Last updated: April 18, 2026
AboutStack is hosted at aboutstack.com. Some data must identify you so we can run your account (email, billing, CV content you enter). Where we measure traffic or site-wide trends, we use anonymised or aggregated techniques only — we do not sell personal data or use advertising trackers.
When you create an account: your email address, username, and the password you choose (stored as a one-way hash — we cannot see it).
When you use Google to sign in: your Google account email and display name, as shared by Google during authentication.
When you build your CV: the content you enter (job titles, employers, education, skills, etc.) and any photos you upload.
When you subscribe: Stripe handles your card details directly. We only store a Stripe customer ID — never your card number.
Automatically: your IP address (in server logs, retained for 30 days). When you use the logged-in app, we set strictly necessary cookies for your session and form security (see below) — not for advertising or cross-site tracking.
If you submit in-app feedback or a bug report while logged in: your message, optional page URL, browser user-agent string, account identifier, and timestamp — used only to respond and improve the product.
Your email: to send you account verification emails, password resets, and subscription notifications. Legal basis: contractual necessity.
Your CV content: to build and host your CV. Legal basis: contractual necessity.
Your GDPR consent timestamp: to prove you agreed to our terms and this policy. Legal basis: consent.
Feedback submissions: to operate support and improve AboutStack. Legal basis: legitimate interests (service improvement), and consent where applicable.
Your account data is kept until you delete your account. After deletion, your data is fully removed within 30 days.
Feedback records are kept only as long as needed for support and quality assurance, then deleted or aggregated so they no longer identify you.
You can download all your data at any time from your account settings.
You can delete your account at any time from your account settings. Deletion is permanent and processed within 30 days.
If you have questions, email aboutstack@gmail.com.
No tracking or advertising cookies. While you are signed in to the app at aboutstack.com, we use only strictly necessary cookies: a session cookie (keeps you logged in) and a CSRF cookie (protects forms). We do not load Google Analytics, advertising pixels, or third-party trackers in our page templates.
Public CV pages. When someone views a published CV, we do not set analytics or marketing cookies for that visit; see “Anonymous analytics” below for how we count views.
When someone views a public CV, we record a single anonymous page view. We do not set any cookie for this purpose, we do not use localStorage, and we do not run any third-party tracker.
To estimate unique visitors we compute a one-way hash of the visitor's IP address and user-agent combined with a server-side secret that rotates every 24 hours. The original IP address and user-agent are never stored — only the hash. Because the secret changes daily and the hash is bound to a single CV, the same person visiting tomorrow looks like a completely different visitor, and the same person viewing two different CVs cannot be linked.
We respect the DNT: 1 (Do Not Track) browser header: when it is sent, we skip the unique-visitor hash entirely and only increment an anonymous counter.
The raw pageview rows are deleted after 30 days. Only the aggregated daily counts (total views, unique visitors, top referring site) persist long-term so you can see your CV's traffic over time.
We compute site-wide, anonymised statistics about the kinds of content people put on their CVs — for example, how many people list a particular skill or job title. These aggregates are never per-user and never per-CV.
We apply a strict k-anonymity floor: any term that appears on fewer than 5 CVs is dropped, so no one can be singled out through an unusual entry. The resulting dataset contains no personal data and may be used internally for product decisions or shared with third parties as market-research insights.
Google Sign-In — If you authenticate with Google, Google processes your login according to its own terms and Privacy Policy. We receive only what Google sends to complete sign-in (such as email and name) and store it as part of your account.
Stripe — payment processing. Stripe's privacy policy applies to card data.
Cloudflare R2 — file storage for uploaded profile photos. Data stored in the EU.
We do not sell your personal data. We do not share it with advertisers.