← Back to ResumeAI

Privacy Policy

Last updated: May 26, 2026

1. Who We Are

ResumeAI ("we", "us", or "our") operates the ResumeAI web application at resumeai.app. We provide AI-powered resume tailoring, interview preparation, and job-search tools.

2. Information We Collect

  • Account data: Your name, email address, and (optionally) a hashed password when you sign up.
  • Resume & profile data: Resume PDFs you upload, and profile fields you fill in (phone, LinkedIn URL, salary preferences). This data powers the AI personalization features.
  • Usage data: Which features you use, how often, and when — used for plan enforcement and analytics.
  • Billing data: If you subscribe, Stripe processes your payment. We store only your Stripe customer ID — we never see your full card number.
  • Cookies: We use a single authentication cookie (resumeai_token, httpOnly, 7-day expiry) to keep you signed in. No tracking cookies.

3. How We Use Your Information

  • To generate tailored resumes and interview prep using OpenAI's GPT-4o API. Your resume text is sent to OpenAI's API; it is subject to OpenAI's privacy policy.
  • To send transactional emails (verification, billing receipts). We use Resend for email delivery.
  • To enforce plan limits and prevent abuse.
  • To improve the product through aggregate, anonymized analytics.

4. Data Sharing

We do not sell your personal data. We share it only with:

  • OpenAI — to process AI generation requests.
  • Stripe — to process payments.
  • Resend — to deliver transactional emails.
  • DigitalOcean / Cloudflare R2 — to store generated PDF files.
  • Law enforcement, when required by applicable law.

5. Data Retention

We retain your account data for as long as your account is active. Generated PDF files are stored for 24 hours via presigned URL, then inaccessible. You can delete your account at any time from the settings page, which permanently removes all your data.

6. Your Rights

You have the right to access, correct, or delete your personal data. Email privacy@resumeai.app and we will respond within 30 days. EU/UK residents also have the right to data portability and to lodge a complaint with your supervisory authority.

7. Security

Authentication tokens are stored in httpOnly cookies (not accessible to JavaScript). Passwords are hashed with bcrypt. All traffic is encrypted over HTTPS. We conduct periodic security reviews.

8. Changes to This Policy

We may update this policy. We will notify you by email and update the "Last updated" date above. Continued use after changes constitutes acceptance.

9. Contact

Questions? Email privacy@resumeai.app.