Privacy Policy

Our service is local-first. By default, every resume you create, every keystroke you type, every style change you make, and every API key you supply lives only in your own browser's storage. We do not receive it.

Cloud sync is opt-in and optional. Only when you sign in and explicitly enable cloud sync do we transmit and store your resume content on our servers so you can continue editing on other devices. We do not analyse it, sell it, or use it to train any machine-learning model.

Public sharing is optional. We store a resume for sharing only when you choose to create or update a share link.

Without signing in, resume content, style preferences, AI provider settings, and UI preferences are stored only in this browser's IndexedDB via localForage.

Clearing browser data, using private mode, or switching browsers can delete or hide this data. We cannot recover it.

Signing in is optional and only happens when you choose to use it. We use Google as our sign-in provider via the standard OpenID Connect scopes openid, profile, and email. We do not request access to Gmail, Google Calendar, Google Drive, Contacts, or any other Google service or API.

Google user data we access and receive: your Google Account's unique identifier, name (given name and family name when provided), primary email address, email-verification status, profile picture URL, and the OAuth tokens required to complete and maintain sign-in. We do not receive your Google password, contacts, Gmail messages, Drive files, Calendar events, or any other content from your Google Account.

How we use this Google user data: we use it solely to (a) authenticate you and create or link your account with us, (b) let you sign back in to reach your cloud-synced resumes and share links, (c) display your name and avatar inside the application so you can confirm which account is signed in, and (d) send necessary account, service, or support emails to the address Google shared with us. OAuth tokens are used only for sign-in and session maintenance; we do not use them to call Gmail, Drive, Calendar, Contacts, or other Google APIs. We do not use Google user data for advertising, profiling, or analytics; we do not sell or rent it; and we do not use it to train, fine-tune, or improve any generic or third-party machine-learning model. Google user data is not shared with humans on our team except when you explicitly ask for support, when required by law, or when limited access is necessary to investigate a security incident. Our infrastructure and email service providers may process this data only as needed to operate our service.

Storage, retention, and revocation: the Google account identifier, name, email address, email-verification status, profile picture URL, and OAuth account records are stored on our servers alongside your account record and kept while the account exists. You can revoke our access to your Google Account at any time at https://myaccount.google.com/permissions; revocation prevents future Google authorization unless you grant access again, but it does not by itself delete your account records with us or necessarily end an active session. To end the current session, sign out of the application. To delete the server-side account record, including data received from Google, write to privacy@resumes.im and we will erase it within 30 days.

After you sign in and accept cloud sync, existing local resumes in that browser are uploaded once, then future edits are saved on our servers and can be used on your other devices. The local copy on that browser is treated as cache for your signed-in account, not as a new anonymous draft.

Signing out does not delete the server-side cloud copy. After sign-out, cloud-synced account resumes should not be shown as anonymous local resumes on that device; signing back in with the same account can restore them from cloud sync.

We store only what is needed for the feature: resume content, title, style settings, timestamps, and the account identity and authentication records described in section 3.

Sharing is separate from cloud sync. When you publish or save a share link, we store the resume content, title, style, paper size, visibility status, and account ownership needed to serve that link.

If a share is public, anyone with the link can view it. Making it private stops public access to that share page, but the server-side share record may remain so you can manage or republish it while signed in. Signing out does not automatically delete existing share links.

Built-in AI sends the relevant resume content through our Cloudflare Worker to the configured model provider. Bring-your-own AI sends content directly from your browser to the provider you configured.

We do not log, retain, analyse, or train on resume content sent through Built-in AI. Provider terms still apply. Google user data described in section 3 is never sent to any AI provider.

We will not sell your data, use resume content or Google user data to train machine-learning models, show advertising, or read your resume manually except when you ask for help or a security incident requires limited investigation.

You can sign out from the menu in the top-right corner. Signing out removes the current session; it does not delete server-side cloud-sync data or share records. You can also revoke our access to your Google Account at https://myaccount.google.com/permissions, make shares private, clear browser data, or export any resume to PDF locally. To delete your account, write to privacy@resumes.im and we will erase server-side records, including Google user data and authentication records, within 30 days.

We set one HTTP-only session cookie when you are signed in. We do not use analytics cookies, tracking pixels, advertising identifiers, or third-party trackers.

Our service is not directed at children under 13. If you believe a child has used the service, contact us and we will remove the data.

If this policy changes materially, signed-in users will be prompted to review the new version before the next cloud-sync write.

Questions, requests, or complaints: privacy@resumes.im.