Privacy Policy

Effective Date: July 11, 2025
Last Updated: July 11, 2025

1. Who We Are

ResumAI ("we", "us", or "our") is a software-as-a-service platform that helps recruiters and companies extract structured data from resumes and CVs. We are committed to protecting your privacy and complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

2. What Personal Data We Collect

We collect and process the following categories of personal data:

a) User Account Data

  • Full name
  • Email address (used as login)
  • Country and city
  • Industry, company, and role

b) Resume and CV Data

When users upload resumes, we extract and temporarily store:

  • Candidate personal information (e.g., name, email, work history, education, skills)
  • Any other content present in the documents

Important: You must have lawful authority to upload resumes. When uploading on behalf of others, you are responsible for ensuring all necessary consents have been obtained. A confirmation checkbox is required before upload.

c) Technical and Usage Data

  • IP address
  • Browser and device type (anonymized, if collected)
  • Platform usage patterns (for quality and debugging purposes)

3. How We Use Personal Data

We use personal data for the following purposes:

  • To operate, maintain, and improve the ResumAI platform
  • To process and extract information from uploaded resumes
  • To perform quality control and system diagnostics (resume data is retained up to 7 days)
  • To provide customer support and respond to inquiries
  • To meet legal and regulatory obligations

4. Legal Basis for Processing

We rely on the following legal grounds to process data:

  • Performance of a contract – when delivering services to registered users (Art. 6(1)(b) GDPR)
  • Legitimate interest – to maintain and improve the platform (Art. 6(1)(f) GDPR)
  • Consent – when users upload personal data of third parties (Art. 6(1)(a) GDPR)

5. Data Retention

  • Resume and CV data: Stored for up to 7 days for processing and quality assurance
  • User account data: Retained during active use. After 3 months of inactivity, data is archived (soft-deleted). After another 3 months, it is permanently deleted
  • Users may initiate data deletion at any time via the dashboard ("Purge" button). Data is soft-deleted for 7 days before permanent erasure

6. Data Sharing and Subprocessors

We use trusted third-party services to deliver our platform:

  • Hosting: Hetzner Online GmbH (Germany – GDPR-compliant)
  • AI Processing: Claude API by Anthropic (data is transferred outside the EU under approved safeguards)

We never sell your data to third parties.

7. International Data Transfers

Personal data processed by Claude may be transferred outside the European Economic Area (EEA). When this occurs, we rely on safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Your Rights Under GDPR

You have the right to:

  • Access your data
  • Correct inaccurate or outdated data
  • Delete your data ("right to be forgotten")
  • Restrict or object to data processing
  • Request data portability
  • Withdraw consent at any time (where applicable)

You can exercise these rights via your account dashboard or by emailing us at privacy@resumai.eu.

9. Security Measures

We apply appropriate technical and organizational security measures, including:

  • Encryption of data at rest and in transit
  • Role-based access controls
  • Routine system monitoring and audits

10. Contact Information

Data Controller: ResumAI
Email: privacy@resumai.eu
Business Address: [To be updated once established]

You may also contact your national data protection authority. In Portugal, this is the CNPD: www.cnpd.pt.

11. Changes to This Policy

We may update this Privacy Policy occasionally. Material changes will be communicated via email or platform notification. The "Effective Date" will reflect the latest version.