How we protect your data

When you use NextCV without an account (guest mode), all your resume data is stored locally in your browser's storage. It is never uploaded to our servers. Clearing your browser cache or switching devices will remove this data permanently.

This means you can build and preview a CV without any data ever leaving your machine.

All connections to NextCV use TLS 1.2 or higher. Data exchanged between your browser and our servers — including authentication tokens and resume content — is encrypted end-to-end during transmission.

If you create an account, your resumes are stored in an encrypted database. Access to your data requires an authenticated session tied to your account. We use industry-standard database encryption and access controls.

All payments are processed by Stripe, a PCI-DSS Level 1 certified payment processor. NextCV never sees, stores, or has access to your credit card number or banking details. Stripe handles billing, receipts, and subscription management.

Authentication is handled via Magic Link (passwordless email) or Google OAuth. We do not store passwords. Sessions are scoped to your device and expire after a period of inactivity.

In the event of a security incident that affects your personal data, we will notify impacted users within 72 hours, as required by GDPR. We will describe what happened, what data was affected, and what steps we are taking.

If you discover a vulnerability in NextCV, please report it to security@nextcv.io. We appreciate responsible disclosure and will acknowledge receipt within 48 hours.