Privacy Policy

Last updated: July 26, 2025

1. Who We Are

Nocodo LTD is a Cyprus private company that provides CV standardization services for HR teams and recruitment agencies. This Privacy Policy explains how we collect, use, and protect your personal information.

2. Information We Collect

Account Information

• Email address (for account creation and communication)
• Password (stored securely using encryption)
• Account creation and last update timestamps

CV Data

• CV files you upload (in original format)
• Processed CV content and standardized versions
• File names and upload timestamps
• Processing status and metadata

Technical Information

• IP address (for security and session management)
• Browser information (user agent)
• Session data for keeping you logged in

Billing Information

• Subscription plan and status
• Credit usage and history
• Currency preference (USD or EUR)
• Billing country for tax purposes (collected by Paddle)

3. How We Use Your Information

We use your personal information to:

• Provide our service: Process CVs, provide standardized formats, and manage your account
• Improve our service: Understand how our AI processing performs and make improvements
• Communicate with you: Send important updates, respond to support requests
• Security: Protect your account and prevent unauthorized access
• Legal compliance: Meet our legal obligations and protect our rights

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract: To provide the services you've signed up for
• Legitimate interests: To improve our service and ensure security
• Consent: Where you've given specific consent for certain processing
• Legal obligation: To comply with applicable laws and regulations

5. How We Store and Protect Your Data

Data Storage

• All data is stored on secure servers located in the European Union
• We use Hetzner (German cloud provider) for our hosting infrastructure
• Files are stored with encryption and access controls
• Database backups are encrypted and stored securely

Security Measures

• Passwords are encrypted using industry-standard methods
• Secure HTTPS connections for all data transmission
• Regular security updates and monitoring
• Access controls to limit who can access your data

6. Who We Share Your Data With

We do not sell or rent your personal data. We only share data with:

• AI Processing Service: We use Anthropic's API to process CVs (data is sent securely and not stored by Anthropic)
• Payment Processor: Paddle.com Market Limited handles all payment processing and billing as our Merchant of Record
• Infrastructure Providers: Hetzner (for hosting) under strict data processing agreements
• Legal Requirements: If required by law or to protect our rights

7. Payment Processing

Payment processing is handled by Paddle.com Market Limited ("Paddle"), which acts as our Merchant of Record:

• Paddle processes all transactions, including credit card payments and invoicing
• We do not store or have access to your credit card information
• Paddle collects payment information according to their privacy policy
• Paddle handles VAT/tax calculation and collection based on your location
• For payment-related inquiries, you may need to contact Paddle directly

8. Data Retention

We retain your data for as long as:

• Your account is active
• Required for providing our services
• Required by law or for legitimate business purposes

When you delete your account, we will delete your personal data within 30 days, except where we're required to keep certain records for legal compliance.

9. Your Rights (GDPR)

If you're in the EU, you have these rights regarding your personal data:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Restriction: Limit how we process your data
• Portability: Receive your data in a portable format
• Objection: Object to certain types of processing
• Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at support@nocodo.tech

10. Cookies and Tracking

We use minimal cookies necessary for the service to function:

• Session cookies: To keep you logged in
• Security cookies: To protect against attacks

We do not use tracking cookies or third-party analytics.

11. International Data Transfers

Your data is processed and stored within the European Union. If we need to transfer data outside the EU, we will ensure appropriate safeguards are in place.

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our service. The updated policy will be effective when posted.

14. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights:

• Company: Nocodo LTD
• Location: Cyprus, European Union
• Email: support@nocodo.tech
• Support: support@nocodo.tech

Note: If you have concerns about how we handle your personal data and you're in the EU, you can also contact your local data protection authority.