Privacy Policy

1. Data Controller

The data controller responsible for your personal data is DevLogic (paušalni obrt), registered in Croatia, European Union. For any privacy-related inquiries, you can reach us at privacy@resumesaipro.com.

2. Information We Collect

We collect the following categories of personal data when you use ResumeAI Pro:

• Account information: name, email address, and authentication data when you create an account.
• Resume content: the personal and professional information you enter into the resume builder, including work experience, education, skills, and other details you choose to provide.
• Payment information: payment details are processed directly by Stripe and are not stored on our servers. We only retain transaction identifiers and plan information.
• Usage data: feature interactions, session information, page views, and device/browser metadata collected to improve the service.
• Cookies and similar technologies: functional cookies necessary for the service to operate, and optional analytics cookies to understand how you use the platform.

3. How We Use Your Information

We process your personal data for the following purposes and legal bases under the GDPR:

• Service delivery (contractual necessity): to provide and operate the AI-powered resume building service, generate PDF exports, and deliver purchased features.
• Payment processing (contractual necessity): to process one-time purchases and manage your plan tier.
• Account management (contractual necessity): to create and maintain your account, authenticate your identity, and provide customer support.
• Service improvement (legitimate interest): to analyze usage patterns and improve the platform's functionality and user experience.
• Security (legitimate interest): to detect and prevent fraud, abuse, and security incidents.
• Legal compliance (legal obligation): to comply with applicable laws, regulations, and legal processes.

4. AI Processing

Your resume content is processed by the OpenAI API to provide AI-powered features such as content enhancement suggestions, ATS optimization, gap analysis, cover letter generation, and interview preparation. Important details about this processing:

• Your resume data is sent to OpenAI's API solely for the purpose of generating the requested AI output.
• Your data is not used by OpenAI to train or improve their AI models. We use the OpenAI API under terms that prohibit training on customer data.
• Resume content is processed in real-time and is not retained by OpenAI beyond the time needed to generate a response (typically seconds).
• All data sent to OpenAI is transmitted over encrypted connections (TLS).

5. Data Storage and Security

Your data is stored securely using Supabase, a hosted PostgreSQL database service, with the following security measures in place:

• Row-level security (RLS): database-level access controls ensure that each user can only access their own data.
• Encryption in transit: all data transmitted between your browser and our servers is encrypted using TLS.
• Authentication: secure authentication is handled by Supabase Auth with industry-standard practices.
• Rate limiting: API endpoints are protected against abuse with rate limiting mechanisms.

While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

6. Third-Party Services

We use the following third-party services to operate ResumeAI Pro. Each processes data in accordance with their own privacy policies:

• Stripe — payment processing. Privacy Policy
• OpenAI — AI-powered resume features. Privacy Policy
• Supabase — authentication and data storage. Privacy Policy
• Vercel — application hosting. Privacy Policy

7. Cookies

We use the following types of cookies:

• Strictly necessary cookies: required for the service to function, including authentication session cookies and security tokens. These cannot be disabled.
• Analytics cookies: used to understand how visitors interact with the platform, helping us improve the user experience. These are only set with your consent.

We do not use advertising or tracking cookies. You can manage your cookie preferences through your browser settings.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the service. Specifically:

• Account and resume data: retained for the lifetime of your account. You can delete your account and all associated data at any time.
• Payment records: retained for up to 7 years as required by tax and accounting regulations.
• Usage logs: retained for up to 12 months for security and analytics purposes, then anonymized or deleted.

After account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

9. Your Rights Under GDPR

As a data subject, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of your personal data (“right to be forgotten”).
• Right to data portability: receive your data in a structured, commonly used, machine-readable format.
• Right to restriction: request restriction of processing of your personal data.
• Right to object: object to the processing of your personal data based on legitimate interests.

To exercise any of these rights, contact us at privacy@resumesaipro.com. We will respond to your request within 30 days.

10. International Data Transfers

Some of our third-party service providers (OpenAI, Vercel, Stripe) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider's participation in recognized data protection frameworks.

11. Supervisory Authority

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Croatian Personal Data Protection Agency (AZOP):

Agencija za zaštitu osobnih podataka (AZOP)
Website: azop.hr

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting a notice on our website or sending you an email. Your continued use of the service after the changes take effect constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions about this privacy policy or how we handle your personal data, please contact us at privacy@resumesaipro.com.