Privacy Policy
Effective date: March 12, 2026 · Version 1.1
1. Introduction
[PLACEHOLDER — Company Legal Name] ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered career management platform (the "Service").
By using the Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
2. Information we collect
2.1 Information you provide
We collect information you voluntarily provide when using our Service:
- Account information: email address, password (stored hashed), name, profile picture.
- Resume data: work history, education, skills, certifications, contact information, and other professional details extracted from uploaded resumes (PDF, DOCX, DOC, or TXT, up to 5 MB).
- Career information: job titles, employers, dates of employment, achievements, education history.
- Job-search data: jobs you save, track, or apply to; job preferences and search criteria.
- Communication data: messages to our support team, feedback, and survey responses.
- Payment information: billing address and payment method details (processed securely by Stripe).
2.2 Information collected automatically
When you use our Service, we automatically collect:
- Device information: browser type, operating system, device type, screen resolution.
- Usage data: pages visited, features used, time spent, click patterns.
- Log data: IP address, access times, referring URLs.
- Cookies: session identifiers, preferences, analytics data.
2.3 Information from third parties
We may receive information from:
- Social login providers: if you sign in with Google or other social accounts, we receive your basic profile information.
- Job boards: when you import jobs, we fetch publicly available job listing information.
3. How we use your information
We use your information for the following purposes:
3.1 Service delivery
- Parse and extract information from uploaded resumes.
- Generate tailored resumes and cover letters using AI.
- Conduct skill discovery interviews.
- Track job applications and provide career insights.
- Calculate ATS optimization scores.
3.2 Account management
- Create and manage your account.
- Process payments and manage subscriptions.
- Send transactional emails (confirmations, receipts, security alerts).
3.3 Improvement and analytics
- Analyze usage patterns to improve the Service.
- Develop new features based on user behavior.
- Debug and fix technical issues.
- Measure aggregate, pseudonymized product analytics.
3.4 Communication
- Respond to your inquiries and support requests.
- Send product updates and feature announcements (with your consent).
- Notify you of important changes to our Service or policies.
3.5 Legal and security
- Comply with legal obligations.
- Prevent fraud and abuse.
- Protect the security of our Service and users.
3.6 AI data processing
When you use our AI-powered features, your data is processed by third-party AI model providers:
- Resume generation and cover letters: your career profile data (work history, skills, education) and target job descriptions are sent to Google Gemini to generate tailored documents. This data is processed in real time.
- Resume parsing: when you upload a resume, its text content is sent to our configured AI model (Google Gemini) for structured data extraction.
- Company and role research: job titles and company names are used to perform web lookups via Firecrawl and to generate intelligence reports with Google Gemini.
4. Data sharing and disclosure
We do not sell your personal information. We may share your data in the following circumstances:
4.1 Service providers
We share data with trusted third-party service providers who assist in operating our Service:
| Purpose | Provider | Data shared |
|---|---|---|
| Cloud hosting & file storage | Amazon Web Services (S3) | All application data and uploaded files (encrypted at rest) |
| Payments | Stripe | Email, billing address, payment method details |
| AI generation & parsing | Google (Gemini) | Career profile data, job descriptions, resume content |
| Web research | Firecrawl | Company and role lookups (job titles, company names) |
| Analytics | PostHog | Usage events, feature interactions (pseudonymized) |
| Error monitoring | Sentry | Error logs, stack traces, diagnostics (no personal content) |
| Transactional email | Amazon SES | Email address, email content |
4.2 Legal requirements
We may disclose your information if required by law or in response to:
- Court orders, subpoenas, or legal process.
- Government or regulatory requests.
- Protection of our legal rights.
- Investigation of potential violations of our Terms.
4.3 Business transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and your choices regarding your information.
4.4 With your consent
We may share your information for other purposes with your explicit consent.
5. Data security
We implement robust security measures to protect your data:
- Encryption: all data is encrypted in transit (TLS/SSL) and at rest.
- Access controls: strict access controls and authentication for all systems.
- Regular audits: periodic security assessments and vulnerability testing.
- Secure infrastructure: industry-standard cloud security practices.
- Employee training: security awareness training for all team members.
While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections.
6. Data retention
We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy:
| Data type | Retention | Deletion trigger |
|---|---|---|
| Account data | Until deletion (+ 30-day grace period) | Account deletion (Settings → Delete account) |
| Resumes, cover letters, career profile | Until deleted | Deleted with account or individually by user |
| Job-tracking data | Until deleted | Deleted with account or individually by user |
| Analytics and usage data | ~24 months | Automatic expiration |
| Payment and billing records | ~7 years (legal requirement) | Automatic expiration |
| Server logs | ~90 days | Automatic rotation |
You may request deletion of your data at any time through your account settings (Settings → Delete account) or by contacting support. Account deletion requests are processed after a 30-day grace period during which you can cancel the request.
7. Your rights
Depending on your location, you may have the following rights regarding your personal data:
Access
Request a copy of the personal data we hold about you.
Correction
Request correction of inaccurate or incomplete data.
Deletion
Request deletion of your personal data (right to be forgotten).
Portability
Receive your data in a structured, machine-readable format.
Restriction
Request limitation of processing of your data.
Objection
Object to processing based on legitimate interests.
GDPR rights (EU/EEA residents)
If you are in the European Economic Area, you have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.
CCPA rights (California residents)
California residents have the right to:
- Know what personal information is collected.
- Know whether personal information is sold or disclosed and to whom.
- Say no to the sale of personal information (we do not sell data).
- Access your personal information.
- Request deletion of personal information.
- Not be discriminated against for exercising these rights.
To exercise any of these rights, please contact us at privacy@resumello.com or through your account settings.
9. Children's privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.
10. International data transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your country.
When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission.
- Compliance with applicable data protection frameworks.
- Vendor agreements with appropriate data protection provisions.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last updated" date at the top of this page.
- For significant changes, we will notify you via email or prominent notice.
- We encourage you to review this policy periodically.
Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.
12. Contact us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Privacy inquiries:
- privacy@resumello.com
- Data Protection Officer:
- [PLACEHOLDER — DPO contact]
- General support:
- support@resumello.com
- Mailing address:
- [PLACEHOLDER — Registered Address]
Version history
| Version | Date | Changes |
|---|---|---|
| 1.1 | March 12, 2026 | Added AI data processing disclosure, named third-party processors, specific data retention schedule, version history. |
| 1.0 | February 1, 2026 | Initial privacy policy. |