Privacy Policy

Resuma ("we", "our", or "us") is operated by Resuma. This Privacy Policy explains how we collect, use, store, and share your personal information when you use the Service.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the Service.

We collect the following categories of personal data:

Account information When you sign up, we collect your name, email address, profile photo if you use Google Sign-In, and authentication provider.

Resume and job description content When you use the resume builder, we temporarily store the resume text and job description you provide in order to generate Precision Alignment or AI Enhancement output. This content is stored in our database linked to your account.

Payment information When you subscribe to a paid plan, payment is processed by Razorpay. We store a record of your subscription plan, payment status, and Razorpay order or payment IDs. We do not store your card number, CVV, or bank account details.

Usage data We collect information about how you use the Service, including features used, generation history, and export activity. This is used to improve the product and track your credit or subscription usage. If you accept optional measurement, we also collect product analytics events such as resume generation, export, file upload, and account activity — sent to PostHog.

Behavioural and analytics data If you accept optional measurement, we collect pageview data, session information, traffic source and UTM attribution, and Core Web Vitals performance metrics. This data is processed by PostHog and Vercel Analytics. If you reject optional measurement, none of this data is collected.

Technical data We may collect your IP address, browser type, device type, and pages visited for security, analytics, and fraud prevention.

We use your data for the following purposes:

• To provide and operate the Service
• To process payments and manage subscriptions via Razorpay
• To authenticate your identity via Google OAuth or email and password
• To send transactional emails such as account confirmation, payment receipts, and subscription updates
• To analyse product usage, measure feature engagement, and improve the Service — using PostHog and Vercel Analytics only when you choose to allow optional measurement
• To prevent fraud, abuse, and unauthorized access
• To comply with applicable laws and legal obligations

We do not use your resume content or job descriptions for training AI models. Your content is sent to Anthropic's API solely to generate your resume.

We share data with the following third-party processors to operate the Service:

Anthropic (Claude AI) Your resume text and job description are sent to Anthropic's API to generate Precision Alignment or AI Enhancement output. We do not send your name, email, or account information to Anthropic.

Razorpay Payment processing for paid subscriptions is handled by Razorpay. We receive payment confirmation and subscription status only. Razorpay Checkout may use cookies or similar browser storage during the payment flow.

Google (OAuth) If you sign in with Google, Google shares your name, email, and profile photo with us under Google's OAuth consent.

Supabase Our database and file storage are hosted on Supabase. Your account data, generation history, and uploaded files are stored on Supabase infrastructure.

PostHog We use PostHog for product analytics and web analytics. If you accept optional measurement, PostHog receives event data describing your activity in the Service (for example: pages visited, resume generated, file uploaded, resume copied, Core Web Vitals metrics). If you are signed in, events are associated with your account using an internal identifier so that server-side and client-side events can be merged into a single user timeline. PostHog is operated by PostHog, Inc. and data may be processed in the United States. See PostHog's privacy policy at posthog.com/privacy.

Vercel Analytics and Speed Insights We use Vercel Analytics and Vercel Speed Insights to collect aggregated page performance and traffic data. These tools are loaded only if you accept optional measurement. Data is processed by Vercel, Inc. in the United States.

We do not sell your personal data to any third party.

We retain your data for as long as your account is active or as needed to provide the Service.

• Account data: Retained until you delete your account
• Generation history: Retained according to the product's active history policies and system retention settings
• Uploaded resume files: Deleted from storage after processing. Raw files are not retained long-term
• Payment records: Retained as required by applicable tax and accounting regulations
• Analytics data (PostHog, Vercel): Retained according to the data retention settings of those processors. PostHog retains event data for 7 years by default; you may contact PostHog directly to request deletion of your analytics data

When you delete your account, personal data is permanently deleted within a reasonable operational period, except where retention is required by law.

Depending on your location, you may have the following rights regarding your personal data:

All users - Access your personal data - Correct inaccurate data - Request deletion of your account and associated data - Request a copy of your generation history in a structured format

EU/EEA users - Right to object to processing - Right to restrict processing - Right to lodge a complaint with your local supervisory authority

California users - Right to know what personal information is collected - Right to opt out of sale of personal information. We do not sell data - Right to non-discrimination for exercising your rights

To exercise any of these rights, contact us through the support channels provided in the Service.

We use the following cookies and browser storage technologies:

• Authentication cookies: Used to keep you logged in, refresh your session, and secure authenticated routes
• Consent cookie: Used to remember whether you accepted or rejected optional measurement
• PostHog analytics storage: If you accept optional measurement, PostHog stores a distinct identifier and session state using cookies and localStorage (keys prefixed with ph_). This is used to track pageviews, session continuity, and product events. PostHog does not create person profiles for visitors who have not signed in.
• Vercel Analytics: If you accept optional measurement, Vercel Analytics may use cookies or similar storage to measure page traffic and performance.
• Payment-related storage: Razorpay may set cookies or similar browser storage during the checkout process
• Session storage: We use the browser session storage key user:shell:v1 to cache a lightweight user profile shell for the current tab session on protected routes

We do not use advertising cookies or sell data to ad networks. For more detail, see our Cookie Policy.

We implement industry-standard security measures to protect your data:

• All data is transmitted over HTTPS/TLS encryption
• Passwords are stored securely through the authentication provider and never in plain text
• Database access is restricted so users can access only their own data
• Private file storage and authenticated access controls protect stored content
• API keys and secrets are never exposed client-side
• Payment data is handled entirely by Razorpay's infrastructure

Despite these measures, no system is completely secure. We cannot guarantee absolute security of your data.

The Service is not directed at children under the age of 13, or 16 in the EU/EEA. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Resuma is operated from India. If you access the Service from outside India, your data may be transferred to and processed in India and in the countries where our third-party processors operate.

By using the Service, you consent to this transfer. We ensure our third-party processors maintain appropriate safeguards for international data transfers.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we may notify you by email or by displaying a notice in the Service.

Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

If you have questions, requests, or complaints about this Privacy Policy or how we handle your data, please contact us through the support channels provided in the Service.

We aim to respond to privacy-related inquiries within 30 days.