Privacy Policy
Comprehensive privacy policy compliant with CCPA, VCDPA, CPA, CTDPA, UCPA, and FDBR
1. Privacy Overview & Legal Compliance
ResumeReady LLC ("we," "our," or "us") is committed to protecting your privacy and ensuring compliance with all applicable privacy laws. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our AI-powered resume optimization services.
Automatic State Law Compliance
Our system automatically detects your location and applies the appropriate privacy protections under CCPA (California), VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), UCPA (Utah), and FDBR (Florida) without requiring any action from you.
Key Principles
- • Transparency: Clear disclosure of all data collection and usage
- • Minimal Collection: Only collect data necessary for service provision
- • User Control: Full control over your data and privacy preferences
- • Security: Industry-standard security measures to protect your data
- • Compliance: Full compliance with all applicable privacy laws
2. Data We Collect & How We Use It
| Data Category | Examples | Purpose | Retention |
|---|---|---|---|
| Account Information | Email address, Name, Profile picture, Account preferences | Account creation, authentication, and service personalization | Until account deletion |
| Resume Content | Work experience, Education, Skills, Contact information, Professional summary | AI-powered resume optimization and ATS analysis | Until account deletion or user deletion |
| Usage Data | AI credits consumed, Resume downloads, Template selections, Feature usage | Service improvement, billing, and fraud prevention | 12 months (anonymized after 12 months) |
| Payment Information | Billing address, Payment method (via Stripe), Subscription details, Transaction history | Payment processing and subscription management | 7 years (tax compliance) |
| Technical Data | IP address, Browser type, Device information, Usage logs | Security, fraud prevention, and service optimization | 30 days for IP logs, 12 months for analytics |
| Third-Party Data | LinkedIn profile data (with consent), Google account information, Job posting data | Enhanced resume creation and job matching | Until account deletion or user removal |
Special Notes
- • We do not sell your personal information to third parties
- • We do not share your resume content with third parties except for AI processing
- • All AI processing is performed through secure, vetted third-party services
- • You retain full ownership and control over your resume content
3. Legal Basis for Processing & Consent
Legal Bases
- • Contract: Processing necessary to provide requested services
- • Consent: Optional features like marketing communications
- • Legal Obligation: Compliance with applicable laws and regulations
- • Legitimate Interest: Service improvement and fraud prevention
Consent Management
- • Granular consent options for different data uses
- • Easy withdrawal of consent at any time
- • No impact on core service functionality when withdrawing consent
- • Clear indication of required vs. optional data collection
AI Processing Consent
By using our AI-powered features, you consent to your resume content being processed by Grok 4 and OpenAI GPT-4 for the purpose of generating optimized resume content. This processing is essential for the service functionality.
4. Your Privacy Rights by State
| State | Applicable Law | Your Rights | Contact |
|---|---|---|---|
| California (CCPA) | (CCPA) | Right to know, Right to delete, Right to opt-out, Right to non-discrimination | privacy@resumeready.io |
| Virginia (VCDPA) | (VCDPA) | Right to access, Right to correct, Right to delete, Right to portability | privacy@resumeready.io |
| Colorado (CPA) | (CPA) | Right to access, Right to correct, Right to delete, Right to opt-out | privacy@resumeready.io |
| Connecticut (CTDPA) | (CTDPA) | Right to access, Right to correct, Right to delete, Right to opt-out | privacy@resumeready.io |
| Utah (UCPA) | (UCPA) | Right to access, Right to delete, Right to opt-out | privacy@resumeready.io |
| Florida (FDBR) | (FDBR) | Right to access, Right to correct, Right to delete, Right to opt-out | privacy@resumeready.io |
How to Exercise Your Rights
- • Access: Request a copy of your personal data
- • Correction: Update inaccurate or incomplete data
- • Deletion: Request deletion of your personal data
- • Portability: Receive your data in a portable format
- • Opt-out: Opt-out of data sales or targeted advertising
- • Appeal: Appeal any decision regarding your privacy rights
Verification Required
To protect your privacy, we may need to verify your identity before processing privacy requests. This typically involves confirming your email address or account credentials.
5. Data Security & Protection Measures
| Security Measure | Details | Compliance |
|---|---|---|
| Encryption | AES-256 encryption for data at rest, TLS 1.3 for data in transit | Industry standard |
| Access Controls | Role-based access controls with principle of least privilege | Zero-trust architecture |
| Authentication | Secure authentication via Supabase with optional 2FA | OWASP standards |
| Monitoring | 24/7 automated threat detection and security monitoring | Industry standard monitoring |
| Auditing | Regular security audits and penetration testing | Annual third-party assessments |
| Backup | Encrypted daily backups with 30-day retention | Disaster recovery ready |
Security Incident Response
- • 72-hour notification for any data breaches
- • Immediate containment and investigation
- • Regular security updates and patches
- • Third-party security assessments
Data Minimization
- • Collect only necessary data for service provision
- • Regular data purging and cleanup
- • Anonymization where possible
- • Purpose limitation for all data use
6. Data Retention & Deletion Policies
Retention Schedule
- • Resume content: Until account deletion
- • Account data: Until account deletion
- • Usage analytics: 12 months (anonymized)
- • Payment records: 7 years (tax compliance)
- • Support tickets: 2 years
- • IP logs: 30 days (security purposes)
Deletion Rights
- • Account deletion: Complete data removal within 30 days
- • Selective deletion: Remove specific resume content
- • Automated deletion: Upon account closure
- • Legal retention: Extended retention for legal obligations
Deletion Process
When you delete your account or request data deletion, we will:
1. Immediately mark your data for deletion
2. Remove data from active systems within 30 days
3. Remove from backups within 90 days
4. Retain only anonymized analytics data
7. Third-Party Services & Data Sharing
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Grok 4 (xAI) | Primary AI processing for resume optimization | Resume content, job descriptions, user prompts | View Policy |
| OpenAI GPT-4 | Secondary AI processing and content generation | Resume content, job descriptions, user prompts | View Policy |
| Supabase | Database storage, authentication, and user management | User accounts, resumes, usage data, authentication tokens | View Policy |
| Stripe | Payment processing and subscription management | Billing information, payment methods, subscription details | View Policy |
| SendGrid | Email notifications and transactional emails | Email addresses, email content, delivery status | View Policy |
| Google Analytics | Website analytics and usage tracking | Usage patterns, website interactions, anonymized demographics | View Policy |
No Sale of Personal Information
We do not sell your personal information to third parties. All data sharing is limited to service provision and is governed by strict data processing agreements with our vendors.
8. International Data Transfers
As a US-based service, your data is primarily processed within the United States. Some of our third-party service providers may process data internationally, but only under appropriate safeguards:
- • Standard Contractual Clauses: For international transfers
- • Data Processing Agreements: With all third-party vendors
- • Encryption: All data encrypted in transit and at rest
- • Compliance: Adherence to applicable international privacy laws
Data Location
Primary data storage is in US-based data centers. AI processing may occur through US-based AI services (Grok 4, OpenAI) with appropriate data protection measures.
9. Cookies & Tracking Technologies
Cookie Categories
- • Essential: Required for basic functionality (no consent needed)
- • Functional: Enhance user experience (consent required)
- • Analytics: Understand usage patterns (consent required)
- • Marketing: Personalized advertising (consent required)
Cookie Control
You can manage cookie preferences through our cookie consent banner or browser settings. Essential cookies cannot be disabled as they are necessary for service functionality.
Microsoft Clarity (Session Replay & Heatmaps)
We partner with Microsoft Clarity to understand how users interact with our site and to improve our products/services. Clarity may collect behavioral metrics, heatmaps, and session replays (for example: clicks, scrolls, page views, mouse movements), approximate location based on IP, device/browser information, and performance data. We use this information to improve usability and accessibility, diagnose errors, prevent fraud, enhance security, and measure feature adoption.
Clarity only loads after you provide consent for Analytics/Performance cookies via our cookie preferences. You can update or withdraw consent at any time using the cookie controls.
Learn more about how Microsoft collects and uses data in the Microsoft Privacy Statement.
10. Children's Privacy
Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately for prompt removal.
Age Verification
By using our services, you confirm that you are at least 16 years old or have parental consent where required by applicable law.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- • Posting the new Privacy Policy on this page
- • Updating the "Last Updated" date at the top
- • Sending email notifications for material changes
- • Providing prominent notice on our website
Material Changes
Material changes will be communicated at least 30 days in advance. Continued use after changes constitutes acceptance of the updated policy.
12. Contact Information & Privacy Requests
Privacy Officer
Privacy Requests
- • Email: privacy@resumeready.io
- • Response Time: Within 30 days
- • Verification: Identity verification required
- • Appeals: Available for denied requests
State-Specific Contacts
For state-specific privacy rights, please include your state of residence in your request. We will ensure compliance with your state's specific privacy laws.
Your Privacy is Our Priority
By using ResumeReady.io, you acknowledge that you have read and understood this Privacy Policy. Your privacy rights are automatically protected based on your location, and you retain full control over your personal information.