Privacy Policy
Effective Date: May 21, 2026 Last Updated: June 6, 2026
ResumeFix ("we," "us," or "our") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal data when you use https://resumefix.pro (the "Service").
This Policy complies with the EU General Data Protection Regulation (GDPR) and applies to all users worldwide.
1. Data Controller
The data controller responsible for your personal data is:
ResumeFix (individual entrepreneur, Ukraine) Email: support@resumefix.pro
2. What Data We Collect
2.1 Resume Content (NOT STORED)
When you use the Service, you submit resume text or upload a PDF. This content is NOT stored on our servers. It is transmitted directly to our AI provider (Anthropic) for processing and is not retained in our database. The response is returned to you and discarded from our systems after delivery.
Anthropic may temporarily retain API requests for up to 30 days for abuse monitoring and safety purposes, in accordance with their own privacy policy. After this period, Anthropic deletes the content. We have no access to Anthropic's logs.
2.2 Account Data (if you register)
If you create an account, we collect:
- Your email address (from Google OAuth or magic link signup)
- Your credit balance
- Account creation timestamp
We do NOT store: passwords (authentication is handled by Supabase Auth and Google OAuth), profile pictures, names, or any other personal details beyond email.
2.3 Usage Data
For each enhancement, we log:
- Which mode was used (e.g., "strong_wording", "ats")
- How many credits were consumed
- Timestamp of the request
We do NOT log the content of the resume, the AI output, or job descriptions.
2.4 Payment Data
Payment processing is handled entirely by Verifone Payments B.V. (doing business as 2Checkout), our Merchant of Record. We do NOT receive, store, or have access to your credit card numbers, bank details, or full billing information. From 2Checkout (Verifone), we receive only:
- Confirmation of successful payment
- Order reference / transaction ID
- Email associated with the purchase
- Pack purchased and amount
2.5 IP Address and Anti-Abuse Data
For anonymous users (no account), we track IP addresses to enforce the three-free-uses limit and to apply rate limiting. Specifically, we store:
- Your IP address
- Number of free uses consumed
- Timestamps of first and most recent use
IP addresses for anonymous users are stored indefinitely for anti-abuse purposes but may be deleted upon request.
2.6 Technical Data
We collect minimal technical data necessary for service operation:
- Browser type and version (via standard HTTP headers)
- Request timestamps
- Error logs (without personal content)
We do NOT use third-party analytics services, advertising trackers, or behavioral profiling.
2.7 Cookies and Local Storage
We do not use HTTP cookies on our domain for tracking purposes. We rely on browser localStorage for the following strictly necessary and functional purposes:
| Stored Item | Purpose | Category | Retention |
|---|---|---|---|
| Authentication session (JWT) | Keep you logged in between visits; managed by Supabase Auth | Strictly necessary | Until logout or token expiry |
| Selected interface language | Remember your language preference | Functional | Until cleared by user |
| Local credit count | Display your balance in the UI (authoritative count is server-side) | Functional | Until cleared by user |
| Free uses counter | Display remaining free uses for anonymous visitors (authoritative count is server-side, tracked by IP) | Functional | Until cleared by user |
We do NOT use:
- Tracking cookies
- Third-party advertising cookies
- Cross-site tracking
- Behavioral analytics
- Browser fingerprinting
Because we only use storage that is strictly necessary for the Service to function or that reflects preferences you have actively set, no cookie consent banner is displayed under the ePrivacy Directive and GDPR (see EDPB Guidelines 05/2020 on consent, paragraph 86).
When you sign in with Google, Google may set its own cookies on its domain (google.com / accounts.google.com). These are governed by Google's own privacy policy and are only set after you actively initiate the sign-in flow.
When payment processing is initiated via 2Checkout (Verifone), 2Checkout may set its own cookies on its checkout domain. These are governed by 2Checkout's (Verifone's) privacy policy.
3. Legal Bases for Processing (GDPR)
We process your data under the following legal bases:
- Contract performance (Article 6(1)(b) GDPR): To provide the Service you requested, process payments, and deliver enhancements.
- Legitimate interest (Article 6(1)(f) GDPR): To prevent abuse, maintain service security, and enforce free-use limits.
- Legal obligation (Article 6(1)(c) GDPR): To comply with tax, accounting, and consumer protection laws.
- Consent (Article 6(1)(a) GDPR): Where you explicitly opt in (e.g., for any future marketing communications).
4. How We Use Your Data
We use collected data exclusively to:
- Provide the resume enhancement Service
- Process and confirm payments
- Enforce usage limits and prevent abuse
- Communicate transactional information (purchase confirmations, account notifications)
- Comply with legal obligations
- Maintain service security and integrity
We do NOT:
- Sell your data to third parties
- Use your data for advertising or marketing without consent
- Profile you for behavioral advertising
- Train AI models on your data
5. Third-Party Service Providers
We use a small number of carefully selected service providers ("processors") to operate the Service. Each acts on our instructions under a Data Processing Agreement (DPA) or equivalent contractual safeguards, in accordance with GDPR Article 28.
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Anthropic, PBC (Claude AI) | AI processing of submitted resumes | Resume text and job descriptions (not retained by us; see Section 2.1) | United States |
| Supabase Inc. | Database, authentication, server-side functions | Account email, credit balance, usage metadata, anonymous IP counters | European Union (Frankfurt) |
| Verifone Payments B.V. (dba 2Checkout) | Payment processing (Merchant of Record) | Transaction data, payer email, billing country | Netherlands (European Union) |
| Google LLC | OAuth authentication (only if you choose Google sign-in) | Email address | United States |
For providers located outside the EU/EEA, transfers are governed by Standard Contractual Clauses approved by the European Commission, as described in Section 6 (International Data Transfers).
We do not share your personal data with any other third parties for their own purposes. We do not sell personal data. You may request an up-to-date list of our processors at any time by contacting support@resumefix.pro.
6. International Data Transfers
Some of our service providers are located outside the European Union (e.g., Anthropic in the United States). When data is transferred outside the EU/EEA, we rely on:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions where applicable
- Other safeguards as required by GDPR
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Resume content | Not stored (Anthropic retains for up to 30 days) |
| Account email | Until account deletion |
| Usage metadata (mode, credits, timestamp) | Until account deletion or 3 years, whichever is longer (for tax/accounting purposes) |
| Transaction records | 7 years (legal requirement) |
| Anonymous IP usage counters | Indefinitely (anti-abuse), deleted on request |
8. Your Rights (GDPR)
If you are located in the EU/EEA, you have the following rights:
- Right to access — request a copy of the personal data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — request deletion of your personal data
- Right to restriction — limit how we process your data
- Right to portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — where processing is based on consent
- Right to lodge a complaint — with your local data protection authority
To exercise any of these rights, email us at support@resumefix.pro. We will respond within 30 days.
You also have the right to lodge a complaint with the supervisory authority in your country of residence.
9. Data Security
We implement reasonable security measures to protect your data:
- All connections to the Service use HTTPS encryption
- Authentication is handled by Supabase using industry-standard JWT tokens
- Database access is protected by Row Level Security policies
- AI API keys are stored in secure server-side secrets, never exposed to clients
- Rate limiting and abuse detection mechanisms are in place
No system is 100% secure. We will notify affected users without undue delay in the event of a data breach involving personal data, in accordance with GDPR Article 33.
10. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If we learn we have collected data from a person under 18, we will delete it promptly. Parents or guardians who believe their child has provided data may contact us at support@resumefix.pro.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email to registered users. The "Last Updated" date at the top reflects the most recent revision. Continued use of the Service after updates constitutes acceptance.
12. Contact
For any questions about this Privacy Policy or how we handle your data:
Email: support@resumefix.pro Website: https://resumefix.pro
