Privacy Policy

Last Updated: 11.07.2025

1. Introduction

CoverPaste ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our website and application.

Contact Information:

  • Business Name: CoverPaste
  • Owner: Nova Heidt
  • Address: Uhlandstr. 20, 72667 Schlaitdorf, Germany
  • Privacy Contact: privacy@coverpaste.com

2. Data Controller

Nova Heidt, operating CoverPaste as a Kleinunternehmer in Germany, is the data controller responsible for your personal information.

3. Information We Collect

3.1 Account Information

  • Email address (for authentication and communication)
  • Password (stored securely using industry-standard hashing)
  • User profile data (name, phone number when provided)
  • Authentication tokens (for secure session management)

3.2 Payment Information

  • Transaction records (purchase history, payment amounts, dates)
  • Credit balances and subscription status
  • Payment references (for invoice generation and support)
  • Billing information (processed through our payment provider SumUp)

3.3 Usage Data

  • Application usage logs (cover letter generation requests, feature usage)
  • Performance metrics (response times, error rates)
  • Session data (login times, IP addresses)
  • Analytics data (via Umami Analytics)

3.4 Content Data

  • Job descriptions (temporarily processed for cover letter generation)
  • CV content (temporarily processed but never stored)
  • Cover letter examples (temporarily processed but never stored)
  • Generated cover letters (displayed to you but not permanently stored)

3.5 Communication Data

  • Contact form submissions (email, subject, message from our WordPress site)
  • Support communications (emails and messages sent to us)

3.6 Technical Data

  • Device information (browser type, device type, screen resolution)
  • Network data (IP address, connection type)
  • Cookies and tracking data (as detailed in our Cookie Policy below)

4. Legal Basis for Processing

Under GDPR, we process your data based on the following legal grounds:

  • Contract Performance: Processing necessary for providing our services
  • Legitimate Interest: Analytics, security, and service improvement
  • Consent: Marketing communications and optional features
  • Legal Obligation: Tax records, payment processing compliance

5. How We Use Your Information

5.1 Service Provision

  • Create and manage your account
  • Generate personalized cover letters using OpenAI's API
  • Process payments and manage subscriptions
  • Provide customer support

5.2 Communication

  • Send service-related notifications
  • Respond to your inquiries and support requests
  • Provide updates about our services (with your consent)

5.3 Analytics and Improvement

  • Analyze usage patterns to improve our services
  • Monitor application performance and security
  • Conduct error tracking and debugging

5.4 Legal and Security

  • Prevent fraud and unauthorized access
  • Comply with legal obligations
  • Enforce our terms of service

6. Data Sharing and Third Parties

6.1 Service Providers

We share data with trusted third parties who help us operate our services:

  • OpenAI: CV and job description content for cover letter generation (not stored)
  • SumUp: Payment processing and transaction management
  • Supabase: Database hosting and authentication services
  • Sentry: Error tracking and monitoring
  • Umami: Privacy-focused analytics
  • DigitalOcean: Cloud hosting infrastructure

6.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authorities.

6.3 Business Transfers

In case of merger, acquisition, or sale of assets, your data may be transferred to the new owner.

7. Data Retention

7.1 Account Data

  • Active accounts: Retained while your account is active
  • Inactive accounts: Deleted after 3 years of inactivity
  • Deleted accounts: Permanently removed within 30 days of deletion request

7.2 Financial Records

  • Payment records: Retained for 10 years as required by German tax law
  • Invoices: Retained for 10 years for tax compliance

7.3 Logs and Analytics

  • Usage logs: Retained for 12 months for security and improvement purposes
  • Error logs: Retained for 6 months for debugging and service improvement
  • Analytics data: Anonymized and retained for 24 months

7.4 Communications

  • Support communications: Retained for 2 years for quality assurance
  • Contact form submissions: Retained for 1 year unless ongoing correspondence

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: All data transmissions use HTTPS/TLS encryption
  • Access Controls: Strict access controls and authentication requirements
  • Secure Storage: Data stored in secure, encrypted databases
  • Regular Audits: Regular security assessments and updates
  • Incident Response: Procedures for handling potential data breaches

9. International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA, including:

  • United States: For OpenAI API processing and cloud services
  • Standard Contractual Clauses: Used to ensure adequate protection

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

10.1 Access Rights

  • Request a copy of your personal data
  • Receive information about how your data is processed

10.2 Correction and Deletion

  • Correct inaccurate personal data
  • Delete your personal data ("right to be forgotten")

10.3 Processing Rights

  • Restrict processing of your data
  • Object to processing based on legitimate interests
  • Data portability (receive your data in a structured format)

10.4 Consent Rights

  • Withdraw consent at any time (where processing is based on consent)
  • This won't affect the lawfulness of processing before withdrawal

10.5 Exercising Your Rights

To exercise these rights, contact us at privacy@coverpaste.com. We'll respond within 30 days.

11. Cookies and Tracking

11.1 Essential Cookies

  • Session cookies: For authentication and service functionality
  • Security cookies: For fraud prevention and security

11.2 Analytics Cookies

  • Umami Analytics: Privacy-focused analytics (no personal data tracked)

11.3 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

12. WordPress Website Specific

12.1 Plugins and Data Processing

Our WordPress site uses the following data-processing plugins:

  • Elementor: Page building (no personal data collection)
  • Rank Math SEO: SEO optimization (no personal data collection)
  • Umami Integration: Privacy-focused analytics
  • SureForms: Contact form processing
  • LiteSpeed Cache: Performance optimization

12.2 Embedded Content

Our website includes embedded YouTube videos, which may set cookies according to YouTube's privacy policy.

12.3 Contact Forms

Contact form data is processed for communication purposes and retained for 1 year.

13. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children under 16.

14. Changes to This Policy

We may update this Privacy Policy periodically. We'll notify you of significant changes by:

  • Email notification to registered users
  • Prominent notice on our website
  • Updated "Last Updated" date

15. Complaints and Supervisory Authority

If you have concerns about our data handling, you can:

  • Contact us at privacy@coverpaste.com
  • File a complaint with your local data protection authority
  • Contact the German data protection authority (BfDI)

16. Contact Information

For privacy-related questions or to exercise your rights:

Email: privacy@coverpaste.com
Address: CoverPaste, Nova Heidt, Uhlandstr. 20, 72667 Schlaitdorf, Germany

This Privacy Policy is effective as of 11.07.2025 and applies to all users of CoverPaste services and website.

Scroll to Top