Privacy Policy

The controller responsible for the processing of your personal data in connection with aileadgenr is the entity named in the Imprint.

For all data-protection inquiries, please contact us via privacy@aileadgenr.com or through the contact form.

If we are required to appoint a Data Protection Officer (DPO) under Art. 37 GDPR, their details will be published here.

2.1 Account registration and authentication

When you create an account, we collect your email address and a hashed password (or OAuth token if you sign in via Google, GitHub, or similar). We use this data to authenticate you, send transactional emails (e.g. password reset, billing receipts), and identify your account. The legal basis is the performance of a contract (Art. 6 § 1 lit. b GDPR).

2.2 CV and career data you provide

When you use aileadgenr to generate a CV, you voluntarily submit information about your professional experience, skills, education, and other career-relevant details. This data is used exclusively to generate your CV content via the AI provider. We store your CV projects in your account so you can access and edit them later. The legal basis is the performance of a contract (Art. 6 § 1 lit. b GDPR).

2.3 Billing and payment data

Payments are processed by our payment provider (e.g. Stripe). We do not store credit card numbers or full payment details on our servers. We receive and store limited billing data such as your subscription plan, billing email, invoice ID, and payment status for accounting and customer support purposes. The legal basis is the performance of a contract (Art. 6 § 1 lit. b GDPR) and compliance with a legal obligation (Art. 6 § 1 lit. c GDPR).

2.4 Usage data and server logs

Our web server automatically logs connection metadata including your IP address, browser type, operating system, referring URL, pages visited, and timestamps. This data is used for security monitoring, abuse prevention, and diagnosing technical issues. Logs are automatically deleted after 30 days. The legal basis is our legitimate interest in operating a secure and reliable service (Art. 6 § 1 lit. f GDPR).

2.5 Contact form messages

If you contact us via the contact form or by email, we store your name, email address, and the content of your message to respond to your inquiry. Messages are retained for up to 2 years for documentation purposes. The legal basis is our legitimate interest in providing customer support (Art. 6 § 1 lit. f GDPR).

2.6 Cookies and local storage

We use strictly necessary cookies (e.g. session tokens) to keep you logged in. We do not set marketing or tracking cookies without your explicit consent. You can manage cookies via your browser settings or our cookie banner where present. The legal basis for strictly necessary cookies is our legitimate interest (Art. 6 § 1 lit. f GDPR); for optional cookies, your consent (Art. 6 § 1 lit. a GDPR).

To deliver aileadgenr, we work with the following categories of third-party data processors. All processors are bound by data processing agreements (DPAs) and may only process your data on our behalf and according to our instructions.

SCCs = Standard Contractual Clauses as approved by the European Commission for data transfers to third countries.

Some of our service providers (e.g. OpenAI, Stripe) are located outside the European Economic Area (EEA). Where personal data is transferred to countries not recognised by the European Commission as providing an adequate level of protection, we rely on Standard Contractual Clauses (SCCs) pursuant to Art. 46 § 2 lit. c GDPR or other appropriate safeguards.

You may request a copy of the relevant safeguards by contacting us at privacy@aileadgenr.com.

We retain your personal data only as long as necessary for the purposes described above:

• Account data: Until you delete your account, plus up to 30 days in backups.
• CV projects: As long as your account is active. Deleted on account deletion.
• Server logs: 30 days, then automatically purged.
• Billing records: Up to 10 years to comply with tax and accounting obligations.
• Contact messages: Up to 2 years from receipt.

After account deletion, we delete all personal data within 30 days, except where we are legally required to retain certain records.

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights:

• Right of access (Art. 15 GDPR): Request a copy of all personal data we hold about you.
• Right to rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR): Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
• Right to restriction of processing (Art. 18 GDPR): Request that we limit how we process your data in certain situations.
• Right to data portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21 GDPR): Object to processing based on our legitimate interests.
• Right to withdraw consent (Art. 7 GDPR): Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
• Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us at privacy@aileadgenr.com. We will respond within 30 days.

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

• All data in transit is encrypted via TLS 1.2+.
• Passwords are never stored in plain text — we use bcrypt hashing.
• Database access is restricted to authorized systems only, with encrypted connections.
• Regular security reviews and dependency updates.
• Production secrets are stored in environment variables, never in source code.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Art. 33 and 34 GDPR.

aileadgenr is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 16, we will delete it promptly. If you believe we have collected data from a child, please contact us immediately.

aileadgenr does not use your personal data for fully automated decisions that produce legal or similarly significant effects. AI-generated CV content is a creative output provided as a writing aid — the final CV is always reviewed and submitted by you.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email (if you have an account) or by displaying a prominent notice on our website. The date at the top of this page always reflects the date of the most recent update.

Your continued use of aileadgenr after any changes constitutes your acknowledgment of the updated policy. We encourage you to review this page periodically.

For all privacy-related questions, data access requests, or complaints, please reach out to us:

Email: privacy@aileadgenr.com

Mailing address: See Imprint.

Response time: We will acknowledge your request within 5 business days and provide a full response within 30 days.