Privacy Policy

Last updated: 10/15/2025

1. Introduction

ResumeThing ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered resume optimization service.

By using ResumeThing, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the service.

2. Information We Collect

Personal Information

  • Name and email address (via Google OAuth)
  • Resume content and job posting information you provide
  • Usage data and preferences within our service
  • Billing information (processed securely via Stripe)

Automatically Collected Information

  • IP address and device information
  • Browser type and version
  • Pages visited and time spent on our service
  • Referring website addresses

Cookies and Tracking

We use cookies for authentication, security, and to improve your experience. You can control cookie preferences through our cookie consent banner. See our Cookie Policy for details.

3. How We Use Your Information

  • To provide and maintain our resume optimization service
  • To analyze and improve resume content using AI (OpenAI GPT models)
  • To process transactions and manage subscriptions
  • To communicate with you about your account and service updates
  • To detect and prevent fraud and abuse
  • To comply with legal obligations

4. OpenAI Data Processing

Important Notice:

Your resume content is processed by OpenAI's GPT models to provide our core service. By using ResumeThing, you consent to this processing. We recommend removing sensitive information (SSN, financial details) before uploading resumes.

  • Resume text is sent to OpenAI for analysis and optimization
  • OpenAI does not train on API data (per their data usage policy)
  • We do not store OpenAI responses longer than necessary
  • You can request deletion of your data at any time

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your data with:

  • Service Providers: Supabase (database), OpenAI (AI processing), Stripe (payments)
  • Legal Requirements: When required by law or to protect rights and safety
  • Business Transfers: In case of merger, acquisition, or asset sale
  • Your Consent: With your explicit permission

6. Data Security

We implement appropriate security measures including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure authentication via Google OAuth
  • Row Level Security (RLS) in our database
  • Regular security audits and updates
  • Limited access to personal information

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

7. Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights:

European Union Residents (GDPR):

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("Right to be Forgotten")
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing of your data
  • Restriction: Request limited processing of your data
  • Withdraw Consent: Withdraw consent at any time

California Residents (CCPA):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell data)
  • Right to non-discrimination

To exercise these rights, contact us at privacy@resumethingy.com

8. Data Retention

We retain your personal information for as long as necessary to:

  • Provide you with our services
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

You can request deletion of your account and data at any time. We will delete your data within 30 days of your request, except where retention is required by law.

9. Children's Privacy

ResumeThing is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal data, please contact us.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email.

12. Contact Us

If you have questions about this Privacy Policy, please contact us:

13. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract: Processing necessary to provide our services
  • Consent: Where you have given explicit consent
  • Legitimate Interests: For fraud prevention and service improvement
  • Legal Obligation: To comply with applicable laws

This privacy policy is effective as of 10/15/2025 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.