherever possible.
  • We do not share raw resume data with third parties for AI training purposes.
  • We do not sell resume data to any external AI or data broker.
  • Sensitive personal details (contact info, national ID numbers, etc.) are excluded from training datasets.

If you are a candidate and do not wish your resume data to be used for model improvement, you may opt out at any time by contacting us at privacy@topnotch-dev.com. We will honour your request and remove your data from any training pipeline within 30 days.

Email Communications

CV Studio sends and receives emails on behalf of recruiters as part of the hiring workflow. This covers assessment invitations, interview scheduling, and general candidate communications.

Emails We Send

Assessment invitations

Sent to candidates inviting them to complete skills or role-specific assessments.

Interview scheduling

Automated emails to candidates with calendar links or proposed interview slots.

Status updates

Optional notifications informing candidates of their application status.

Follow-ups

Reminder emails for pending assessments or unconfirmed interviews.

Emails We Receive & Process

Assessment replies

Candidate responses to assessment tasks submitted via email.

Interview confirmations/rejections

Replies accepting or declining proposed interview times.

Candidate queries

General replies from candidates, which are surfaced to recruiters.

Incoming email replies are parsed to extract relevant information (e.g., the candidate's preferred interview slot, assessment answers). This content is stored in the candidate profile within the platform and is accessible only to authorised recruiters on the hiring team.

We use industry-standard transactional email providers (such as SendGrid or similar) to deliver emails. These providers may process email metadata (sender, recipient, timestamps) but are bound by strict data processing agreements and do not have rights to use email content for their own purposes.

Every automated email sent to a candidate includes an opt-out mechanism. Candidates can reply 'STOP' or use the unsubscribe link to cease receiving communications from a particular recruiter's campaign. Recruiters also have the ability to suppress candidates from communication lists within the platform.

Emails sent through CV Studio are sent on behalf of the recruiter (your employer or client). CV Studio acts as a data processor, not a data controller, for this email activity. The recruiter/company is responsible for ensuring they have a lawful basis for contacting candidates.

LinkedIn Integration

CV Studio integrates with LinkedIn to allow recruiters to post job openings and receive applications directly within the platform. We access LinkedIn data strictly in accordance with LinkedIn's API Terms of Use and the Digital Markets Act (DMA) where applicable.

LinkedIn Data We Access & Why

Job Posting
Job title, description, location, and requirements
To publish job listings on LinkedIn on behalf of the recruiter
Receiving Applications
Applicant LinkedIn profile (name, headline, experience, skills)
To import candidate profiles into CV Studio for review and ranking
DMA Portability Data
Profile and employment data shared via LinkedIn DMA Portability APIs
Only accessed with explicit member consent, solely to deliver the requested features
OAuth Access Token
LinkedIn OAuth token scoped to posting and application access
To authenticate API calls on behalf of the recruiter's account
  • Member Consent: We only access LinkedIn Portability Data with explicit member consent for the specific feature authorised.
  • Purpose Limitation: LinkedIn Portability Data is never used for advertising, profiling, AI/ML training, or sold to third parties.
  • Data Deletion: You may request deletion of your LinkedIn Portability Data at any time by contacting privacy@topnotch-dev.com. We will comply unless retention is required by law.
  • No Re-Identification: We do not attempt to re-identify anonymised or de-identified LinkedIn data.
  • No Discriminatory Use: LinkedIn data is never used in ways that facilitate bias or unlawful discrimination.
  • Third-Party Disclosure: LinkedIn data is not disclosed to third parties except to trusted processors under strict confidentiality obligations and only to deliver the platform services.

You can revoke CV Studio's access to your LinkedIn account at any time via LinkedIn's "Authorised Apps" settings page or by disconnecting the integration from within CV Studio. Revoking access will stop any future LinkedIn data synchronisation but will not automatically delete data previously imported.

How We Use Your Data

PurposeData UsedLegal Basis
Resume parsing & rankingResume content, job criteriaContract / Legitimate interests
Sending assessment emailsCandidate email, assessment contentContract / Legitimate interests
Receiving & processing repliesInbound email contentContract / Legitimate interests
Interview schedulingCandidate email, availabilityContract
LinkedIn job postingJob description, recruiter OAuthContract
Importing LinkedIn applicationsApplicant LinkedIn profileConsent (via LinkedIn)
AI model improvement (opt-out available)Anonymised resume dataLegitimate interests
Platform analytics & improvementAggregated, anonymised usage dataLegitimate interests
Billing & account managementPayment details, account infoContract
Security & fraud preventionLogin, activity logsLegitimate interests
We never sell your data. We never sell, license, or otherwise monetise personal data belonging to recruiters, applicants, or LinkedIn members. Data is used exclusively to deliver and improve the CV Studio service.

Data Retention & Security

We retain personal data only for as long as necessary to deliver our services or as required by applicable law.

Active account data

Duration of subscription + 90 days post-cancellation

Applicant profiles

As specified by recruiter, max 2 years unless extended

Email content & replies

12 months from last activity

LinkedIn Portability Data

Until user requests deletion or connection is revoked

Billing records

7 years (legal/tax compliance)

Security & audit logs

12 months

Security Measures

We implement industry-standard technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls limiting who can view applicant data
  • Regular security audits and penetration testing
  • Secure OAuth token storage with encrypted vaults
  • Automated threat detection and anomaly monitoring

While we take every reasonable precaution, no system is completely immune to breaches. In the event of a data breach that affects your rights, we will notify you and relevant supervisory authorities within 72 hours as required by GDPR.

Your Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@topnotch-dev.com.

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Ask us to correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing

Ask us to limit how we use your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Withdraw consent at any time without affecting prior processing.

Right Not to be Subject to Automated Decisions

Request human review of any solely automated decisions that significantly affect you.

We will respond to all valid requests within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or your national DPA in the EU).

Contact & Data Controller

CV Studio is operated by TopNotch Dev Ltd. For any privacy-related enquiries, data subject requests, or concerns about this policy, please reach out to us:

privacy@topnotch-dev.comTerms of Service

This Privacy Policy may be updated from time to time. We will notify registered users of material changes by email. The "Last updated" date at the top of this page reflects the most recent revision.