Privacy Policy
This policy explains what personal data Resumease ("we", "us") collects, why, and the choices you have. It applies to the Resumease website and application (the "Service").
1. Data we collect
- Account data: email address, hashed authentication credentials (managed by Amazon Cognito), account creation date, and the policy versions you accepted with a timestamp.
- Career content: resumes, work history, cover letters, interview practice answers, chat messages, and job descriptions you paste in.
- Billing data: subscription status, plan, and invoice history. Card details are collected and stored by PayTabs, our payment processor — they never touch our servers.
- Support data: messages you send through the contact form.
- Technical data: IP address, browser type, and request logs used for security, rate limiting, and debugging.
2. How we use data
- To provide the Service: storing and rendering your resumes, generating AI output you request, and exporting PDFs.
- To process payments and manage access passes through PayTabs.
- To send transactional email: verification codes, password resets, billing receipts, and important account or policy notices.
- To secure the Service: authentication, fraud and abuse prevention, and rate limiting.
- To improve the product using aggregated, de-identified usage metrics.
We do not sell your personal data, and we do not use your content to train AI models. Content sent to our AI provider (AWS Bedrock) is used solely to generate your response.
3. Legal bases (GDPR)
Where the GDPR applies, we process data on these bases: contract(providing the Service you signed up for), legitimate interests (security, abuse prevention, product improvement), consent (optional analytics cookies, marketing email if you opt in), and legal obligation (tax and accounting records).
4. Sharing
We share data only with processors needed to run the Service:
- Amazon Web Services — hosting, authentication (Cognito), storage (DynamoDB, S3), and AI processing (Bedrock).
- PayTabs — payment processing.
We may also disclose data if required by law, or in a merger or acquisition (with notice to you). We never share your resume content with employers or data brokers.
5. Retention
- Account and career content: kept while your account is active.
- Account deletion: when you delete your account, your content and profile are permanently deleted within 30 days, except records we must keep for legal or accounting reasons (e.g., invoices).
- Server logs: retained for up to 90 days for security purposes.
6. Your rights
Depending on where you live (including under the GDPR and CCPA), you have the right to access, correct, export, delete, and restrict processing of your personal data, and to object to processing based on legitimate interests. You can exercise the core rights directly in the app:
- Export: download a full copy of your data from account settings.
- Deletion: permanently delete your account from account settings.
- Correction: edit your content and profile at any time.
For anything else, contact us via the contact page. You may also lodge a complaint with your local data-protection authority.
7. Security
Data is encrypted in transit (TLS) and at rest. Access is restricted by per-user authorization on every request and least-privilege infrastructure roles. See our security page for details and our responsible-disclosure process.
8. International transfers
Data is processed in AWS regions in the United States. Where data is transferred from the EEA/UK, we rely on our processors' standard contractual clauses and equivalent safeguards.
9. Children
The Service is not directed to children under 16, and we do not knowingly collect their data.
10. Changes
We will notify you by email or in-app notice of material changes to this policy at least 14 days before they take effect. The version date above reflects the current revision.
11. Contact
Privacy questions and requests: contact page, topic "General question".