Privacy Policy
Last updated: May 29, 2026
Resumeabl (“we,” “us,” or “our”) operates the Resumeabl platform at resumeabl.com (the “Service”). This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. It applies to all users of the Service regardless of location.
By using Resumeabl, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information You Provide
- Account data. When you sign in via Google OAuth, we receive your name, email address, and profile picture from Google.
- CV data. When you upload a CV (PDF, DOCX, or pasted text), we receive the full text content of that document.
- Conversation answers. When you answer questions during the guided conversation, we store your responses to generate improved CV bullets.
1.2 Information We Generate
- Analysis results. Our AI agents produce identity gap analysis, bullet visibility maps, defensibility audits, hidden role discovery, and other structured findings from your CV.
- Improved CV. The rewritten CV and profile data generated during the conversation.
1.3 Information Collected Automatically
- Usage data. Pages visited, features used, timestamps, and session duration.
- Device and technical data. IP address, browser type, operating system, screen resolution, and referring URL.
- Cookies. Essential cookies for authentication and session management. We do not use advertising cookies. See Section 7.
2. How We Use Your Information
| Purpose | Legal basis (GDPR) |
|---|---|
| Process and analyze your CV using AI agents | Contract performance |
| Generate improved bullets and CV documents | Contract performance |
| Maintain your account and profile | Contract performance |
| Process payments via Stripe | Contract performance |
| Send transactional emails (analysis complete, account changes) | Contract performance |
| Improve the Service (aggregate, anonymized analytics) | Legitimate interest |
| Comply with legal obligations | Legal obligation |
3. AI Processing Disclosure
Resumeabl uses artificial intelligence to analyze your CV. In accordance with Article 50 of the EU AI Act, we disclose the following:
- What AI does. Six specialized AI agents read your CV in parallel. Each agent is tuned for a specific structural problem: identity gaps, bullet visibility, scope understatement, mechanical errors, defensibility of claims, and hidden role discovery.
- Models used. We use third-party large language models (currently Google Gemini and Anthropic Claude) to power the analysis, conversation, and rewrite pipeline.
- What we send to AI providers. The parsed text of your CV and your conversation answers. We do not send your name, email, or payment information to AI providers.
- No training on your data. We do not use your CV or conversation data to train, fine-tune, or improve any AI model. Our API agreements with Google and Anthropic explicitly prohibit the use of API inputs for model training.
- Human review. No human reviews your CV or analysis unless you explicitly request support. The process is fully automated.
- Output accuracy. AI-generated analysis and rewrites are suggestions, not guarantees. We recommend reviewing all output before using it in job applications.
4. Data Sharing
We do not sell, rent, or trade your personal data. We share data only with:
| Recipient | Purpose | Data shared |
|---|---|---|
| Google (Gemini API) | CV analysis and rewrite | Parsed CV text, conversation answers |
| Anthropic (Claude API) | CV analysis and rewrite | Parsed CV text, conversation answers |
| Stripe | Payment processing | Email, payment method, billing address |
| Google (OAuth) | Authentication | OAuth tokens only |
| Vercel | Hosting and infrastructure | Technical/usage data |
We may also disclose data if required by law, court order, or to protect the rights, property, or safety of Resumeabl, our users, or the public.
5. Data Retention
- Active accounts. We retain your data for as long as your account is active.
- Deleted accounts. When you delete your account from Settings, we delete all personal data, CV content, analysis results, and conversation answers within 30 days. Anonymized, aggregate analytics data may be retained.
- Billing records. Payment records are retained for 7 years as required by tax and accounting regulations.
6. Your Rights
Depending on your location, you have the following rights:
All Users
- Access. Request a copy of all data we hold about you.
- Deletion. Delete your account and all associated data from Settings at any time.
- Data portability. Download your data in a machine-readable format.
European Economic Area (GDPR)
- Right to rectification, restriction of processing, and objection to processing.
- Right to withdraw consent at any time.
- Right to lodge a complaint with your local data protection authority.
California Residents (CCPA/CPRA)
- Right to know what personal information we collect, use, and disclose.
- Right to delete personal information.
- Right to opt-out of the sale or sharing of personal information. We do not sell or share your personal information.
- Right to non-discrimination for exercising your privacy rights.
To exercise any right, email [email protected] or use the controls in Settings. We respond within 30 days.
7. Cookies
We use only essential cookies required for the Service to function:
- Session cookie. Maintains your login session. Expires when you close your browser or after 30 days.
- Locale preference. Remembers your language selection.
We do not use advertising, tracking, or third-party marketing cookies.
8. Data Security
We implement industry-standard security measures including HTTPS encryption in transit, encrypted storage at rest, access controls limited to essential personnel, and regular security reviews. No system is 100% secure. If we become aware of a data breach affecting your personal data, we will notify you and the relevant authorities as required by law.
9. International Data Transfers
Your data may be processed in the United States and other countries where our service providers operate. Where required by law, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure an adequate level of data protection.
10. Children’s Privacy
Resumeabl is not intended for anyone under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to the address associated with your account at least 30 days before they take effect. The “Last updated” date at the top reflects the most recent revision.
12. Contact
For privacy-related inquiries or to exercise your rights:
- Email: [email protected]
- Subject line: “Privacy Request”