Security at CVStory

Last updated: August 17, 2025
Operator: Team.me Ltd · Shoken 23, Tel Aviv · team@teamme.io

Your CV, images, and video are personal. We design CVStory so your data stays private, secure, and under your control.

Our security principles (at a glance)

Encryption everywhere: TLS for data in transit; encrypted storage with reputable cloud providers.

Least-privilege access: Only the minimum services and staff can access production systems.

Private by default: Your CVStory pages are unlisted until you choose to share.

Deletion on request: You can remove content anytime; account data is purged within stated timelines.

No payments in beta: We're currently in free beta—no card data is collected or stored.

Data encryption

We enforce HTTPS/TLS for all traffic between your device and our servers.

Stored data (CVs, images, video, and derived thumbnails/transcodes) is kept on encrypted storage provided by our cloud vendors.

Hosting & infrastructure

CVStory runs on reputable, security-focused cloud platforms with physical security, network isolation, and continuous patching.

We separate environments (dev/staging/production) and keep secrets in managed secure stores.

Access controls & auditing

Production access is limited to authorized personnel using strong authentication and least-privilege roles.

Administrative actions are logged and reviewed periodically.

Account security

  • Passwords are hashed and salted; we never store them in plain text.
  • Sessions automatically expire after periods of inactivity.
  • We recommend using a unique, strong password for CVStory.

Content privacy & sharing

Your content is private by default.

When you choose to share a CVStory link, anyone with that link can view the shared page. You can unshare at any time by disabling the link or removing the content.

Data retention & deletion

Delete any item (CV, image, video) from within your account to remove it from public access immediately.

When you close your account, we delete or anonymize personal data within 30 days (some backups may persist for a limited time before automatic purge).

Backups & continuity

We maintain regular encrypted backups to help recover from data loss events.

We design for fault tolerance and monitor uptime and performance.

Sub-processors

We use a small number of vetted vendors to run CVStory (e.g., cloud hosting/CDN, email delivery, analytics, error monitoring).

Vendors only process data as necessary to provide their service and are bound by data-processing terms.

A current list is available on request: team@teamme.io.

Responsible disclosure

Security researchers: if you believe you've found a vulnerability, please email team@teamme.io with details and steps to reproduce.

Don't access other users' data, disrupt the service, or run automated scans.

We'll acknowledge receipt promptly and keep you updated as we investigate and remediate.

Compliance & privacy

We follow privacy practices aligned with major regulations (e.g., GDPR/CCPA principles).

For data rights requests (access, deletion, portability), contact team@teamme.io.

What we don't do (beta)

  • We do not collect or store payment card data during free beta.
  • We don't sell personal data.
  • We don't make your content public unless you explicitly share a link.

Changes to this page

We may update this page as our security program evolves. Material changes will be reflected here with an updated date.

Questions about security? Contact our team at team@teamme.io for more information about our security practices.