Privacy Policy

Last updated: February 2026

1. Introduction

ResumeStats (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at resumestats.org (the “Service”).

2. Information We Collect

We collect the following types of information:

  • Account Information: Name, email address, and authentication credentials when you create an account via Google or LinkedIn sign-in.
  • Resume Data: Resume files you upload for analysis, including personal details, work history, education, and skills contained within.
  • Usage Data: Browser type, device information, IP address, pages visited, and interaction patterns.
  • Payment Information: Payment details are processed securely by our third-party payment processor (Razorpay). We do not store full payment card details on our servers.

3. How We Use Your Information

  • To provide, maintain, and improve our resume analysis, ATS scoring, AI rewriting, JD tailoring, and template-based resume building services.
  • To process your transactions and manage your account.
  • To send service-related communications (e.g., account verification, payment confirmations, feature updates).
  • To analyze usage patterns and improve user experience.
  • To detect, prevent, and address technical issues or fraudulent activity.

4. Data Retention

We retain your data only as long as necessary to provide our services:

  • Free scans: Resume data from free ATS scans is automatically deleted within 24 hours. No account is required for free scans.
  • Pro accounts (OnePass): Resume data is retained while your account is active and your OnePass access is valid. You may delete individual resumes or your entire account at any time.
  • Account deletion: Upon account deletion, all associated personal data — including uploaded resumes, analysis results, and payment history — is permanently removed within 30 days.

5. Data Security

We implement industry-standard security measures to protect your data:

  • AES-256 encryption for data at rest and TLS 1.3 for data in transit.
  • All resume files are stored in encrypted cloud storage with access controls.
  • Regular security audits and vulnerability assessments.
  • Access controls limiting employee access to personal data on a need-to-know basis.
  • OAuth 2.0-based authentication via Google and LinkedIn — we never store your social account passwords.

6. Third-Party Services

We do not sell, rent, or trade your personal information. We share data only with:

  • Cloud Infrastructure (MongoDB Atlas, AWS): For secure data storage and processing. Data is hosted in SOC 2 compliant data centers.
  • Payment Processor (Razorpay): For secure payment processing. Razorpay is PCI-DSS compliant.
  • AI Services (OpenAI): Resume content is sent to OpenAI's API for AI-powered rewriting, JD tailoring, and feedback generation. OpenAI does not use API data for model training.
  • Authentication Providers (Google, LinkedIn): For secure sign-in. We receive only your name and email.
  • Legal Requirements: When required by law, regulation, or legal process.

7. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data (“right to be forgotten”).
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to the processing of your data for certain purposes.
  • Withdraw Consent: Withdraw consent for data processing at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

We use only essential cookies to maintain session state and authentication:

  • Session cookies: To keep you signed in during your visit.
  • Authentication tokens: Stored securely to verify your identity across requests.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that identify individual users.

9. Children's Privacy

ResumeStats is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

10. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required by GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on this page with a revised “Last updated” date.
  • Sending an email notification to registered users for significant changes.

Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

Response time: We aim to respond to all privacy-related inquiries within 5 business days.