**Last updated:** April 19, 2026
App: CV Maker - AI Resume Builder (package name: `com.tool.cvmaker.resumerai.aimaker`)
Developer: Better Tool Studio
---
This policy describes how we collect, use, store, and protect information when you use the cvmaker app distributed through Google Play. We aim to comply with the [Google Play Developer Program Policies](https://play.google.com/about/developer-content-policy/) and the **Data safety** declaration guidance on Play Console.
By installing and using the app, you agree to this policy. If you do not agree, please uninstall the app and discontinue use.
---
- The app operates primarily **on your device**. Most CV data, profile information, and settings are stored **locally** on your phone.
- We **do not operate a dedicated login server** for the app to store user accounts in the current codebase; sync or backup may depend on Android/Google backup features (see Section 6).
---
| Data type | Examples | Purpose |
|-----------|----------|---------|
| Profile personal information | Name, email, phone, date of birth, address, hometown, LinkedIn/GitHub links, profile photo (URI of a photo you choose) | Build and display your CV; preview/export PDF based on your actions |
| CV content | Summary, work experience, education, skills, headline | Edit, save, and manage CV documents |
| CV photos for import | Images you pick from your gallery | Extract text via OCR and, when you proceed, send extracted text to an AI service to suggest structured content |
| Job descriptions (JD) | Text you paste or type | AI features to tailor your CV to a posting and suggest ATS-related keywords |
| App state | Credits, unlocked templates, UI language, onboarding status | Operate paid/credit features and user experience |
**Google AI (Gemini API — Generative Language API)**
When you use AI features (for example: polish text, suggest bullets, tailor a CV to a JD, parse OCR text into a structured CV), the app sends the relevant **text** over an encrypted connection (**HTTPS**) to Google’s servers for processing and returns results to your device. Content may include professional or personal details you included in your CV or JD.
- See also: [Google AI / Gemini API Terms & Privacy](https://ai.google.dev/gemini-api/terms) and Google’s privacy materials as published when you use the service.
**Google ML Kit (text recognition on images)**
The app uses ML Kit to perform **on-device text recognition** on images you select. Processing produces raw text for further editing and optional AI steps. Review [Privacy & Security in ML Kit](https://developers.google.com/ml-kit/privacy) for how Google describes the SDK.
**Google Play (in-app purchases)**
When Google Play billing is enabled for your release, in-app purchases and subscriptions are processed by **Google** under the [Google Payments Privacy Notice](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en). We may receive purchase state information needed to grant credits or template access; we **do not** store full payment card details on our own servers (standard Play Billing does not expose that to the app developer in that form).
---
The app may request or use the following, depending on the build you install:
| Permission / mechanism | Purpose |
|----------------------|---------|
| **Internet** | Calls the AI API (Gemini) and other connections required by integrated services |
| **Google Play Billing** | Purchase credits or subscriptions (when enabled on your published build) |
| **Photos / media (library / URIs you choose)** | Profile photos and “import CV from photo” (OCR). The app only processes images you actively select |
| **Advertising ID (if declared in the app)** | Some builds may declare related permissions due to the Google Play ecosystem or bundled SDKs. **The current codebase does not integrate an advertising SDK.** If you do not use ads, ensure your manifest and Play Console **Data safety** answers **match reality** (avoid over-declaring). |
The app **does not** sell your personal information to third parties in the sense of a data broker.
---
The app **does not** integrate website-style browser cookies. CV preview may use an **embedded WebView** to render HTML/PDF for display and print/export based on your actions; this is not used for programmatic advertising in the codebase reviewed.
---
- CV and profile data: stored **on device** until you delete it in the app or uninstall the app (excluding copies created by system backup, if any).
- AI results: may be **cached temporarily in the app process memory** to reduce duplicate requests; the cache is time-limited and does not replace your saved CV documents.
- Data sent to Google when using Gemini: governed by **Google’s retention and processing policies** for the applicable API.
---
We apply measures appropriate to the scale of the app, including **HTTPS** transport to APIs, limiting payload size in the app design, and local storage on device. No security measure is perfect; use a device screen lock and keep your OS updated.
---
Depending on the laws in your country or region (for example GDPR, CCPA), you may have rights such as:
- **Access / correction:** edit directly in the app (profile, CV).
- **Deletion:** delete CV content in the app; uninstall to remove local app data (and consider cloud backup settings on the device).
- **Withdraw consent:** stop using AI features or uninstall the app.
- **Complaints:** contact us using the email at the top of this document.
---
The app is intended for working-age users creating job application materials. We do not knowingly collect data from children below ages prohibited by local law. If you are a parent or guardian and believe your child has provided data, contact us and we will help within reasonable scope (data stored only on-device is typically deleted by the guardian directly on the device).
---
When you use Google services (AI API, Play, ML Kit), data may be processed on servers located in the **United States or other regions** under Google’s policies. By using those features, you acknowledge the practices and terms of those providers.
---
We may update this policy when we add features or when laws or Google Play requirements change. The “Last updated” date at the top will change. Continued use after changes take effect means you accept the updated policy, unless applicable law requires otherwise.
---
When completing **Data safety** on Play Console, align answers with **your actual shipped build**. Reference from reviewed source:
- **Collection / sharing:** CV text, JD text, OCR text → sent to **Google (Gemini API)** when AI is used; often user-provided content, purposes such as **App functionality** / **AI**.
- **On-device storage:** Room + DataStore (personal info, CV content, credits, settings) — typically **Collected** on device; not shared with the developer via a private backend server if you do not sync to your own server.
- **Purchases:** processed by **Google Play**.
- **ML Kit:** on-device processing; still review Google’s SDK guidance for the ML Kit version you ship.
- **Advertising ID:** if `AD_ID` remains in the manifest but the app **does not** use it for ads/analytics, remove the permission or update Play declarations to match and avoid policy mismatches.
Contact to Support: dev.fromnowwhere@gmaill.com.vn