CVCVDar

Privacy Policy

Last updated: June 2026

Data We Collect

  • Account info: Email address and display name (via Supabase Auth)
  • Usage data: Search queries, HTS classifications, and favorites
  • Session data: Authentication cookies for keeping you signed in

How We Use Your Data

  • Provide and improve our HTS classification and duty calculation services
  • Authenticate your account and manage subscriptions
  • Send notifications about duty rate changes (if you opt in)
  • Aggregate anonymous usage analytics to improve the product

Third-Party Services

  • Supabase: Authentication and database hosting (United States)
  • Stripe: Payment processing for Pro/Team plans (PCI DSS compliant)
  • DeepSeek: AI HTS classification (queries do not include personal data)
  • Plausible Analytics: Privacy-first, cookie-free web analytics
  • Sentry: Error monitoring (no personal data collected)

Cookie Policy

CVDar uses only essential cookies for authentication (session tokens via Supabase). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Our analytics are powered by Plausible, which is fully compliant with GDPR, CCPA, and PECR without requiring a cookie banner. Plausible does not use cookies or localStorage and collects no personally identifiable information.

Data Retention

  • Account data: Retained until account deletion. Deleted within 30 days of request.
  • Search history & favorites: Retained with your account. Deletable at any time from your dashboard.
  • Analytics data: Aggregated and anonymized. Retained for 12 months maximum.
  • Payment records: Retained as required by law and Stripe's requirements.

GDPR Compliance (EU Users)

If you are a resident of the European Union, you have the following rights under GDPR:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Portability: Export your data in a machine-readable format
  • Right to Object: Object to processing of your data
  • Right to Withdraw Consent: Withdraw consent at any time

CCPA Compliance (California Users)

If you are a California resident, you have the following rights under CCPA:

  • Right to Know: Know what personal data is collected and how it is used
  • Right to Delete: Request deletion of your personal data
  • Right to Opt Out: Opt out of the sale of personal data (we do not sell your data)
  • Right to Non-Discrimination: Exercise your rights without discriminatory treatment

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

Data Breach Notification

In the event of a data breach that may affect your personal data, we will notify affected users within 72 hours via email, in compliance with GDPR Article 33. Notifications will include the nature of the breach, data affected, and steps you can take to protect yourself.

Children's Privacy

CVDar is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Your Rights

You may request access to, deletion of, or export of your personal data at any time by contacting hello@cvdar.com. We will respond to all requests within 30 days.

Contact

Privacy-related questions or requests: hello@cvdar.com