Privacy Policy

1. Introduction

WhichResume ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our resume building service.

This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Information We Collect

2.1 Account Information

• Email address
• Name
• Password (encrypted)
• Profile information (if provided via Google OAuth)

2.2 Resume Content

• Professional information (work experience, education, skills)
• Personal details you choose to include (name, email, LinkedIn, website)
• Resume customizations and preferences

2.3 Payment Information

Payment card information is collected and processed directly by Stripe, our payment processor. We never store full payment card details on our servers. We only retain your Stripe customer ID for subscription management.

2.4 Usage Data

• Pages visited and features used
• Time spent on the Service
• Browser type and device information
• IP address (for security and analytics)
• Feature usage patterns
• AI credit consumption and balance
• Download usage and bonus download tracking

3. Privacy-First Approach

4. How We Use Your Information

We use collected information to:

• Provide and maintain our Service
• Process your transactions and manage subscriptions
• Send service-related emails (account verification, password reset)
• Improve our Service through analytics
• Provide customer support
• Detect and prevent fraud and abuse
• Comply with legal obligations
• Generate AI-powered resume suggestions (when you use AI features)
• Track AI credit usage and monthly allocations
• Manage bonus downloads and download limits
• Process credit pack purchases and allocations

5. Information Sharing

We never sell your personal information. We only share data with:

• Service providers: Third parties who help us operate our Service (see section 6)
• Legal requirements: When required by law or to protect our rights
• Business transfers: In connection with a merger, acquisition, or asset sale (with your consent where required)

6. Third-Party Services

We use the following third-party service providers who may process your data:

7. Cookies and Tracking

We use cookies and similar technologies for authentication, preferences, and analytics. See our Cookie Policy for detailed information.

You can control cookies through your browser settings. Disabling certain cookies may limit Service functionality.

8. Your Privacy Rights

8.1 GDPR Rights (EU Users)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Data Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing of your personal data
• Restrict Processing: Request limitation of processing
• Withdraw Consent: Withdraw consent at any time

8.2 CCPA Rights (California Users)

• Know: Request disclosure of personal information we collect, use, and share
• Delete: Request deletion of personal information
• Opt-Out: Opt out of sale of personal information (we never sell your data)
• Non-Discrimination: Not be discriminated against for exercising CCPA rights

8.3 Exercising Your Rights

To exercise any of these rights, contact us through our Contact Form or email us. We will respond within 30 days (GDPR) or 45 days (CCPA).

9. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Account data: Until account deletion
• Resume content: Until you delete it or close your account
• Payment records: 7 years for tax and legal compliance
• Analytics data: 2 years
• Support communications: 3 years
• AI credit usage: 2 years for analytics and billing verification
• Download tracking: 1 year for usage analytics

After account deletion, we permanently delete your personal data within 30 days, except where retention is required by law.

10. Security Measures

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest
• Secure password hashing
• Rate limiting to prevent abuse
• Regular security audits and monitoring
• Access controls and authentication
• Automatic error tracking and alerts
• Privacy-first architecture (sensitive data stored locally)

While we strive to protect your data, no method of transmission over the internet is 100% secure. Use our Service at your own risk.

11. Children's Privacy

Our Service is not intended for children under 13 (COPPA compliance). We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately, and we will delete it.

12. International Transfers

Your data may be transferred to and processed in countries other than your own. These countries may have different data protection laws. We ensure appropriate safeguards are in place for international transfers, including:

• Standard contractual clauses approved by the EU Commission
• Service providers with adequate data protection certifications
• Compliance with GDPR requirements for international transfers

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last Updated" date at the top indicates when the policy was last revised.

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

For privacy-related questions, data requests, or concerns, please contact us through our Contact Form.

For GDPR-related inquiries, please include "GDPR Request" in your subject line. For CCPA-related inquiries, please include "CCPA Request" in your subject line.