Back to Home
AirlineCV

Privacy Policy

Last updated: March 19, 2026

1. Introduction

AirlineCV ("we", "our", or "us") is committed to protecting the privacy of our users ("you" or "your"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the AirlineCV web application and related services (collectively, the "Service").

AirlineCV is a digital CV builder designed specifically for airline pilots. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable French data protection law. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

AirlineCV
Email: contact@airlinecv.com

For any questions or concerns about how we handle your personal data, you may contact us at the above email address.

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

  • Your email address
  • Your name (first name and last name)
  • A hashed version of your password (we never store plaintext passwords)
  • Account creation and last login timestamps

3.2 Profile and CV Data

When you build a CV, you may provide information including but not limited to:

  • Contact details (phone number, address, nationality)
  • Date of birth
  • Pilot licence information (licence type, number, issuing authority)
  • Type ratings and aircraft qualifications
  • Flight hours and experience
  • Medical certificate details
  • English Language Proficiency (ELP) levels
  • Employment history
  • Education and training
  • Profile photograph (if uploaded)

This data is primarily stored locally on your device using IndexedDB browser storage. If you are logged in with an account, a copy of your profile data may also be stored on our servers (SQLite database) to enable synchronization across devices.

3.3 Payment Data

When you make a purchase, payment processing is handled entirely by Stripe, Inc. We do not store your credit card number, CVV, or full payment details on our servers. We may receive and store from Stripe: your name, billing email, the last four digits of your card, transaction amount, and transaction status. Please refer to Stripe's privacy policy at https://stripe.com/privacy for details on how they handle your payment information.

3.4 Usage and Technical Data

We may automatically collect certain technical information when you access the Service, including:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and features used
  • Date and time of access

4. How We Store Your Data

4.1 Local Storage (IndexedDB)

AirlineCV is designed with a privacy-first architecture. Your CV and profile data are primarily stored in your browser's IndexedDB, a local database that resides entirely on your device. This means your data remains on your computer and is not automatically transmitted to our servers. If you clear your browser data, this locally stored information will be deleted.

4.2 Server-Side Storage

If you create an account and log in, your profile and CV data may be synced to our server-side database (SQLite) to allow you to access your data from multiple devices or recover it if you clear your browser. Server-side data is stored securely and is only accessible through authenticated requests using your account credentials.

4.3 Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including encryption of passwords using bcrypt hashing, secure JWT-based authentication, and HTTPS encryption for all data in transit. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

5. Cookies and Authentication

AirlineCV uses cookies strictly for authentication purposes. When you log in, a JSON Web Token (JWT) is stored as a cookie in your browser. This cookie allows you to remain authenticated as you navigate the Service.

We do not use cookies for advertising, tracking, or analytics purposes. The authentication cookie is a session-essential cookie and does not require separate consent under GDPR Article 5(3) of the ePrivacy Directive, as it is strictly necessary for the functioning of the Service.

You can delete authentication cookies at any time through your browser settings. Doing so will log you out of the Service.

6. Third-Party Services

6.1 Stripe (Payment Processing)

We use Stripe, Inc. as our payment processor. When you make a purchase, your payment information is sent directly to Stripe and processed according to their security standards (PCI-DSS Level 1 certified). We do not have access to your full payment card details. Stripe may collect additional information as described in their privacy policy.

6.2 Anthropic (AI Features)

AirlineCV offers AI-powered features (such as smart suggestions and cover letter generation) using the Anthropic API. When you use these features, relevant portions of your CV data are sent to Anthropic's servers for processing. Anthropic processes this data according to their API terms and does not use your data to train their models. We only send the minimum data necessary for the AI feature to function. For more information, refer to Anthropic's privacy policy at https://www.anthropic.com/privacy.

6.3 Data Transfers Outside the EU

Both Stripe and Anthropic are US-based companies. Data transferred to these providers may be processed outside the European Economic Area. These transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) adopted by the European Commission. By using the Service and its payment or AI features, you acknowledge these transfers.

7. Purpose and Legal Basis for Processing

We process your personal data for the following purposes and on the following legal bases:

  • Performance of contract (GDPR Art. 6(1)(b)): To provide the Service, create and manage your account, process payments, and deliver purchased PDF downloads.
  • Legitimate interest (GDPR Art. 6(1)(f)): To maintain security of the Service, prevent fraud, and improve the user experience.
  • Legal obligation (GDPR Art. 6(1)(c)): To comply with applicable laws, including tax and accounting requirements for transactions.
  • Consent (GDPR Art. 6(1)(a)): For AI-powered features where your CV data is processed by Anthropic. You may withdraw consent at any time by ceasing to use these features.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: Retained for the duration of your account. If you delete your account, your data will be removed from our servers within 30 days, except where retention is required by law.
  • Local data (IndexedDB): Remains on your device until you clear your browser data. We have no control over this data.
  • Transaction records: Retained for up to 10 years as required by French commercial and tax law.
  • Server logs: Retained for up to 12 months for security and debugging purposes.

9. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data. You can also update your data directly through the Service.
  • Right to erasure (Art. 17): You may request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18): You may request that we restrict the processing of your data in certain circumstances.
  • Right to data portability (Art. 20): You may request your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): You may object to the processing of your personal data where processing is based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at contact@airlinecv.com. We will respond to your request within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the French data protection authority (CNIL) at www.cnil.fr.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16 without parental consent, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. If we make material changes, we will notify registered users by email. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

AirlineCV
Email: contact@airlinecv.com