← Back to blog
EN | ES | PT
· Daniel Zambrano

Why Your Personal Information Matters More Than You Think When Building a CV

CV builders collect far more than your name and email. Your full address, employment history, date of birth, national ID number, and even your references' contact details all end up on third-party servers — often stored in plaintext, sold to recruiters, or used to train AI. Choosing a CV tool that encrypts your data, truly deletes it when asked, and never sells it is essential.

You're about to upload your CV to a website. It has your full name, email, phone number, and maybe your home address. It has your employment history — the companies you've worked for, the titles you've held, the dates you started and left. Maybe even your date of birth, a photo, or the name and number of a reference.

Have you thought about where that goes?

Most people haven't. You're in job-search mode, you're moving fast, and the CV builder looks professional enough. You hand over your details and get on with it.

That's understandable. But it's worth pausing for a minute.

What CV builders actually collect

The obvious stuff: your name, email, phone number. That's what most people think they're sharing.

But a CV contains much more. Think about what's actually in there:

  • Your home address — sometimes your full street address
  • Your employment history — every company you've worked for, every role, every departure date
  • Your education — schools, degrees, graduation years
  • Your date of birth (common in AU, DE, JP, and other markets)
  • National ID numbers in some country formats (Aadhaar in India, for example)
  • A professional photo — in many European and Asian markets
  • References — including the names, job titles, emails, and phone numbers of other people who haven't consented to anything

That's a lot. And when you upload it to a CV builder, every piece of that information lives somewhere on someone's server.

Where it usually goes wrong

The scary story is hackers breaking in and stealing your data. That happens, but it's not the main issue. The mundane version is more common and harder to notice.

Here's what actually tends to happen:

  • Data sold to recruiters. Your CV is valuable to staffing agencies and headhunters. Some platforms fund themselves by selling aggregated or individual candidate data. The terms of service you didn't read probably allowed it.
  • Used to train AI. Your career history, your phrasing, your achievements — if you agreed to broad terms, your CV may have become training data for the platform's AI model. Or someone else's.
  • Retained after deletion. You deleted your account. But "deleted" often means "soft deleted" — the record is hidden from you but still exists in the database, in backups, in analytics systems.
  • Shared with "partners". That vague phrase in the privacy policy covers a lot of ground. It can mean advertising platforms, analytics tools, integration partners, or subsidiaries you've never heard of.
  • Sitting in plaintext. Smaller platforms often store uploaded documents without encryption. If there's ever a breach, your data goes out in readable form.

None of this requires malicious intent. It's just what happens when data collection is the default and deletion is an afterthought.

What to look for in a CV builder

You don't have to stop using CV tools. You just want to use ones that treat your data with some respect. Here's a practical checklist:

  • Can you delete your data completely? Not "deactivate your account" — actually delete it. Everything. What does that process look like?
  • Is your personal information encrypted? Specifically: is it encrypted at rest, and is it encrypted in a way that means the platform itself can't read it?
  • Do they sell data to third parties? Read the privacy policy. Look for "partners", "affiliates", "third-party services". If it's vague, assume the worst.
  • What happens after you cancel? Is there a retention period? How long do they keep your data after you're gone?
  • Do they train AI on your CVs? Some platforms explicitly say they don't. Most stay silent. Silence isn't a guarantee.

If a platform can't answer these questions clearly in their privacy policy, that's a signal.

How QuillCV approaches this

We're not going to pretend we're perfect, but here's how we've built this:

  • Personal details are encrypted with your password. We use your password to derive an encryption key for your PII. That means we store an encrypted blob — we literally cannot read your name, address, or phone number. If you forget your password, that data is gone. That's a feature, not a bug.
  • Delete means delete. When you delete your account or your data, it's gone. No 30-day retention window, no soft-delete that lingers in the database. Gone.
  • We don't sell your data. Your CV exists to help you land a job. That's the only use. We don't sell it, share it with recruiters, or use it to train AI models.
  • You can export and leave. You own your data. You can export everything and take it with you. No lock-in.

We built these things because we'd want them ourselves. Not because of a legal requirement, but because it's the right way to handle someone's professional story.

Your CV is your professional story

It represents years of work, decisions, growth. The tools you use to tell that story should respect what they're holding. A bit of diligence before you upload goes a long way — not because every platform is malicious, but because your data has real value and deserves to be treated that way.

Ask the questions. Read the privacy policy (or at least search for "sell" and "train"). Pick tools that can tell you clearly what they do with what you give them.

You've put a lot of work into your career. Make sure the tools you use to share it are worthy of it.