1. Who we are
ResumeRoast (“we,” “us,” or “our”) operates the ResumeRoast web application at resume-roast.com. We provide AI-powered resume analysis and feedback. For general questions, contact hamzataj371@gmail.com. For privacy-related requests, contact hamzataj371@gmail.com.
2. Information we collect
We collect the following categories of information:
- Account information: When you sign in with Google, GitHub, or Microsoft, we receive your name, email address, profile picture URL, and authentication provider identifier from that service.
- Resume uploads: PDF files you upload, including filename, file size, MIME type, and extracted text used for analysis.
- Generated content: Roast scores, ATS analysis, written feedback, rewrite suggestions, and related metadata produced by our AI pipeline.
- Usage and billing data: Credit balance, purchase history, payment status, product purchased, and transaction amounts. We do not receive or store your full payment card details (see Payment processing below).
- Technical data: Browser type, device information, IP address, session cookies, and server logs needed to operate and secure the service.
3. How we use your information
We use your information to:
- Authenticate you and maintain your session.
- Store and display your roasts, history, and credit balance.
- Process resume uploads and generate AI feedback.
- Process payments and maintain purchase records.
- Improve reliability, security, and product quality.
- Respond to support requests and legal obligations.
We do not sell your personal information. We do not use your resume to train public AI models without your explicit consent.
4. Why we process your data
We process personal data in order to:
- Provide the resume analysis and feedback you request.
- Fulfill our contractual obligations when you use the service or purchase credits.
- Comply with legal obligations that apply to us.
- Protect legitimate interests such as fraud prevention, abuse detection, and platform security.
- Process data based on your consent where consent is required or you have given it.
5. Payment processing
When you purchase credits, payments are processed by Paddle, our Merchant of Record. Paddle collects and processes payment information according to its own Privacy Policy.
ResumeRoast does not store or have access to your full payment card details. We receive only the transaction information needed to add credits to your account, maintain purchase history, handle refunds where applicable, and provide customer support.
6. Third-party service providers
ResumeRoast relies on trusted third-party providers to operate the service. They process data on our behalf only as needed to provide their part of the service:
- Supabase — authentication, account data, database storage, and private file storage for uploaded resumes and generated results.
- OpenAI — AI processing to generate roasts, feedback, and improved resume content. We send only the resume text and related context needed for the specific feature you request. We do not intentionally send unnecessary account information. AI responses may occasionally be inaccurate or incomplete. OpenAI processes this data according to its Privacy Policy and API data usage terms.
- Paddle — payment processing and billing records as our Merchant of Record.
- Vercel — application hosting and content delivery so the service remains available and performant.
Sign-in through Google, GitHub, or Microsoft is handled via Supabase Auth. Each provider receives standard OAuth requests according to its own privacy policy. We only receive the profile fields needed to create and maintain your account.
7. Cookies and similar technologies
We use essential cookies and local storage to keep you signed in, protect your session, and remember basic preferences. These are required for the service to function. We may introduce additional non-essential analytics in the future; if we do, we will update this Privacy Policy and provide appropriate notice before those tools are enabled.
8. Data storage and security
Your account data, roast results, and metadata are stored in Supabase (PostgreSQL). Resume PDFs are stored in private Supabase Storage buckets protected using authenticated access controls and storage permissions intended to restrict access to authorized users. Data is transmitted over encrypted connections (TLS) and stored with encryption at rest where supported by our providers.
We use industry-standard security measures, including authenticated access controls, row-level security on database tables, private storage buckets, and server-side secret management. No system can guarantee absolute security. Please use a strong OAuth provider account and report suspected unauthorized access promptly.
9. Data retention
We retain your account, resumes, and roast history for as long as your account is active so you can access past results. If you delete your account, we aim to complete deletion of associated personal data within 30 days unless a longer retention period is required by law or necessary to prevent fraud or comply with legal obligations.
10. Your rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate account information.
- Request deletion of your account and associated data.
- Export your data in a portable format.
- Object to or restrict certain processing.
- Withdraw consent where processing is consent-based.
To exercise these rights, email hamzataj371@gmail.com. We will respond within 30 days.
11. Account deletion
You may request account deletion by contacting hamzataj371@gmail.com. Deletion removes your profile, stored resumes, roast history, and credit balance. We aim to complete deletion within 30 days unless a longer retention period is required by law or necessary to prevent fraud or comply with legal obligations. Purchases already completed may be retained in anonymized financial records as required by law.
12. International users
ResumeRoast may be accessed from multiple countries. Your data may be processed in the United States or other jurisdictions where our service providers operate. By using the service, you consent to transfer and processing in those locations, subject to applicable safeguards.
13. Children
ResumeRoast is not directed to children under 16. We do not knowingly collect personal information from children. Contact us at hamzataj371@gmail.com if you believe a child has provided data and we will delete it.
14. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date. Your continued use of ResumeRoast after the updated policy takes effect means the revised Privacy Policy will apply to your use of the service.