Privacy Policy

1. Data We Collect

We collect the following types of information:

• Session Technical Data: IP address, country/region, device type, browser information, session timestamps
• User-Provided Content: Personal information, work experience, education, skills, and other résumé content you submit via voice or text
• Payment Information: Processed and stored by Stripe Inc., not directly stored by us
• Usage Analytics: Service performance metrics and error logs (anonymized)

No Account Required: The service operates without user registration. Personal information is only collected during your active session.

2. Legal Basis for Processing (GDPR Article 6)

We process your data based on the following legal grounds:

• Contract Performance: To provide the résumé generation service you purchased
• Legitimate Interest: For service security, fraud prevention, and technical operations
• Consent: For optional data retention and AI model improvements (you may withdraw consent at any time)
• Legal Obligation: To comply with payment processing and tax requirements

3. How We Use Your Data

We use your information to:

• Generate and deliver your personalized résumé PDF
• Process payments through Stripe
• Provide customer support and handle service issues
• Ensure service security and prevent fraud
• Improve our AI models (only with explicit consent)
• Comply with legal obligations

Default Mode: Data is processed ephemerally and deleted immediately after service delivery unless you explicitly consent to retention.

4. AI Training and Model Improvement

Optional Consent: With your explicit permission, we may use anonymized and aggregated résumé content to improve our AI models.

• All personal identifiers are removed before any analysis
• Data is aggregated with thousands of other sessions
• You can opt out at any time by contacting us
• Opting out does not affect your service experience

5. Data Retention

• Default (No Consent): Data is deleted within 30 minutes of session completion
• With Consent: Anonymized data may be retained for up to 12 months for AI training
• Payment Records: Maintained by Stripe per their retention policies and legal requirements
• Legal Hold: Data may be retained longer if required by law or ongoing legal proceedings

6. Data Security

We implement comprehensive security measures:

• End-to-end encryption for all data transmission
• Secure cloud infrastructure with SOC 2 compliance
• Access controls and employee background checks
• Regular security audits and penetration testing
• Incident response procedures and breach notification protocols

7. International Data Transfers

Our servers are located in the United States. For users outside the US, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs): EU Commission-approved contracts for GDPR compliance
• Adequacy Decisions: Transfers to countries with adequate privacy protections
• Binding Corporate Rules: Internal data protection standards for our service providers

8. Data Breach Notification

In the event of a data breach that may affect your personal information:

• We will notify relevant supervisory authorities within 72 hours
• Affected users will be notified without undue delay if high risk is determined
• We will provide clear information about the breach and recommended actions
• Post-incident reports will be made available upon request

9. Your Privacy Rights

Depending on your location, you have the following rights:

10. Contact Us

For privacy-related questions, rights requests, or concerns:

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through our website and, where required by law, directly to affected users. The "Effective Date" at the top reflects when the current version became active.