Privacy Policy

Last updated: March 1, 2026

1. Introduction

Resume Annex (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered resume optimization and job discovery service (“Service”).

By using our Service, you agree to the collection and use of information in accordance with this policy. If you disagree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: Email address, display name, and password (or OAuth tokens if you sign in via Google or LinkedIn).
  • Resume content: The PDF, DOCX, or TXT files you upload, and the parsed and optimized versions we generate.
  • Target role and industry: The job title or industry you provide to guide optimization.
  • Feedback and notes: Any natural language feedback you provide on resume suggestions or job application notes.
  • Payment information: Processed securely by Stripe. We do not store card numbers on our servers.

2.2 Information We Collect Automatically

  • Usage data: Pages viewed, features used, optimization count, and job discovery events.
  • Device and browser data: IP address, browser type, operating system, and referring URL.
  • Cookies and local storage: Session tokens and authentication state managed by Supabase Auth.

2.3 AI Displacer Data (Optional, Consent Required)

If you explicitly opt in, we collect anonymized, aggregated signals about career transitions (e.g., role transitions, industries) to build workforce intelligence products. This data:

  • Contains no personally identifiable information (no name, email, or resume text)
  • Cannot be linked back to you individually
  • May be included in aggregated enterprise data products sold to HR firms, investors, and governments
  • Can be withdrawn at any time from Account Settings

3. How We Use Your Information

  • Provide, operate, and improve the Service
  • Generate AI-optimized versions of your resume using the Anthropic Claude API
  • Discover and rank job matches using your resume as a matching key
  • Send transactional emails (job alerts, optimization complete, billing receipts)
  • Process payments via Stripe
  • Monitor service health and prevent fraud and abuse
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal data. We share your information only with:

  • Anthropic: Resume content is sent to the Claude API for optimization. Anthropic’s data use is governed by their API usage policy.
  • OpenAI: Resume text is sent to generate embeddings for semantic job matching.
  • Supabase: Database and authentication hosting.
  • AWS S3: Encrypted file storage for your uploaded and generated resumes.
  • Stripe: Payment processing.
  • Resend: Transactional email delivery.
  • PostHog: Product analytics (anonymized usage data).
  • Sentry: Error monitoring (may include sanitized request context).
  • Legal authorities: When required by law or to protect our rights.

5. Data Security

We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for resume files at rest on AWS S3
  • Row-Level Security (RLS) on all database tables — you can only access your own data
  • Rate limiting on all API endpoints to prevent abuse
  • Input sanitization and prompt injection guards on all AI calls

No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we work hard to protect your information.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g., billing records for 7 years per accounting requirements).

7. Your Rights (GDPR & CCPA)

Depending on your location, you have the right to:

  • Access: Request a copy of all data we hold about you (via Account Settings → Export All Data)
  • Rectification: Correct inaccurate personal data
  • Erasure: Delete your account and all associated data (via Account Settings → Delete My Account)
  • Portability: Receive your data in a machine-readable format (JSON export)
  • Objection: Opt out of AI Displacer data capture at any time in Account Settings
  • Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any right not available through Account Settings, contact us at privacy@resumeannex.ai.

8. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to Know: You can request what personal information we collect, use, and disclose.
  • Right to Delete: You can request deletion of your personal information (via Account Settings or by contacting us).
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Right to Correct: You can request correction of inaccurate personal information.

Categories of Personal Information Collected

  • Identifiers: Email address, display name, IP address
  • Commercial information: Subscription tier, billing history, usage data
  • Internet activity: Pages viewed, features used, job search queries
  • Geolocation: Approximate location derived from IP address
  • Inferences: Job matching profile derived from resume content and target role

Do Not Sell My Personal Information

Resume Annex does not sell your personal information to third parties. Our AI Displacer product uses only anonymized, aggregated data that cannot be linked to any individual, and requires your explicit opt-in consent. To submit a CCPA request, email privacy@resumeannex.ai with “CCPA Request” in the subject line.

9. Cookies

We use cookies and similar technologies to maintain your authenticated session. We do not use third-party advertising cookies. You can disable cookies in your browser settings, but this will prevent you from using the Service.

10. Children’s Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice in the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or your data, contact us at:

Resume Annex
Email: privacy@resumeannex.ai