Privacy Policy

1. Information We Collect

1.1 Personal Information. When you register for an account, subscribe to a plan, or otherwise interact with the Service, we may collect personal information that identifies you as an individual. This includes but is not limited to your full legal name, email address, telephone number, postal address, date of birth, professional title, employer name, educational background, LinkedIn profile URL, portfolio website URL, and any other information you voluntarily provide during the registration process or through the use of the Service. We may also collect payment-related information such as billing address, transaction identifiers, and subscription plan details, though we do not directly store credit card numbers, debit card numbers, or banking credentials, as those are processed by our third-party payment processor, Razorpay. We reserve the right to request additional identifying documentation where we deem it necessary for account verification, fraud prevention, or compliance with applicable laws and regulations.

1.2 Resume and Professional Data. The core functionality of the Service involves the collection, processing, and generation of resume content. When you use the Service, we collect and store the resume data you input, upload, or that is generated by our AI systems on your behalf. This includes but is not limited to work experience details, educational qualifications, skills and competencies, certifications, professional achievements, project descriptions, volunteer work, languages spoken, references, and any other professional or personal details you choose to include in your resume. If you upload a LinkedIn PDF export or a previously created resume document, we extract and process the textual content contained therein. We also store version histories of your resumes, template selections, design preferences, and ATS (Applicant Tracking System) scores generated by our algorithms. All resume data is stored as structured JSON objects in our database and may be cached temporarily for performance optimization purposes. We reserve the right to anonymize and aggregate resume data for the purposes of improving our AI models, conducting research, and enhancing the overall quality of the Service, provided that such anonymized data cannot reasonably be used to identify any individual user.

1.3 Device and Technical Information. When you access the Service, we automatically collect certain technical information about your device and browsing session. This includes your Internet Protocol (IP) address, browser type and version, operating system and version, device type and model, screen resolution, unique device identifiers, referring URL, pages visited within the Service, time spent on each page, click patterns, scroll depth, features used, the date and time of your visit, and other diagnostic data. We collect this information through server logs, cookies, web beacons, pixel tags, and similar tracking technologies. This information is used to ensure the proper functioning of the Service, to diagnose technical issues, to prevent fraud and abuse, and to analyze usage patterns for the purpose of improving the user experience. We reserve the right to link this technical information with your personal information where necessary for security, analytics, or service improvement purposes.

1.4 Cookies and Local Storage. The Service uses cookies, local storage, and session storage to maintain your session state, remember your preferences, and provide a seamless user experience. Essential cookies are required for the basic functionality of the Service, including authentication and session management. Analytics cookies help us understand how users interact with the Service so we can improve it. Preference cookies store your settings such as language preference, theme selection, and display options. We may also use third-party cookies from services such as Google Analytics, Vercel Analytics, and other analytics providers. You may configure your browser to reject cookies, but doing so may impair or disable certain features of the Service. By continuing to use the Service with cookies enabled, you consent to our use of cookies as described in this Policy.

1.5 Information from Third-Party Sources. We may receive information about you from third-party sources, including but not limited to identity verification services, credit reporting agencies (solely for fraud prevention purposes), social media platforms (if you choose to link your account), public databases, marketing partners, and other users who may provide your information as a reference or through collaborative features of the Service. If you connect your account with a third-party service, we may receive information from that service as permitted by your privacy settings on that platform. We reserve the right to combine information received from third-party sources with other information we collect about you for the purposes described in this Policy.

1.6 Communications Data. When you contact us via email, through our support channels, or through any in-app communication features, we collect and retain the content of those communications, including any attachments, along with your email address, the date and time of the communication, and any other metadata associated with the communication. We may use this information to respond to your inquiries, resolve technical issues, improve the Service, and for training and quality assurance purposes. We reserve the right to monitor and review communications for compliance, security, and quality purposes to the extent permitted by applicable law.

2. How We Use Your Information

2.1 Service Delivery and Operation. We use the information we collect to provide, maintain, operate, and improve the Service. This includes processing your resume data through our AI generation pipeline, rendering resume templates, calculating ATS compatibility scores, generating cover letters, performing job-match analysis, managing your account and subscription, processing payments, delivering PDF exports, managing public share links, and providing customer support. Your personal information is used to authenticate your identity, manage your account settings, communicate with you about your account or the Service, and personalize your experience. We reserve the right to use your information for any purpose that is reasonably necessary for the provision and improvement of the Service.

2.2 AI Processing and Content Generation. When you use our AI-powered features, including resume generation, cover letter generation, and job-match analysis, your input data is transmitted to Google Gemini (formerly known as Google Bard/PaLM) API for processing. Google may process this data in accordance with its own privacy policy and terms of service. We send the minimum amount of data necessary to generate the requested output, and we do not store your data on Google's servers beyond the duration of the API request. The AI-generated content is returned to our servers and stored in your account. We reserve the right to use anonymized and aggregated AI interaction data to improve our prompts, fine-tune our algorithms, and enhance the quality of AI-generated outputs for all users.

2.3 Analytics, Research, and Improvement. We use the information we collect to analyze usage patterns, identify trends, measure the effectiveness of our features, conduct A/B testing, perform statistical analysis, and otherwise improve the Service. This may include analyzing which templates are most popular, which AI generation parameters produce the best results, how users navigate the editor interface, which features are most used, and other similar analyses. We may publish or share aggregated, anonymized statistical data about our user base and their usage of the Service, provided that such data cannot reasonably be used to identify any individual user. We reserve the right to conduct research using anonymized user data and to publish the results of such research for academic, commercial, or informational purposes.

2.4 Communications and Marketing. We may use your email address and other contact information to send you transactional communications related to your account, such as account confirmations, password reset emails, subscription renewal notices, payment receipts, and service updates. We may also send you promotional communications about new features, special offers, events, or other information we think may be of interest to you. You may opt out of promotional communications at any time by clicking the unsubscribe link in any promotional email or by adjusting your notification preferences in your account settings. Please note that even if you opt out of promotional communications, we will continue to send you transactional communications related to your account and use of the Service. We reserve the right to send you important service-related notices, including security alerts, policy updates, and changes to the Service, regardless of your communication preferences.

2.5 Legal Compliance and Protection. We may use and disclose your information as we believe necessary or appropriate to comply with applicable laws, regulations, legal processes, or governmental requests; to enforce our Terms and Conditions and other agreements; to protect our rights, privacy, safety, or property, and/or that of our affiliates, users, or others; to detect, prevent, or otherwise address fraud, security, or technical issues; and to respond to lawful requests from public authorities, including national security or law enforcement agencies. We reserve the right to cooperate with law enforcement agencies and regulatory authorities in the investigation of suspected illegal activity, including providing user information when required by law or when we have a good faith belief that such disclosure is necessary.

3. Data Processing and Sub-processors

3.1 Sub-processors. We engage the following categories of third-party sub-processors to assist in providing the Service: (a) cloud infrastructure providers for hosting and data storage; (b) AI and machine learning service providers for content generation; (c) payment processors for transaction handling; (d) analytics providers for usage analysis; (e) email service providers for transactional and marketing communications; and (f) content delivery networks for performance optimization. Each sub-processor is contractually obligated to process your data only in accordance with our instructions and to maintain appropriate security measures. We reserve the right to engage additional sub-processors as necessary for the operation and improvement of the Service, and we will update this Policy to reflect any material changes to our sub-processor arrangements.

3.2 Google Gemini API. Resume content, cover letter prompts, and job descriptions submitted for AI processing are transmitted to Google's Gemini API endpoints. Google processes this data in its data centers, which may be located in various jurisdictions worldwide. We use the Gemini 2.0 Flash model for content generation. Google's handling of API data is governed by its Cloud Data Processing Addendum and applicable terms of service. We do not permit Google to use your data for training its general-purpose AI models through our API usage, as stipulated in our API terms. However, Google may retain API request logs for a limited period as described in its privacy documentation. We reserve the right to switch to alternative AI providers or models if we determine it is in the best interest of the Service and its users.

3.3 Supabase. We use Supabase as our primary backend infrastructure provider for database hosting (PostgreSQL), user authentication, file storage, and real-time subscriptions. Your personal information, resume data, account credentials (hashed), and uploaded files are stored on Supabase's infrastructure, which is hosted on Amazon Web Services (AWS) in the Asia-Pacific (Singapore) region (ap-southeast-1). Supabase implements row-level security (RLS) policies to ensure that users can only access their own data. Supabase's data handling is governed by its Data Processing Agreement and Privacy Policy. We reserve the right to migrate to alternative infrastructure providers if necessary for operational, security, or performance reasons.

3.4 Vercel. Our frontend application is hosted on Vercel's edge network. Vercel processes HTTP requests, serves static assets, executes serverless API functions, and may cache content at edge locations worldwide for performance optimization. Vercel collects server logs, including IP addresses, request headers, and response metadata. Vercel Analytics, if enabled, collects anonymized performance and usage data. Vercel's data handling is governed by its Privacy Policy and Data Processing Agreement. We reserve the right to engage additional hosting providers or content delivery networks as necessary.

4. Data Storage and Security

4.1 Storage Location. Your data is primarily stored on servers located in the Asia-Pacific (Singapore) region, operated by Amazon Web Services through our Supabase infrastructure. Certain data may also be processed or cached at edge locations operated by Vercel in various jurisdictions worldwide. Backup copies of your data may be stored in additional geographic locations for disaster recovery purposes. We reserve the right to change the geographic location of our data storage facilities as necessary for operational, legal, or business reasons, provided that we maintain appropriate safeguards for the protection of your data.

4.2 Security Measures. We implement industry-standard technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include but are not limited to: encryption of data in transit using TLS 1.2 or higher; encryption of data at rest using AES-256 encryption; secure hashing of passwords using bcrypt with appropriate salt rounds; row-level security (RLS) policies enforced at the database level; server-side session validation for all authenticated requests; rate limiting and request throttling to prevent abuse; regular security audits and vulnerability assessments; access controls limiting employee and contractor access to personal data on a need-to-know basis; and monitoring systems to detect and respond to potential security incidents. We reserve the right to implement additional security measures as we deem necessary and to modify existing measures to address emerging threats. Notwithstanding the foregoing, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee the absolute security of your information.

4.3 Data Breach Notification. In the event of a data breach that results in unauthorized access to, or disclosure of, your personal information, we will notify you in accordance with applicable law. Where required, we will also notify the relevant supervisory authority. Our breach notification will include, to the extent known, the nature of the breach, the categories and approximate number of individuals affected, the likely consequences of the breach, and the measures taken or proposed to be taken to address the breach and mitigate its adverse effects. We reserve the right to determine the method and timing of such notification in compliance with applicable law, taking into account legitimate law enforcement needs and any measures necessary to determine the scope of the breach and to restore the integrity of our systems.

5. Third-Party Services

5.1 Payment Processing — Razorpay. All payment transactions are processed through Razorpay Software Private Limited ("Razorpay"). When you subscribe to a paid plan or make any payment through the Service, your payment information is transmitted directly to Razorpay's secure servers. We do not receive, process, or store your complete credit card number, debit card number, bank account number, or UPI PIN. We receive only transaction confirmation details, including a unique transaction identifier, the payment amount, currency, payment status, and a truncated card number or payment method identifier for your reference. Razorpay is a PCI DSS Level 1 certified payment processor. Razorpay's handling of your payment information is governed by its Privacy Policy and Terms of Use, which are available at razorpay.com. We reserve the right to change our payment processor at any time and will update this Policy accordingly.

5.2 Google Services. We use Google Gemini API for AI-powered content generation as described in Section 3.2. We may also use Google Analytics for website traffic analysis, Google Fonts for typography rendering, and Google reCAPTCHA for bot detection and abuse prevention. Each of these Google services may collect certain data in accordance with Google's Privacy Policy. You can learn more about how Google uses data by visiting google.com/policies/privacy. We reserve the right to integrate additional Google services as necessary for the operation and improvement of the Service.

5.3 Other Third-Party Services. The Service may contain links to, or integrations with, third-party websites, services, or applications that are not owned or controlled by us. This Policy does not apply to the practices of third parties that we do not own or control, or to individuals that we do not employ or manage. We encourage you to review the privacy policies of any third-party services you access through the Service. We are not responsible for the privacy practices, content, or security of any third-party websites or services. We reserve the right to add, remove, or modify third-party integrations at any time without prior notice.

6. Cookies and Tracking Technologies

6.1 Types of Cookies. We use the following categories of cookies and similar tracking technologies: (a) Strictly Necessary Cookies — these are essential for the operation of the Service, including session management, authentication tokens, CSRF protection, and load balancing. These cookies cannot be disabled without impairing the functionality of the Service. (b) Performance and Analytics Cookies — these collect information about how you use the Service, including which pages you visit most often, which features you use, and any error messages you encounter. This information is used to improve the Service and is typically aggregated and anonymized. (c) Functionality Cookies — these remember your preferences and settings, such as language preference, theme selection, and display options, to provide a personalized experience. (d) Targeting and Advertising Cookies — we may use these cookies to deliver content and advertisements that are relevant to your interests. These cookies may be set by us or by third-party advertising partners. We reserve the right to introduce additional cookie categories as the Service evolves.

6.2 Managing Cookies. Most web browsers allow you to manage your cookie preferences through the browser settings. You can set your browser to refuse cookies, to alert you when cookies are being sent, or to delete cookies that have already been set. Please note that if you choose to disable or delete cookies, some features of the Service may not function properly or may become unavailable. For more information about cookies and how to manage them, you can visit allaboutcookies.org. We reserve the right to use alternative tracking technologies that serve similar purposes to cookies, subject to applicable law and this Policy.

7. Your Rights Regarding Your Personal Data

7.1 Right of Access. You have the right to request confirmation as to whether we are processing your personal data and, if so, to request access to that data. You may access and review most of your personal information through your account settings and dashboard. For information that is not accessible through the Service interface, you may submit a written request to our Data Protection Officer at the contact details provided below. We reserve the right to verify your identity before processing any access request and to charge a reasonable administrative fee for requests that are manifestly unfounded, excessive, or repetitive.

7.2 Right to Rectification. You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data concerning you. You may update most of your personal information directly through the Service interface. For corrections that cannot be made through the interface, you may submit a written request to us.

7.3 Right to Erasure. You have the right to request the deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected, when you withdraw your consent (where consent is the legal basis for processing), when you object to the processing and there are no overriding legitimate grounds, or when the data has been unlawfully processed. You may delete your account and all associated data through the Settings page of the Service. Please note that we may retain certain information as required by law, for legitimate business purposes, or to protect our legal rights. We reserve the right to retain anonymized and aggregated data derived from your personal data even after account deletion.

7.4 Right to Data Portability. You have the right to receive your personal data in a structured, commonly used, and machine-readable format (JSON) and to transmit that data to another controller. You may export your resume data at any time through the Service interface. We will endeavor to provide your data in a format that is compatible with commonly used resume management systems, though we cannot guarantee compatibility with all third-party systems.

7.5 Right to Restriction of Processing. You have the right to request the restriction of processing of your personal data in certain circumstances, including when you contest the accuracy of the data, when the processing is unlawful and you oppose erasure, when we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or when you have objected to the processing pending verification of whether our legitimate grounds override yours.

7.6 Right to Object. You have the right to object to the processing of your personal data on grounds relating to your particular situation, where the processing is based on our legitimate interests. We will cease processing your data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. You have the absolute right to object at any time to the processing of your personal data for direct marketing purposes. We reserve the right to verify your identity and the validity of your objection before taking action.

8. Data Retention and Deletion

8.1 Retention Periods. We retain your personal information for as long as your account is active or as needed to provide you with the Service. After account deletion, we may retain certain information for up to 90 days for backup and disaster recovery purposes, after which it will be permanently deleted from our systems. We may retain anonymized and aggregated data indefinitely for analytics, research, and service improvement purposes. Transaction records and billing information may be retained for up to 7 years as required by applicable tax and accounting laws. Communication records may be retained for up to 3 years for quality assurance and dispute resolution purposes. We reserve the right to extend these retention periods where required by law or where necessary for the protection of our legal rights.

8.2 Account Deletion. You may request the deletion of your account at any time through the Settings page of the Service or by contacting us at the email address provided below. Upon account deletion, we will delete or anonymize your personal information within 30 days, subject to the retention periods described above and any legal obligations that require us to retain certain information. Please note that account deletion is irreversible and that we cannot recover your data once it has been deleted. We reserve the right to retain information necessary for fraud prevention, abuse detection, legal compliance, or the enforcement of our Terms and Conditions.

9. International Data Transfers

9.1 Your data may be transferred to, stored in, and processed in countries other than the country in which you reside. In particular, our servers are located in Singapore, and our third-party service providers may process data in the United States, the European Union, and other jurisdictions. These countries may have data protection laws that are different from the laws of your country of residence. By using the Service, you consent to the transfer of your information to these countries. We take appropriate measures to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it, including entering into data processing agreements with our sub-processors that include standard contractual clauses approved by relevant data protection authorities.

9.2 Where we transfer personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to a country that has not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs), binding corporate rules, or other legally recognized transfer mechanisms. We reserve the right to rely on any applicable derogation under data protection law for specific transfers where appropriate safeguards are not available.

10. Children's Privacy

10.1 The Service is not intended for use by individuals under the age of 16 ("Children"). We do not knowingly collect personal information from Children. If you are a parent or guardian and you become aware that your child has provided us with personal information, please contact us at the email address provided below. If we become aware that we have collected personal information from a child under the age of 16 without verification of parental consent, we will take steps to delete that information from our servers within a reasonable timeframe. We reserve the right to request proof of age from any user and to terminate accounts that we reasonably believe belong to individuals under the age of 16. In jurisdictions where the applicable minimum age for data processing consent is higher than 16, we will comply with the local requirements. Parents and guardians who believe that their child has provided personal information to us may exercise their rights as described in Section 7 of this Policy on behalf of their child.

11. Compliance with the Information Technology Act, 2000 (India)

11.1 Sensitive Personal Data or Information. In accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, issued under the Information Technology Act, 2000, we implement reasonable security practices and procedures to protect sensitive personal data or information ("SPDI") as defined under these rules. SPDI includes passwords, financial information, health information, biometric information, and sexual orientation. We collect and process SPDI only for lawful purposes connected with the functioning of the Service and only where such collection is necessary and the person providing the information is not denied access to the Service for not providing SPDI that is not mandatory.

11.2 Grievance Redressal. In accordance with the Information Technology Act, 2000 and the rules made thereunder, the name and contact details of our Grievance Officer are provided in the Contact Information section below. The Grievance Officer shall address any grievances or complaints regarding the processing of personal information within 30 days of receipt of such grievance or complaint. We reserve the right to appoint a different Grievance Officer from time to time and will update this Policy to reflect any such change.

11.3 Digital Personal Data Protection Act, 2023. To the extent applicable, we comply with the Digital Personal Data Protection Act, 2023 ("DPDPA") and any rules notified thereunder. We process personal data on the basis of consent or legitimate uses as recognized under the DPDPA. Data Principals (as defined under the DPDPA) may exercise their rights, including the right to access, correction, erasure, and grievance redressal, as provided under the DPDPA and described in Section 7 of this Policy. We reserve the right to update our practices as further rules and regulations are notified under the DPDPA.

12. GDPR Compliance (European Union Users)

12.1 Legal Basis for Processing. If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases: (a) Contractual Necessity — processing necessary for the performance of our contract with you to provide the Service; (b) Consent — where you have given clear consent for us to process your personal data for a specific purpose; (c) Legitimate Interests — processing necessary for our legitimate interests or those of a third party, provided that your fundamental rights and freedoms do not override those interests; and (d) Legal Obligation — processing necessary for compliance with a legal obligation to which we are subject. We reserve the right to rely on additional or alternative legal bases as permitted by applicable law.

12.2 Data Protection Officer. While we are not legally required to appoint a Data Protection Officer under the GDPR, we have designated a privacy contact who is responsible for overseeing our data protection practices and responding to privacy-related inquiries. You may contact our privacy team at the email address provided in the Contact Information section below. We reserve the right to formally appoint a Data Protection Officer in the future if required by law or if we deem it appropriate for our operations.

12.3 Supervisory Authority. If you are located in the EEA, you have the right to lodge a complaint with your local supervisory authority if you believe that our processing of your personal data infringes the GDPR. While we encourage you to contact us first to resolve any concerns, we respect your right to escalate matters to the relevant supervisory authority. A list of supervisory authorities is available at edpb.europa.eu. We reserve the right to request documentation or evidence in support of any complaint or claim before taking corrective action.

13. California Privacy Rights (CCPA/CPRA)

13.1 If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights include the right to know what personal information we collect, use, disclose, and sell; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information; the right to correct inaccurate personal information; and the right to limit the use and disclosure of your sensitive personal information. We do not sell or share your personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. To exercise any of these rights, please contact us at the email address provided below. We will not discriminate against you for exercising any of your privacy rights. We reserve the right to verify your identity and residency before processing any request made under the CCPA/CPRA.

14. Automated Decision-Making and Profiling

14.1 The Service uses automated processing, including AI-powered content generation and ATS scoring algorithms, to provide its core functionality. These automated processes analyze your resume data to generate optimized content, calculate compatibility scores, and provide improvement suggestions. These automated processes do not make decisions that produce legal effects or similarly significant effects on you. The AI-generated content is provided as a suggestion and you retain full editorial control over your resume content at all times. We do not use automated decision-making for the purpose of evaluating your creditworthiness, employability, or any other personal characteristic. We reserve the right to implement additional automated processing features in the future, and we will update this Policy accordingly. If you have concerns about any automated processing of your data, you may contact us at the email address provided below.

15. Changes to This Privacy Policy

15.1 We reserve the right to update, revise, or modify this Privacy Policy at any time and for any reason, in our sole discretion. When we make material changes to this Policy, we will notify you by posting the updated Policy on the Service with a new "Last updated" date, and we may also notify you through email or through a prominent notice on the Service. We encourage you to review this Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of the Service after the posting of any revised Policy constitutes your acknowledgment and acceptance of the revised Policy. If you do not agree with the revised Policy, you must discontinue your use of the Service immediately. We reserve the right to determine, in our sole discretion, what constitutes a "material change" for the purposes of this notification obligation. Previous versions of this Policy may be made available upon request.

16. Governing Law

16.1 This Privacy Policy shall be governed by and construed in accordance with the laws of India, without regard to its conflict of law provisions. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts located in Ahmedabad, Gujarat, India. Notwithstanding the foregoing, we reserve the right to seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of our data, intellectual property rights, or other proprietary rights. We also reserve the right to bring proceedings against you in the courts of the country in which you reside or in any other competent jurisdiction.

17. Contact Information

17.1 If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, or if you wish to exercise any of your rights described in this Policy, please contact us at:

We will endeavor to respond to all legitimate inquiries within 30 days. In certain circumstances, we may require additional time, in which case we will notify you of the extension and the reasons for it. We reserve the right to request proof of identity before processing any request or inquiry.