EZ Resume ("we," "our," or "us") is committed to protecting your privacy and ensuring compliance with data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our AI-powered resume and cover letter generator.
1. Information We Collect
1.1 Personal Information You Provide
Contact Information: Name, email address, phone number
Professional Information: Work history, education, skills, certifications, achievements
Resume Content: Job descriptions, responsibilities, accomplishments, personal statements
Cover Letter Content: Job applications, company information, personal statements
Communication Data: Messages sent through our contact forms or support channels
1.2 Automatically Collected Information
Technical Data: IP address, browser type, device information, operating system
Usage Data: Pages visited, time spent, features used, error logs
Analytics Data: Google Analytics data (with consent), performance metrics
Cookies: Essential cookies for functionality, analytics cookies (with consent)
1.3 Payment Information
Payment processing is handled securely by Stripe
We do not store your payment card details
Stripe may store payment information according to their privacy policy
2. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
Contract Performance: To provide our resume generation services
Legitimate Interest: To improve our services, prevent fraud, and ensure security
Consent: For analytics and marketing communications (where applicable)
Legal Obligation: To comply with applicable laws and regulations
3. How We Use Your Information
Service Provision: Generate resumes and cover letters using AI technology
Communication: Send generated documents to your email address
Customer Support: Respond to inquiries and provide assistance
Payment Processing: Process payments for premium features
Service Improvement: Analyze usage patterns to enhance our platform
Security: Detect and prevent fraud, abuse, and security threats
Legal Compliance: Fulfill legal obligations and respond to legal requests
4. Data Sharing and Third Parties
4.1 Service Providers
OpenAI: AI processing for resume and cover letter generation
Stripe: Payment processing and fraud prevention
Email Services: Document delivery and communication
Analytics: Google Analytics for website performance (with consent)
Hosting: Vercel for website hosting and infrastructure
4.2 Data Sharing Limitations
We do not sell, rent, or trade your personal information
We do not share data with third parties for marketing purposes
Service providers are bound by data processing agreements
We may share data if required by law or to protect our rights
5. Data Retention and Deletion
5.1 Retention Periods
Resume/Cover Letter Content: Deleted immediately after generation and email delivery
Personal Information: Deleted within 30 days of document generation
Analytics Data: Retained for up to 26 months (Google Analytics)
Payment Records: Retained for 7 years for tax and legal compliance
Communication Data: Retained for 2 years for customer support
5.2 Data Deletion
You can request immediate deletion of your data at any time
We will confirm deletion within 30 days of your request
Some data may be retained longer if required by law
6. Data Security
Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
Access Controls: Strict access controls and authentication
Security Monitoring: Continuous monitoring for security threats
Data Minimization: We only collect data necessary for our services
Regular Audits: Security assessments and vulnerability testing
7. Your Rights (GDPR & CCPA)
7.1 Right to Access
You have the right to request a copy of all personal data we hold about you.
7.2 Right to Rectification
You can request correction of inaccurate or incomplete personal data.
7.3 Right to Erasure (Right to be Forgotten)
You can request deletion of your personal data, subject to legal requirements.
7.4 Right to Restrict Processing
You can request that we limit how we process your personal data.
7.5 Right to Data Portability
You can request a copy of your data in a structured, machine-readable format.
7.6 Right to Object
You can object to processing based on legitimate interests.
7.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw consent at any time.
7.8 Right to Lodge a Complaint
You have the right to complain to your local data protection authority.
8. Cookies and Tracking
8.1 Essential Cookies
Session management and security
Form functionality and validation
These cookies are necessary for the website to function
8.2 Analytics Cookies
Google Analytics for website performance
These cookies require your consent
You can opt out through our cookie consent banner
8.3 Cookie Management
You can manage cookie preferences in your browser settings
Our cookie consent banner allows granular control
Opting out of analytics cookies won't affect core functionality
9. International Data Transfers
Your data may be processed in countries outside your residence
We ensure adequate protection through Standard Contractual Clauses (SCCs)
All transfers comply with applicable data protection laws
Service providers are located in the EU, US, and other jurisdictions
10. Children's Privacy
Our service is not intended for children under 16 years of age
We do not knowingly collect personal information from children under 16
If we become aware of such collection, we will delete it immediately
Parents or guardians should contact us if they believe we have collected children's data
11. Data Breach Procedures
We have procedures to detect, report, and investigate data breaches
In case of a breach, we will notify affected users within 72 hours
We will also notify relevant authorities as required by law
All breaches are documented and reviewed to prevent recurrence
12. Changes to This Policy
We may update this Privacy Policy periodically
Material changes will be communicated via email or website notice
Continued use of our service constitutes acceptance of updated policies
Previous versions are archived and available upon request
13. Contact Information
For privacy-related inquiries, data requests, or to exercise your rights:
Email:
Data Protection Officer: Available through our contact form
Response Time: We will respond to all requests within 30 days
Verification: We may need to verify your identity before processing requests
14. Legal Basis and Jurisdiction
This policy is governed by applicable data protection laws
For EU users: GDPR applies to all processing activities
For California users: CCPA provides additional rights
Disputes will be resolved in accordance with applicable law