Cookie consent

We use cookies to analyze site usage and improve your experience. You can accept or reject non-essential cookies.

For more information, see our Privacy policy.

Skip to main content

Privacy Policy

Last updated: 2026-01-23

ZVee is operated by MaraLabs. MaraLabs is the data controller under applicable data protection laws. Contact information can be found under 'Impressum / Legal Notice'. This Privacy Statement explains how MaraLabs collects, uses, and protects your personal data when you use ZVee.

Data Collection

MaraLabs collects and processes the following personal data:

  • Personal data relevant for CVs: name, contact information (address, email, phone), date of birth, employment history, education details, profile photos
  • Uploaded resumes with data as mentioned in first point
  • User preferences and consent records
  • Authentication data managed securely via Supabase
  • Payment data required for processing subscriptions and premium services
  • Minimal technical information such as anonymous error logs that exclude CV content

Purpose and Legal Basis for Processing Personal Data

Personal data collected by MaraLabs through ZVee is processed solely for the purposes necessary to provide and improve our services. These purposes include:

  • Creating, storing, editing, and exporting CVs required for the fulfillment of our contract with you as a user
  • Managing your user account and preferences to enable personalized and secure service access
  • Processing payments and subscriptions securely, in compliance with legal obligations such as tax and accounting laws
  • Enhancing the security, reliability, and performance of ZVee based on our legitimate interests, balanced against your rights and freedoms
  • Providing AI-assisted features you choose to use (such as drafting suggestions, job match analysis, and cover letter drafting) to help you create and tailor your CV and job application materials

Privacy by Design and by Default

MaraLabs incorporates data protection principles into the design and operation of ZVee. We ensure that only personal data necessary for each specific purpose is processed, and privacy settings are configured at the highest level of protection by default.

Data Accuracy

We take reasonable steps to ensure that your personal data is accurate and kept up to date. You are responsible for providing correct information, and you can update or correct data within the app to maintain accuracy.

Data Storage and Retention

Your personal data (including CV content, account information, and authentication data) is stored securely on cloud servers hosted by Supabase, located within the European Union or Switzerland, in accordance with applicable data protection laws such as the GDPR and the Swiss Federal Act on Data Protection (FADP).

The ZVee website front-end is hosted by Netlify, Inc. in the United States. Netlify may process limited technical data (such as IP addresses and request logs) necessary for website delivery and performance. This data processing is covered by appropriate safeguards, including the Swiss-U.S. Data Privacy Framework and standard contractual clauses, to ensure compliance with GDPR and FADP requirements.

Your data is retained only as long as necessary to fulfill the purposes outlined in this policy or as required by law:

  • Account and CV data: deleted from active systems immediately after you delete your account, and removed from backups within 30 days.
  • Payment and Transaction data: transaction records are retained for 7-10 years as required by Swiss tax, accounting, and anti-money laundering laws.
  • Analytics data: retained per Google Analytics settings (2-14 months), controllable via cookie banner.
  • Authentication data: retained until account deletion.
  • Error logs: retained for up to 90 days for troubleshooting and security, excluding CV content.
  • After these periods: data is securely deleted or anonymized.

Cookies

ZVee uses cookies, which are small text files stored on your device when you visit our website. Cookies help us provide, protect, and improve our services.

Types of Cookies We Use:

  • Essential Cookies: These cookies are necessary for the website to function properly and cannot be disabled. They include authentication cookies that enable you to sign in and access your account securely.
  • Analytics Cookies: We use Google Analytics 4 cookies to understand how visitors interact with our website. These cookies collect information such as page views, session duration, and user interactions. Analytics cookies are only placed on your device after you provide explicit consent via our cookie consent banner.

Google Analytics Cookies: When you consent to analytics cookies, Google Analytics sets cookies such as _ga and _ga_* to distinguish unique users and track user behavior. These cookies have a default retention period of 2 years, but we configure our Google Analytics settings to retain data for 2-14 months as specified in our Data Retention section.

Managing Cookie Preferences: You can manage your cookie preferences at any time through our cookie consent banner, which appears when you first visit our website. You can accept all cookies or reject non-essential (analytics) cookies. You can also withdraw your consent at any time, which will prevent future analytics cookies from being set.

Additionally, most web browsers allow you to control cookies through their settings. You can set your browser to refuse cookies or alert you when cookies are being sent. However, disabling essential cookies may affect your ability to use certain features of ZVee.

For more information about how Google uses cookies in Google Analytics, please visit Google's Cookie Policy.

Third-Party Services and Tools

To provide and continuously improve ZVee, MaraLabs uses the following trusted third-party service providers, who act as data processors under strict contractual agreements in compliance with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP):

  • Supabase: Provides cloud hosting and database services for storing your CVs, account data, and authentication information. All personal data is stored exclusively in data centers located within the European Union or Switzerland
  • Netlify: Hosts the ZVee website front-end in the United States. Netlify may process limited technical data (IP addresses, request logs) necessary for website delivery. This processing is covered by the Swiss-U.S. Data Privacy Framework and standard contractual clauses
  • Stripe: Handles secure payment processing for subscriptions and premium services. For payment processing, Stripe acts as a processor. However, for fraud prevention and legal compliance (AML/KYC), Stripe also acts as an independent data controller as described in the Stripe Privacy Policy.
  • Google Analytics 4: Collects website analytics data to help us understand how users interact with our service. Analytics data collection requires your explicit consent (see Cookies section below)
  • OpenAI: We use OpenAI's API services (provided by OpenAI Ireland Ltd and, where applicable, its affiliates) to power our AI-assisted features (e.g., CV text suggestions, keyword analysis, cover letter drafting). When you use these features, relevant text you provide is sent to OpenAI for processing

MaraLabs has contractual data processing agreements in place with all third-party processors, either through separate Data Processing Agreements (DPAs) or as incorporated by reference in their Terms of Service. These agreements ensure compliance with GDPR, revised Swiss data protection law, and require technical and organizational security measures.

AI-Powered Features (OpenAI)

ZVee offers optional AI-assisted features to help you draft and improve CV and job application content. When you use these features, we send relevant text you provide (for example, CV content, work history, or a job description) to OpenAI for processing and to generate suggestions.

Data processing role: MaraLabs is the data controller. OpenAI acts as a data processor for AI-assisted features under a data processing addendum (DPA).

International transfers: Depending on how OpenAI processes requests, your data may be processed outside Switzerland/the EEA (including in the United States). For transfers outside Switzerland/EEA, we rely on appropriate safeguards such as the Swiss-U.S. Data Privacy Framework where applicable and/or Standard Contractual Clauses (SCCs) incorporated into provider DPAs/terms.

Model training: We do not opt in to OpenAI data sharing for model improvement, so content sent via the OpenAI API is not used to train OpenAI models.

Retention: OpenAI may retain API data for a limited period for abuse monitoring/security as described in OpenAI's documentation and applicable terms.

Human in the loop: AI generates suggestions, but you decide what to include. We do not use AI for fully automated decision-making that produces legal or similarly significant effects (for example, automated hiring decisions).

Important: Please avoid entering sensitive data you do not want processed by AI (e.g., health data) when using AI-assisted features.

Data Sharing

MaraLabs does not sell or share your personal data for commercial purposes. Personal data is shared only with third-party service providers explicitly listed in this Privacy Policy who process your data solely to provide and improve the services you use.

Processors are contractually required to comply with GDPR/FADP and handle your data only on our documented instructions, implementing appropriate security measures.

Any sharing is limited strictly to necessary purposes such as cloud hosting, payment processing, analytics, or CV parsing.

Where data is transferred outside the EEA or Switzerland, MaraLabs ensures proper safeguards like standard contractual clauses are in place.

You will be informed of any material changes to data sharing practices.

Your Rights as a Data Subject

In accordance with GDPR and FADP, you have the right to:

  • Access and review your personal data within the app
  • Update or correct your CV data and preferences
  • Permanently delete your account and associated data (subject to legal retention requirements for transaction data noted in the Data Storage and Retention section)
  • Withdraw consent at any time (note this may affect service usability)
  • Request a copy of your data or restrict specific processing
  • You may export your personal data in a structured, commonly used, machine-readable format (for example, as a JSON export) directly from your Account Settings. You may also request to have it transmitted to another provider where technically feasible
  • Object to processing based on legitimate interests where applicable
  • Lodge complaints with supervisory authorities:

Contact us first for data concerns; escalation to authorities is your right.

Data Breach Notification

MaraLabs has implemented appropriate technical and organizational measures to detect, manage, and mitigate personal data breaches. In the unlikely event of a data breach that poses a risk to your rights and freedoms, MaraLabs will promptly assess the severity and take all necessary actions to contain and remediate the breach.

Where required by law, we will notify the relevant data protection supervisory authority within 72 hours of becoming aware of the breach. Our processors are contractually obligated to notify us of security incidents, typically within 48 hours. If the breach is likely to result in a high risk to your rights or freedoms, we will also inform you without undue delay and provide details about the nature of the breach, the potential impact, and measures taken to address and mitigate the risk.

For any concerns or to report a suspected data breach, please contact us immediately at: support@zvee.io.

Security Measures

MaraLabs applies robust technical and organizational safeguards including:

  • Strict access controls to authorized personnel only
  • Secure profile photo storage with restricted access
  • Encryption of data in transit (HTTPS) and at rest where feasible
  • Regular security audits and vulnerability assessments
  • Contractual data processing agreements with all third-party processors (either as separate DPAs or incorporated in service terms) ensuring compliance with data protection and security standards

All measures align with GDPR and Swiss FADP to protect your data confidentiality, integrity, and availability.

Statement Updates

Changes to this Policy will be communicated by email or in-app notification. Continued use signifies acceptance.

Contact Information

For privacy inquiries, contact: support@zvee.io

© 2026 ZVee
Legal