ResuMax: the AI job-search copilot for tech

1. Who we are

ResuMax is an AI-powered resume builder and job-search assistant operated out of Toronto, Canada. This policy explains what data we collect when you use the service at resumax.ai, how we use that data, and the third parties that touch it.

2. What we collect

We collect three kinds of data:

Account data. Your name, email, and profile photo when you sign in with Google or Microsoft. We never see your password.
Resume content. Everything you type, paste, or upload, including PDF resumes you upload for parsing, job descriptions you paste in for tailoring, and the AI-generated drafts we produce on your behalf.
Usage data. Standard server logs including IP address, browser type, page paths, and timestamps. We use this to debug issues and understand which features people use.

We do not ask for and do not store your payment card details. Payment information is handled entirely by Stripe (see below).

3. How we use it

To provide the service: building, reviewing, tailoring, and exporting your resumes and cover letters.
To run AI features: your resume content is sent to OpenAI to generate bullet rewrites, summaries, ATS scoring, and interview-prep questions.
To process subscriptions and renewals through Stripe.
To send account-related email (sign-in links, receipts, product updates you've opted into).
To improve the product by analyzing aggregate usage patterns. We do not train models on your resume content.

4. Third parties we share data with

ResuMax relies on a small set of vendors to operate. We share data with them only to the extent each one needs to do its job:

Supabase hosts our Postgres database and authentication. Your account data and resume content live in tables Supabase manages on our behalf.
OpenAI processes resume content, job descriptions, and prompts when you use AI features. OpenAI's API terms state they do not train models on data sent through their API.
Stripe handles payment processing, subscriptions, and billing. They receive your name, email, and payment details directly; we receive only enough to manage your plan status.
Google and Microsoft receive a sign-in request when you authenticate through them and send us back your basic profile (name, email, picture).

We do not sell your personal data, and we do not share it with advertisers or data brokers.

5. Data retention and deletion

We keep your account and resume data for as long as your account is active. You can delete individual resumes from your dashboard at any time. To delete your entire account and everything associated with it, email support at swerikcode@gmail.com and we will remove your data within 14 days. Anonymized usage logs may persist longer for security and abuse-prevention purposes.

6. Your rights

Depending on where you live (GDPR for the EU, CCPA for California, PIPEDA for Canada), you have rights to:

Access the personal data we hold about you.
Correct inaccurate data.
Delete your account and associated data.
Receive a portable copy of your data in a common format.
Object to specific kinds of processing, or withdraw consent.

To exercise any of these rights, email swerikcode@gmail.com. We respond within 30 days.

7. Security

Data is encrypted in transit (TLS) and at rest in our database. Access to production data is limited to the small team that operates the service and is logged. We rotate credentials regularly and use industry-standard authentication for all admin access.

8. Cookies

We use a small number of first-party cookies to keep you signed in and to remember your preferences. We do not use third-party advertising cookies. If we add analytics in the future, we will update this policy and provide an opt-out.

9. International transfers

ResuMax operates from Canada, and our vendors process data in the United States and the European Union. By using the service you consent to your data being processed in these regions subject to standard contractual protections.

10. Minors

ResuMax is intended for users 16 and older. We do not knowingly collect data from anyone younger. If you believe a minor has created an account, contact us and we will delete it.

11. Changes to this policy

We will update this page when our data practices change. Material changes will be announced via email to active accounts at least 30 days before they take effect.

12. Contact

Questions, requests, or concerns: swerikcode@gmail.com.

Privacy Policy