Privacy Policy

What we collect

• Account data: email address and a salted password hash (Argon2). Optional name.
• Resume content: the PDF/DOCX you upload, its extracted plain text, and the structured JSON we derive from it.
• Usage logs: counts of parses, scores, and AI agent messages — for free-tier limits.
• Cookies: a single session cookie (rr_session), httpOnly, used only for authentication.

What we don't collect

• We don't track you across the web. No third-party ad pixels.
• We don't read your other tabs, browser history, or device data beyond what your browser sends in a normal HTTP request.
• We don't sell or share your resume content with employers, recruiters, or aggregators.

Where it lives

Account and resume data is stored in Neon Postgres (US/EU regions). When you upload a resume, the file is processed in-memory by our parsing function and only the extracted text + structured JSON persist — we don't store the original binary file by default.

Third parties we use

• Vercel — hosts the application. Sees request metadata.
• Neon — hosts the database.
• Vercel AI Gateway — proxies LLM calls to OpenAI, Anthropic, and others. Resume text is sent to the model provider when you use the AI agent. We don't enable provider training on our data; check the provider's policy for retention.
• Polar — handles billing if you upgrade to a paid plan. Stripe is the underlying processor.

How to delete your data

Email hello@resumes.repair from your registered address with "delete account" in the subject. We delete your user row and all related data (resumes, versions, scores, sessions, usage) within 7 days. Cascading foreign keys ensure nothing orphans.

GDPR / CCPA

EU and California residents can request access, correction, or deletion of their data via the email above. We respond within 30 days.

Changes

If we materially change this policy, we'll update the "Last updated" date and email registered users.