Back to Home

Privacy Policy

Privacy Policy

Last updated: January 2025

EZ-Resume is an Australian business committed to protecting your privacy under Australian law. This policy explains how we handle your personal information in plain English.

Quick Navigation

What We CollectWhy We Use DataYour RightsThird PartiesSecurityData RetentionContact UsInternational Users

About This Policy

Who we are: EZ-Resume is an Australian business that provides AI-powered resume and cover letter generation services.

Australian Privacy Law: We comply with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). For international users, we also comply with GDPR and other applicable privacy laws.

What this covers: This policy explains how we handle your personal information when you use our website and services.

1. What Personal Information We Collect (APP 3)

Account Information

  • Email address - For account creation, login, and document delivery
  • Password (encrypted) - Secure account access
  • Signup date and location - Account management and security
  • Industry selection - Personalised resume templates and AI training
  • Subscription tier - Access control and billing

Resume & Career Content

  • Personal details - Name, phone, address, LinkedIn profile
  • Work experience - Job titles, companies, dates, responsibilities
  • Education - Degrees, institutions, dates, achievements
  • Skills and certifications - Professional and technical skills
  • Professional summary - Career objectives and highlights
  • Cover letters - Personalised cover letter content

Important: Resume content is deleted immediately after PDF generation and email delivery.

Usage Analytics

  • AI usage counters - Track free plan usage limits
  • Feature usage - Which tools and templates you use
  • Page views - Website navigation patterns
  • Technical data - Browser type, device, IP address (for security)
  • Error logs - Technical issues for improvement

Payment Information

  • Payment status - Free or Professional tier
  • Purchase date - For account access and support
  • Transaction ID - For refunds and billing queries

Note: Credit card details are processed and stored by Stripe, not us. We never see or store your payment card information.

Communication Data

  • Support messages - Contact form submissions and replies
  • Email communications - Service updates and support
  • Feedback - Your comments and suggestions

2. Why We Collect Your Information (APPs 3, 6)

Primary Purposes

  • Provide our service: Generate professional resumes and cover letters using AI
  • Deliver documents: Email your completed PDFs securely
  • Account management: Secure login, track usage limits, manage subscriptions
  • Payment processing: Handle Professional plan purchases and refunds
  • Customer support: Respond to questions and resolve issues

Secondary Purposes

  • Service improvement: Analyse usage patterns to enhance features
  • AI training: Improve our AI models for better resume generation
  • Security: Detect fraud, prevent abuse, and protect user accounts
  • Legal compliance: Meet Australian tax, business, and privacy law requirements

Australian Privacy Principle 6: We only use your information for the purposes stated above, or for related purposes you would reasonably expect. We will ask for your consent before using your information for any other purpose.

3. Who We Share Your Information With (APPs 6, 8)

We only share your information with trusted service providers who help us deliver our service:

🏢 Supabase (Database & Authentication)

  • What they do: Secure database storage and user authentication
  • Data shared: Account information, usage data, stored resumes
  • Location: AWS servers with Australian data residency options
  • Protection: Enterprise-grade encryption and access controls

🤖 OpenAI (AI Processing)

  • What they do: AI-powered content generation for resumes
  • Data shared: Your job details and experience (during generation only)
  • Location: United States
  • Protection: Data is processed and immediately deleted, not stored or used for training

💳 Stripe (Payment Processing)

  • What they do: Secure payment processing and billing
  • Data shared: Payment information, billing details
  • Location: Global infrastructure with strong data protection
  • Protection: PCI DSS compliant, we never see your card details

🌐 Vercel (Website Hosting)

  • What they do: Host our website and handle web traffic
  • Data shared: Technical logs, performance data
  • Location: Global CDN with Australian edge servers
  • Protection: HTTPS encryption, DDoS protection

🚫 What We DON'T Do

  • We never sell, rent, or trade your personal information to anyone
  • We don't share your data with advertisers or marketing companies
  • We don't use your resume content to train AI models
  • We don't share data with employers or recruitment agencies

4. Your Privacy Rights (APPs 6, 12, 13)

Under Australian privacy law, you have the following rights:

📋 Access Your Data

Request a copy of all personal information we hold about you, including how we use it and who we share it with.

How: Use our Data Rights form or contact us directly.

✏️ Correct Your Data

Request correction of inaccurate, incomplete, or outdated personal information.

How: Update through your dashboard or contact support for assistance.

🗑️ Delete Your Data

Request deletion of your personal information (subject to legal requirements).

How: Delete your account in dashboard settings or request through our Data Rights form.

📤 Export Your Data

Request a copy of your data in a portable format to transfer to another service.

How: Use our Data Rights form to request a complete data export.

🛑 Object to Processing

Object to certain uses of your data, particularly for direct marketing or analytics.

How: Contact us to discuss your specific concerns and preferences.

⚖️ Make a Complaint

If you're not satisfied with how we handle your privacy, you can complain to the OAIC.

OAIC: Office of the Australian Information Commissioner (oaic.gov.au)

How to Exercise Your Rights

  1. Submit a request through our Data Rights form
  2. We'll verify your identity (for security)
  3. We'll process your request within 30 days
  4. We'll confirm completion and provide any requested information

No cost: We don't charge fees for reasonable requests under Australian privacy law.

5. How We Protect Your Data (APP 11)

We implement comprehensive security measures to protect your personal information:

🔐 Technical Security

  • 256-bit SSL/TLS encryption for all data transmission
  • AES-256 encryption for data at rest
  • Multi-factor authentication for admin access
  • Regular security patches and updates
  • Automated malware and intrusion detection

🏢 Operational Security

  • Strict access controls (need-to-know basis only)
  • Regular security audits and penetration testing
  • Employee privacy and security training
  • Secure data disposal procedures
  • Incident response and breach notification plans

🛡️ Data Minimisation

We follow the principle of data minimisation - we only collect, store, and process the minimum amount of personal information necessary to provide our service effectively.

🚨 Data Breach Response

If a data breach occurs that could harm you, we will:

  • Notify the OAIC within 72 hours (if required by law)
  • Notify affected users as soon as reasonably possible
  • Provide clear information about what happened and what we're doing
  • Offer support and guidance to affected users

6. How Long We Keep Your Data (APP 11)

We only keep your personal information for as long as necessary:

⚡ Immediate Deletion

  • Resume content: Deleted immediately after PDF generation and email delivery
  • AI processing data: Deleted from OpenAI systems after processing
  • Temporary files: Deleted within 24 hours

📅 Active Account Data

  • Account information: Kept while your account is active
  • Usage analytics: 24 months for service improvement
  • Saved resumes: Kept until you delete them or close your account

🏛️ Legal Requirements

  • Payment records: 7 years (Australian tax law)
  • Customer support records: 3 years for quality and legal purposes
  • Security logs: 12 months for fraud prevention

❌ Account Deletion

  • Inactive accounts: Automatically deleted after 2 years of inactivity
  • Requested deletion: Processed within 30 days of your request
  • Full data removal: All personal data deleted except legal requirements

Want to delete your data sooner? You can request immediate deletion of your account and all associated data at any time through your dashboard or our Data Rights form.

7. International Data Transfers (APP 8)

Some of our service providers are located outside Australia. Here's how we protect your data:

🌏 Where Your Data Goes

  • United States: OpenAI (AI processing), Stripe (payments), Vercel (hosting)
  • European Union: Supabase (database - with Australian options available)
  • Australia: Local CDN servers and admin access

🛡️ Protection Measures

  • Standard Contractual Clauses: Legal agreements requiring adequate protection
  • Privacy Shield alternatives: Additional US privacy protections where available
  • GDPR compliance: EU-level protections for all users
  • Encryption in transit: All data encrypted during transfer
  • Minimal data: Only essential data crosses borders

🇦🇺 For Australian Users

We ensure that any overseas data processing meets Australian privacy standards. You have the same privacy rights regardless of where your data is processed, and we remain accountable under Australian privacy law.

🌍 For International Users

We comply with privacy laws in your jurisdiction:

  • EU/UK users: Full GDPR compliance
  • US users: CCPA compliance for California residents
  • Other jurisdictions: Local privacy law compliance where applicable

8. Children's Privacy

⚠️ Age Restriction

Our service is designed for adults entering the workforce and is not suitable for children under 18.

  • We do not knowingly collect personal information from anyone under 18
  • If we discover we have collected child data, we will delete it immediately
  • Parents/guardians should contact us if they believe we have collected their child's information
  • Users must be 18+ to create an account or use our services

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements.

How We'll Notify You

  • Material changes: Email notification to all users
  • Minor updates: Posted on our website with updated date
  • Legal changes: Prominent notice on our homepage
  • Continued use: Using our service after changes means you accept the updated policy

We recommend reviewing this policy periodically to stay informed about how we protect your privacy.

10. Contact Us About Privacy

We're committed to addressing your privacy concerns promptly and transparently. Here's how to reach us:

Privacy Contact Information

General Privacy Inquiries

  • Contact:
  • Response time: Within 5 business days
  • Method: Secure contact form

Data Rights Requests

  • Portal: Data Rights Form
  • Response time: Within 30 days
  • Identity verification: Required for security

Business Details

  • Entity: EZ-Resume (Australian Business)
  • Privacy Officer: Available through contact form
  • Jurisdiction: Australian Privacy Principles (APPs)
  • Regulator: Office of the Australian Information Commissioner (OAIC)

🚨 Privacy Complaints

If you have a privacy complaint:

  1. Contact us first - we want to resolve your concerns directly
  2. We'll investigate and respond within 30 days
  3. If unsatisfied, you can complain to the OAIC (oaic.gov.au)
  4. EU users can also contact their local data protection authority

Privacy Policy Summary

This policy explains how EZ-Resume, an Australian business, handles your personal information in compliance with Australian Privacy Principles and international privacy laws.

Australian Privacy Act 1988GDPR CompliantCCPA CompliantPlain English