Back to Home

Privacy Policy

Last updated: December 2025

1. Introduction

ResumeFlow ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered resume builder service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address and name when you create an account
  • Resume Data: Personal information, work history, education, skills, and other content you provide to build your resume
  • Job Descriptions: Job postings you paste for ATS optimization
  • Chat Messages: Conversations with our AI assistant
  • Payment Information: Billing details when you purchase credit packs (processed securely by our payment provider)

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, and actions taken within the Service
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP address, access times, and referring URLs

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Generate and optimize your resume using AI
  • Process payments and manage your account
  • Send transactional emails (e.g., magic links, receipts)
  • Analyze usage patterns to improve user experience
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Third-Party Services

We use the following third-party services to operate ResumeFlow:

PostHog (Analytics)

We use PostHog (us.posthog.com) to analyze how users interact with our Service. This helps us understand usage patterns and improve the product. PostHog may collect usage data, device information, and anonymized behavioral data.

PostHog Privacy Policy

DodoPayments (Payments)

We use DodoPayments to process credit pack purchases. When you make a payment, your payment information is sent directly to DodoPayments. We do not store your credit card details.

DodoPayments Privacy Policy

DeepSeek (AI Processing)

We use DeepSeek's AI models to power our resume building assistant. Your resume data and chat messages are sent to DeepSeek for processing. We do not use your data to train AI models.

DeepSeek Privacy Policy

Google OAuth (Authentication)

If you sign in with Google, we receive your name and email address from Google. We do not access any other Google account data.

Google Privacy Policy

Resend (Email)

We use Resend to send transactional emails such as magic link sign-in emails. Your email address is shared with Resend for this purpose.

Resend Privacy Policy

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service:

  • Account Data: Retained until you delete your account
  • Resume Data: Retained until you delete your account or the specific resume
  • Chat History: Retained for 90 days, then automatically deleted
  • Payment Records: Retained for 7 years for legal and tax compliance
  • Analytics Data: Retained in anonymized form

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (HTTPS), secure database storage, and access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and associated data
  • Export: Request your data in a portable format
  • Objection: Object to certain processing of your data

To exercise these rights, contact us at [email protected].

8. Cookies and Tracking

We use the following types of cookies and tracking:

  • Essential Cookies: Required for authentication and basic functionality
  • Analytics Cookies: Used by PostHog to understand usage patterns

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features.

9. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for any international transfers, including standard contractual clauses where required.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated "Last updated" date. We encourage you to review this page periodically.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

[email protected]