ResumeFix logo

ResumeFix

Terms of ServicePrivacy PolicyRefund Policy

Privacy Policy

Effective Date: May 21, 2026 Last Updated: June 6, 2026

ResumeFix ("we," "us," or "our") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal data when you use https://resumefix.pro (the "Service").

This Policy complies with the EU General Data Protection Regulation (GDPR) and applies to all users worldwide.


1. Data Controller

The data controller responsible for your personal data is:

ResumeFix (individual entrepreneur, Ukraine) Email: support@resumefix.pro

2. What Data We Collect

2.1 Resume Content (NOT STORED)

When you use the Service, you submit resume text or upload a PDF. This content is NOT stored on our servers. It is transmitted directly to our AI provider (Anthropic) for processing and is not retained in our database. The response is returned to you and discarded from our systems after delivery.

Anthropic may temporarily retain API requests for up to 30 days for abuse monitoring and safety purposes, in accordance with their own privacy policy. After this period, Anthropic deletes the content. We have no access to Anthropic's logs.

2.2 Account Data (if you register)

If you create an account, we collect:

  • Your email address (from Google OAuth or magic link signup)
  • Your credit balance
  • Account creation timestamp

We do NOT store: passwords (authentication is handled by Supabase Auth and Google OAuth), profile pictures, names, or any other personal details beyond email.

2.3 Usage Data

For each enhancement, we log:

  • Which mode was used (e.g., "strong_wording", "ats")
  • How many credits were consumed
  • Timestamp of the request

We do NOT log the content of the resume, the AI output, or job descriptions.

2.4 Payment Data

Payment processing is handled entirely by Verifone Payments B.V. (doing business as 2Checkout), our Merchant of Record. We do NOT receive, store, or have access to your credit card numbers, bank details, or full billing information. From 2Checkout (Verifone), we receive only:

  • Confirmation of successful payment
  • Order reference / transaction ID
  • Email associated with the purchase
  • Pack purchased and amount

2.5 IP Address and Anti-Abuse Data

For anonymous users (no account), we track IP addresses to enforce the three-free-uses limit and to apply rate limiting. Specifically, we store:

  • Your IP address
  • Number of free uses consumed
  • Timestamps of first and most recent use

IP addresses for anonymous users are stored indefinitely for anti-abuse purposes but may be deleted upon request.

2.6 Technical Data

We collect minimal technical data necessary for service operation:

  • Browser type and version (via standard HTTP headers)
  • Request timestamps
  • Error logs (without personal content)

We do NOT use third-party analytics services, advertising trackers, or behavioral profiling.

2.7 Cookies and Local Storage

We do not use HTTP cookies on our domain for tracking purposes. We rely on browser localStorage for the following strictly necessary and functional purposes:

Stored ItemPurposeCategoryRetention
Authentication session (JWT)Keep you logged in between visits; managed by Supabase AuthStrictly necessaryUntil logout or token expiry
Selected interface languageRemember your language preferenceFunctionalUntil cleared by user
Local credit countDisplay your balance in the UI (authoritative count is server-side)FunctionalUntil cleared by user
Free uses counterDisplay remaining free uses for anonymous visitors (authoritative count is server-side, tracked by IP)FunctionalUntil cleared by user

We do NOT use:

  • Tracking cookies
  • Third-party advertising cookies
  • Cross-site tracking
  • Behavioral analytics
  • Browser fingerprinting

Because we only use storage that is strictly necessary for the Service to function or that reflects preferences you have actively set, no cookie consent banner is displayed under the ePrivacy Directive and GDPR (see EDPB Guidelines 05/2020 on consent, paragraph 86).

When you sign in with Google, Google may set its own cookies on its domain (google.com / accounts.google.com). These are governed by Google's own privacy policy and are only set after you actively initiate the sign-in flow.

When payment processing is initiated via 2Checkout (Verifone), 2Checkout may set its own cookies on its checkout domain. These are governed by 2Checkout's (Verifone's) privacy policy.

3. Legal Bases for Processing (GDPR)

We process your data under the following legal bases:

  • Contract performance (Article 6(1)(b) GDPR): To provide the Service you requested, process payments, and deliver enhancements.
  • Legitimate interest (Article 6(1)(f) GDPR): To prevent abuse, maintain service security, and enforce free-use limits.
  • Legal obligation (Article 6(1)(c) GDPR): To comply with tax, accounting, and consumer protection laws.
  • Consent (Article 6(1)(a) GDPR): Where you explicitly opt in (e.g., for any future marketing communications).

4. How We Use Your Data

We use collected data exclusively to:

  • Provide the resume enhancement Service
  • Process and confirm payments
  • Enforce usage limits and prevent abuse
  • Communicate transactional information (purchase confirmations, account notifications)
  • Comply with legal obligations
  • Maintain service security and integrity

We do NOT:

  • Sell your data to third parties
  • Use your data for advertising or marketing without consent
  • Profile you for behavioral advertising
  • Train AI models on your data

5. Third-Party Service Providers

We use a small number of carefully selected service providers ("processors") to operate the Service. Each acts on our instructions under a Data Processing Agreement (DPA) or equivalent contractual safeguards, in accordance with GDPR Article 28.

ProviderPurposeData SharedLocation
Anthropic, PBC (Claude AI)AI processing of submitted resumesResume text and job descriptions (not retained by us; see Section 2.1)United States
Supabase Inc.Database, authentication, server-side functionsAccount email, credit balance, usage metadata, anonymous IP countersEuropean Union (Frankfurt)
Verifone Payments B.V. (dba 2Checkout)Payment processing (Merchant of Record)Transaction data, payer email, billing countryNetherlands (European Union)
Google LLCOAuth authentication (only if you choose Google sign-in)Email addressUnited States

For providers located outside the EU/EEA, transfers are governed by Standard Contractual Clauses approved by the European Commission, as described in Section 6 (International Data Transfers).

We do not share your personal data with any other third parties for their own purposes. We do not sell personal data. You may request an up-to-date list of our processors at any time by contacting support@resumefix.pro.

6. International Data Transfers

Some of our service providers are located outside the European Union (e.g., Anthropic in the United States). When data is transferred outside the EU/EEA, we rely on:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Other safeguards as required by GDPR

7. Data Retention

Data TypeRetention Period
Resume contentNot stored (Anthropic retains for up to 30 days)
Account emailUntil account deletion
Usage metadata (mode, credits, timestamp)Until account deletion or 3 years, whichever is longer (for tax/accounting purposes)
Transaction records7 years (legal requirement)
Anonymous IP usage countersIndefinitely (anti-abuse), deleted on request

8. Your Rights (GDPR)

If you are located in the EU/EEA, you have the following rights:

  • Right to access — request a copy of the personal data we hold about you
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — request deletion of your personal data
  • Right to restriction — limit how we process your data
  • Right to portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — where processing is based on consent
  • Right to lodge a complaint — with your local data protection authority

To exercise any of these rights, email us at support@resumefix.pro. We will respond within 30 days.

You also have the right to lodge a complaint with the supervisory authority in your country of residence.

9. Data Security

We implement reasonable security measures to protect your data:

  • All connections to the Service use HTTPS encryption
  • Authentication is handled by Supabase using industry-standard JWT tokens
  • Database access is protected by Row Level Security policies
  • AI API keys are stored in secure server-side secrets, never exposed to clients
  • Rate limiting and abuse detection mechanisms are in place

No system is 100% secure. We will notify affected users without undue delay in the event of a data breach involving personal data, in accordance with GDPR Article 33.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If we learn we have collected data from a person under 18, we will delete it promptly. Parents or guardians who believe their child has provided data may contact us at support@resumefix.pro.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email to registered users. The "Last Updated" date at the top reflects the most recent revision. Continued use of the Service after updates constitutes acceptance.

12. Contact

For any questions about this Privacy Policy or how we handle your data:

Email: support@resumefix.pro Website: https://resumefix.pro

© 2026 ResumeFix
Pricing·Terms of Service·Privacy Policy·Refund Policy
Edit with