Privacy Policy

Effective Date: 1/1/2025 | Last Annual Review: 1/1/2025

Important Privacy Rights Notice

Depending on your location, you may have specific privacy rights:

  • California residents: See Section 9 for CCPA/CPRA rights
  • EU/UK residents: See Section 8 for GDPR rights
  • To opt-out of AI training: Email hello@resumeloom.com
  • Data sale/sharing: ResumeLoom does NOT sell or share your data - see Section 6

1. Introduction

ResumeLoom ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our resume builder service.

By using our service, you acknowledge that you have read and understood this Privacy Policy. If you are under the legal age of consent in your jurisdiction, you must have your parent or guardian's permission to use our services.

2. Age Requirements and Children's Privacy

Minimum Age Requirements

  • United States: You must be at least 13 years old
  • European Union/UK: You must be at least 16 years old
  • Other Jurisdictions: You must meet the minimum age required by your local laws

ResumeLoom does not knowingly collect personal information from children under the applicable age limits. If we discover that we have inadvertently collected information from a child under the required age, we will promptly delete such information.

Parents or guardians who believe their child has provided us with personal information without consent should contact us at hello@resumeloom.com.

3. Information We Collect

Personal Information

  • Name and contact information (email address, phone number if provided)
  • Resume content including work experience, education, skills, and achievements
  • Account credentials and authentication data
  • Profile information and preferences
  • Payment information (processed securely through Stripe)
  • Communications with our support team

Technical Information

  • IP address and device information
  • Browser type and version
  • Usage data and analytics (pages visited, features used)
  • Session information and cookies
  • Referral sources and exit pages

4. Legal Basis for Processing (GDPR)

Data TypeLegal BasisPurpose
Account InformationContract PerformanceTo provide our services
Resume ContentContract PerformanceTo generate and store resumes
Payment DataContract Performance / Legal ObligationTo process payments and comply with tax laws
Analytics DataConsent / Legitimate InterestTo improve our services
Marketing CommunicationsConsentTo send promotional content
Security LogsLegitimate InterestTo protect against fraud and security threats

5. How We Use Your Information

  • To provide and maintain our resume builder service
  • To process your resume and cover letter generation requests
  • To provide AI-powered enhancement and analysis features
  • To improve our services and user experience
  • To communicate with you about your account and our services
  • To ensure security and prevent fraud
  • To comply with legal obligations
  • To provide customer support and respond to inquiries
  • To analyze usage patterns and optimize performance

6. We Do NOT Sell or Share Your Data

Our Clear Commitment to Your Privacy

ResumeLoom does NOT sell, rent, lease, or share your personal data with third parties for commercial purposes.

✅ What We Do

  • • Keep your data secure and private
  • • Use data only to provide our service
  • • Process data with trusted service providers under strict contracts
  • • Allow you to delete your data anytime

❌ What We Do NOT Do

  • • Sell your data to advertisers
  • • Share data with marketing companies
  • • Sell data to data brokers
  • • Use data for purposes outside our service

Your data is used exclusively to provide you with the best resume building experience possible.

7. AI Processing and Automated Decision-Making

AI Usage Disclosure

ResumeLoom uses artificial intelligence technologies to:

  • Enhance and optimize resume content
  • Analyze resumes for ATS compatibility
  • Generate cover letters based on job descriptions
  • Provide skill gap analysis and recommendations
  • Parse and extract information from uploaded documents

🛡️ AI Data Protection Guarantee

✅ Your data is NEVER used to train AI models

We process your content only to provide you with personalized suggestions

  • Zero AI Training: Your resume data is never used to improve or train AI models
  • Temporary Processing: AI providers process your data only to generate responses and do not retain it
  • Your Control: You have complete control over AI-generated suggestions
  • Human Override: All AI suggestions are recommendations only - final decisions are always yours
  • Opt-Out Available: You can disable AI features entirely at any time

To disable AI processing for your account, email: hello@resumeloom.com

No Automated Decision-Making: While we use AI to provide suggestions and enhancements, ResumeLoom does not make any fully automated decisions that significantly affect you or your employment opportunities. All AI features are assistive tools under your control.

7. Cookie Policy

We use cookies and similar technologies to enhance your experience on our website. Our cookie policy includes:

Necessary Cookies

Essential for website functionality, authentication, and security.

Analytics Cookies

Help us understand how visitors use our website to improve our services.

Marketing Cookies

Used for personalized content and advertising (with your consent).

You can manage your cookie preferences through our cookie banner or browser settings. For more details, visit our Cookie Policy.

8. Your Rights Under GDPR

If you are located in the European Union, United Kingdom, or other jurisdictions with similar privacy laws, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you.

Right to Erasure

Request deletion of your personal data from our systems.

Right to Rectification

Request correction of inaccurate personal data.

Right to Portability

Request your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or marketing.

Right to Restrict Processing

Request limitation of processing in certain circumstances.

To exercise any of these rights, please contact our Data Protection Officer at hello@resumeloom.com or use our privacy dashboard.

9. California Privacy Rights (CCPA/CPRA)

Annual Notice to California Residents

This notice was last updated on 1/1/2025 and will be reviewed annually.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know

You can request information about the categories and specific pieces of personal information we collect, use, disclose, and sell.

Right to Delete

You can request deletion of your personal information, subject to certain exceptions.

✅ Right to Opt-Out - Already Protected!

You have the right to opt-out of the sale or sharing of your personal information.

✅ GOOD NEWS: ResumeLoom does NOT and will NEVER sell or share your personal information for commercial purposes.

This right is already fully protected by our privacy practices. No opt-out needed!

Right to Correct

You can request correction of inaccurate personal information.

Right to Limit Use of Sensitive Personal Information

You can limit the use of sensitive personal information to certain purposes.

Right to Non-Discrimination

You will not be discriminated against for exercising your privacy rights.

Categories of Information We Collect

  • Identifiers (name, email, IP address)
  • Professional information (employment history, education)
  • Internet activity (browsing behavior on our site)
  • Geolocation data (approximate location based on IP)
  • Inferences (preferences and characteristics)

To exercise your CCPA rights, email hello@resumeloom.com. You may also designate an authorized agent to make requests on your behalf.

10. Other US State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights to those described above. Please contact hello@resumeloom.com to exercise your rights under applicable state law.

11. Data Security

Security Measures

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Secure authentication with bcrypt password hashing
  • Regular security audits and penetration testing
  • Access controls and role-based permissions
  • Multi-factor authentication available
  • Regular security training for our team
  • Secure data centers with SOC 2 compliance

12. Data Breach Notification

Our Breach Response Commitment

In the unlikely event of a data breach that affects your personal information:

  1. Immediate Assessment: We will assess the breach within 24 hours of discovery
  2. User Notification: Affected users will be notified within 72 hours via:
    • Email to your registered email address
    • Prominent notice on our website
    • In-app notification for active users
  3. Regulatory Reporting: We will notify relevant authorities as required by law
  4. Information Provided: Our notification will include:
    • Nature of the breach and data affected
    • Steps we're taking to address it
    • Recommended actions for you to take
    • Contact information for questions
  5. Ongoing Support: We will provide credit monitoring services if financial data is compromised

13. Data Retention

We retain your personal data only for as long as necessary to provide our services and comply with legal obligations. Our retention periods are:

Data TypeRetention Period
Account dataUntil account deletion + 30 days
Resume dataUntil manually deleted or account closure
Payment records7 years (legal requirement)
Session data30 days after last activity
Analytics data2 years (anonymized after 6 months)
Security logs1 year

14. International Data Transfers

ResumeLoom operates globally. Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses for EU-US data transfers
  • Adequacy decisions where applicable
  • Encryption and security measures for all transfers
  • Data processing agreements with all third-party processors

15. Third-Party Services

We use carefully selected third-party services to provide and improve our platform:

AI Services

  • Third-party AI providers for content enhancement
  • AI services for resume analysis and optimization
  • Natural language processing services

Infrastructure

  • Vercel (Hosting)
  • PostgreSQL (Database)
  • Cloudflare R2 (Storage)

Business Services

  • Stripe (Payments)
  • Resend (Email)
  • PostHog (Analytics)

Authentication

  • NextAuth.js
  • Google OAuth

🛡️ Third-Party Data Protection

  • • All third-party services are bound by strict data processing agreements
  • • They can only use your data to provide services to ResumeLoom
  • We do NOT sell, share, or provide your personal information to third parties for their own commercial use
  • • Third parties cannot use your data for advertising, marketing, or other purposes outside of providing our service

16. Contact Information & Data Protection Officers

General Privacy Inquiries

Email: hello@resumeloom.com
General: hello@resumeloom.com

Data Protection Officer (DPO)

Email: hello@resumeloom.com

EU/UK Representative

Email: hello@resumeloom.com

California Privacy Rights

Email:hello@resumeloom.com

17. Changes to This Policy

Update Notification Process

We may update this Privacy Policy from time to time. When we make material changes:

  1. Email Notification: We will send an email to all registered users at least 30 days before the changes take effect
  2. Dashboard Alert: A prominent notice will appear in your account dashboard
  3. Website Banner: A notification banner will be displayed on our website
  4. Consent for Material Changes: For significant changes affecting your rights, we may request your explicit consent

The "Effective Date" at the top of this policy indicates when it was last revised. We encourage you to review this policy periodically.

Annual Review: This Privacy Policy is reviewed annually (last review: 1/1/2025) to ensure compliance with evolving privacy laws and best practices.

18. Additional Information for Specific Jurisdictions

🇦🇺 Australia

Australian users have rights under the Privacy Act 1988. For complaints, contact the Office of the Australian Information Commissioner.

🇨🇦 Canada

Canadian users have rights under PIPEDA. You may withdraw consent at any time, subject to legal restrictions.

🇧🇷 Brazil

Brazilian users have rights under LGPD similar to GDPR rights described above.

← Back to Home
Terms of ServiceCookie Policy