Home

Privacy Policy

Last updated: June 20, 2026

This Privacy Policy explains what personal information Resume Bestie ("we," "our," "us") collects, why we collect it, how we use and share it, and the choices and rights you have. It applies to the Resume Bestie website and app (the "Service"). If you do not agree, please do not use the Service.

1. Information We Collect

Account information. Name (optional), email, password hash, OAuth identifiers (e.g., Google sub) if you sign in with a provider, and any avatar URL the provider returns.

Profile & resume content. Resumes you upload or create, job descriptions you paste in, cover letters, interview notes, and any other Content you submit.

Billing information. Stripe customer ID, subscription status, plan, period end, and last four digits / brand of your card. We never see or store your full card number — Stripe processes payments directly.

Usage data. Pages viewed, features used, AI prompts and responses associated with your Account, error logs, IP address, browser, device, approximate location (city/region), and timestamps.

Cookies & similar tech. See the Cookie Policy.

2. How We Use Your Information

  • Provide, secure, and improve the Service (including AI tailoring, ATS scoring, exports).
  • Process payments, manage subscriptions, and prevent fraud.
  • Communicate with you about your Account, security alerts, and product changes.
  • Respond to support requests.
  • Comply with legal obligations and enforce our Terms.
  • Generate aggregated, de-identified analytics to improve the Service.

We do not sell your personal information, and we do not use your Content to train third-party foundation models. See the AI Agreement.

3. Legal Bases (GDPR / UK GDPR)

If you're in the EEA, UK, or Switzerland, our legal bases are: (a) contract — to provide the Service you signed up for; (b) legitimate interests — to secure, improve, and market the Service in a privacy-respectful way; (c) consent — for optional analytics and marketing cookies; (d) legal obligation — for tax, accounting, and compliance.

4. Sharing & Sub-Processors

We share personal information only with vendors that help us run the Service, bound by data-protection contracts:

  • Supabase — authentication, database, and file storage (US/EU).
  • Stripe — payment processing (global).
  • Lovable AI Gateway — LLM inference for AI features. Prompts and outputs are processed to deliver responses; the gateway does not use your Content to train third-party foundation models.
  • Cloudflare — hosting, CDN, and DDoS protection.
  • Email delivery providers — transactional emails (e.g., password resets, receipts).

We may disclose information when required by law, to protect our rights and users' safety, or in connection with a merger, acquisition, or sale of assets (with notice to you where legally required).

5. International Transfers

We are based in the United States. When we transfer personal data out of the EEA, UK, or Switzerland, we use Standard Contractual Clauses or another lawful transfer mechanism.

6. Data Retention

  • Account & profile: kept while your Account is active and for up to 30 days after deletion.
  • Resume Content & AI history: kept while your Account is active; deleted within 30 days of Account deletion (or sooner if you delete specific items).
  • Billing records: kept for at least 7 years to meet tax and accounting obligations.
  • Server logs: typically 30–90 days.

7. Your Rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to processing or withdraw consent. To exercise any of these rights, email support@resumebestie.com. You can also delete most of your data directly from your Account settings. We will respond within the time required by applicable law (typically 30 days). You have the right to lodge a complaint with your local data-protection authority.

8. Security

We use encryption in transit (TLS) and at rest, role-based access controls, audited service-role keys, and Row-Level Security on the database. No method of transmission or storage is 100% secure, but we work hard to protect your data and notify you of material incidents as required by law.

9. Minors (Students Using the Service)

The Service is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us personal information, contact support@resumebestie.com and we will delete it.

Users aged 13–17 may use the Service with a parent or guardian's permission. When a teen builds a resume in Student Mode, we collect only what is needed to produce that resume — for example, name, email, city/state (optional), school name, grade, graduation year, GPA (optional), clubs, sports, volunteer activities, life-experience descriptions, and skills. We do not ask for date of birth, Social Security number, home street address, parent contact details, or any sensitive category of personal information. We do not run targeted advertising, we do not sell or "share" minors' personal information for cross-context behavioral advertising, and we do not allow Student Mode content to be used to train third-party foundation models (see the AI Agreement).

Parents or legal guardians of a user aged 13–17 may request to review, correct, or delete their child's information at any time by emailing support@resumebestie.com from an address we can reasonably verify, with the subject line "Parent Request." Plain-language details for parents live in the Student & Parent Guide.

Family plan profiles. On the Family plan, the account holder (parent or guardian) creates up to two additional profiles within their single account for kids or other household members. These profiles do not have their own login — the parent controls all data under the account, switches between profiles from the dashboard, and may delete any profile (and its resumes) at any time. Deleting the parent's account deletes every profile and resume under it. All account communications go to the parent's email on file; we never email child profiles directly.

10. California Privacy (CCPA/CPRA)

California residents have the right to know what personal information we collect, request deletion, request correction, opt out of "sale" or "sharing" (we do neither), and not be discriminated against for exercising these rights. To make a request, email support@resumebestie.com with the subject line "California Privacy Request."

11. Changes

We will update this Policy from time to time and post the new "Last updated" date. Material changes will be notified by email or in-app notice.

12. Contact

Privacy questions or requests: support@resumebestie.com

This document is a first-draft template. Have it reviewed by qualified legal counsel before relying on it.