GDPR Compliance
Last updated: March 20, 2026
Our Commitment
Tuelio is committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page explains how we comply with GDPR and how you can exercise your rights.
Legal Basis for Processing
We process your personal data under the following legal bases:
- Contract performance — Processing your CV data, account information, and payment details is necessary to provide the Service you signed up for.
- Legitimate interest — Usage analytics, error monitoring, and security measures help us improve and secure the platform.
- Consent — Optional features like AI-powered content generation require you to actively use them. You can choose not to use AI features at any time.
Your Rights Under GDPR
As a data subject, you have the following rights:
Right of Access
You can view all your personal data in your Profile and CVs. You can also download a complete export of your data from Settings.
Right to Rectification
You can update your personal information, CV content, and profile details at any time through the platform.
Right to Erasure ("Right to be Forgotten")
You can permanently delete your account and all associated data from the Profile page. This deletes your profile, all CVs, subscription records, AI usage logs, and uploaded files.
Right to Data Portability
You can export all your data in JSON format from Settings, allowing you to transfer it to another service.
Right to Object
You can object to certain types of processing by contacting us. We will stop processing your data for those purposes unless we have compelling legitimate grounds.
Data Processing & Sub-processors
We use the following sub-processors:
| Service | Purpose | Location |
|---|---|---|
| Supabase | Auth, database, storage | EU (Frankfurt) |
| Anthropic | AI content generation | US |
| Stripe | Payment processing | US / EU |
| Vercel | Web hosting | Global (Edge) |
| PostHog | Product analytics | EU |
| Sentry | Error monitoring | US |
For data transferred to the US, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, and each provider's own GDPR compliance measures.
Data Protection Officer
For any GDPR-related inquiries, requests, or complaints, please contact us at privacy@tuelio.com.
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.