Privacy Policy

Last updated: July 1, 2026

This policy describes how ResumesFlow handles information in the current application: accounts, resumes, resume import, AI tools, cover letters, job tracking, PDF export, billing, emails, analytics, admin tools, Redis-backed queues, and worker processing.

1. Scope

ResumesFlow is a resume and career-document platform. The service includes account registration, email verification, login sessions, resume editing, encrypted resume storage, cover letters, job tracking, PDF export, optional AI review and rewrite, optional resume import, PayPal billing, and admin operations.

2. Information We Collect

  • Account information: name, email address, password hash, role, plan, trial status, account timestamps, email verification status, renewal reminder preference, and signup IP address used for trial-abuse checks.
  • Authentication information: reCAPTCHA tokens during login/signup, verification codes, password reset tokens, and JWT session data handled by NextAuth.
  • Resume data: resume titles, selected templates, structured resume content, AI review results saved to a resume, PDF export requests, and download records.
  • Resume Text Extractor and import information: uploaded PDF/DOCX file metadata, file size/type, sanitized display filename, a hash of the original filename, private temporary file paths, extracted text, structured import data, warnings, status, and error codes.
  • AI information: saved resume text used for AI review, field text and nearby context submitted for AI rewrite, AI job status, AI results, model metadata, and AI usage logs.
  • Cover letter and job tracker information: cover letter titles/content; job company, position, location, salary, URL, status, notes, and dates.
  • Payment and subscription information: PayPal order IDs, subscription IDs, plan, status, amount, currency, payer name/email when provided by PayPal, verification tokens, billing period dates, and cancellation/reactivation state.
  • Review information: ratings and comments you submit, plus the name/image attached to your account when public reviews are displayed.
  • Technical and security information: IP address, user agent, timestamps, rate-limit counters, load-guard state, CSP violation report hashes, worker heartbeat data, admin audit metadata, health-check status, and operational logs.
  • Analytics information: page path and related analytics signals collected through Google Analytics/Google Tag Manager scripts loaded by the app.

3. How We Use Information

  • Register, verify, authenticate, secure, and manage user accounts.
  • Save, read, update, delete, export, and render resumes, cover letters, and job tracker entries for the account owner.
  • Generate PDFs with Puppeteer and enforce download, rate-limit, plan, and ownership rules.
  • Process uploaded resume files, extract readable text, structure import data, and apply only approved sections.
  • Run optional AI review and rewrite jobs, validate AI output, and provide suggestions for user review.
  • Process PayPal checkout, subscriptions, webhooks, cancellations, reactivations, receipts, and billing support.
  • Send verification, password reset, welcome, receipt, cancellation, reactivation, renewal reminder, review notification, and support emails.
  • Prevent abuse, fraud, spam, payment misuse, account attacks, file-upload abuse, scraping, and overload.
  • Let you export your account data where the export feature is available.
  • Operate admin dashboards, audit logs, health checks, workers, Redis queues, and production monitoring.
  • Understand site usage and page activity through analytics.

4. Resume Storage and Export

Saved resume JSON is encrypted at rest using AES-256-GCM fields in the database. Resume reads and PDF export decrypt resume content server-side only after session and ownership checks. PDF export uses a server-side browser to render an authenticated print page and may forward session cookies to that local render flow.

Cover letter content and job notes are stored with the app's sensitive-text encryption format. Resume titles, template IDs, timestamps, download logs, and AI review analysis are stored as database metadata.

5. Resume Import and File Uploads

Resume import supports PDF and DOCX files. The upload route validates file size, MIME type, extension, PDF/DOCX structure, suspicious filenames, encrypted/password-protected files, macro markers, ZIP compression behavior, and page or text limits. Scanned image-only PDFs may fail because OCR is not part of the current importer.

The Secure Resume Text Extractor V1 extracts readable text for review. By itself, that extractor does not auto-fill resume fields and does not create a resume automatically. Smart Import is a separate guided flow that can structure extracted text and save approved sections only after you choose to prepare and apply them.

Accepted files are written to a private temporary directory and processed by the resume import worker or configured fallback. Temporary files are deleted after extraction, failure, cancellation, deletion, or stale cleanup. Extracted text and structured import data are encrypted in Redis job state. Extracted text expires automatically when the import job TTL runs out. The status API returns extracted text only to the authenticated job owner when text is ready.

Smart Import is available only to paid plans and admins. It can use deterministic parsing and local AI to structure extracted text and suggest section merges. Approved import sections are saved only after user action; save-as-copy is supported, and applying to an existing resume checks ownership.

6. AI Review and Rewrite

AI features are optional and user-triggered. AI Review loads and decrypts an owned saved resume, creates a Redis review job, may process it through the AI worker, calls local Ollama AI infrastructure where configured, with server-side validation, deterministic fallbacks, and safety checks, validates the result, and stores the final review analysis on the resume. Review jobs expire from Redis.

AI Rewrite sends the selected field text and nearby context you provide to the local AI service, validates the suggestion against the original evidence, and stores temporary job results in Redis. Rewrite usage also creates an AI usage log with user/IP metadata for plan limits.

AI logs are designed to avoid raw prompts, resume text, or AI output content. They may include route, model, endpoint, duration, success/failure, error type, content length, thinking length, and evaluation counts.

7. Payments and Subscriptions

Payments are handled through PayPal. The app stores payment and subscription metadata needed to verify access, issue receipts, process webhooks, cancel renewal, reactivate subscriptions, and maintain billing records. We do not store full card numbers.

PayPal client approvals are not trusted by themselves. The server verifies PayPal order/subscription status, ownership through custom IDs, configured plan IDs, amount, and currency where applicable before changing a user plan.

8. Email, Analytics, and Cookies

We use transactional email for account verification, password reset, welcome messages, payment receipts, subscription cancellation/reactivation, renewal reminders, review notifications, and support-related messages. Email content may include verification codes, reset links, masked PayPal IDs, plan names, billing amounts, and billing dates.

We use cookies and similar technologies for NextAuth sessions, security checks, CSRF/origin protections, preferences such as theme, PayPal checkout, Google reCAPTCHA, and Google Analytics. NextAuth sessions use JWT cookies with a 30-day max age in current configuration.

9. Sharing and Third Parties

We do not sell resume content. We share or process information with service providers and systems needed to operate the product:

  • MySQL/Prisma database infrastructure for account, resume, billing, review, job, and admin records.
  • Redis for rate limits, load guards, temporary AI/import jobs, queues, and worker heartbeats.
  • PayPal for checkout, subscriptions, payment verification, and webhooks.
  • transactional SMTP email provider for transactional email delivery.
  • Google Analytics/Google Tag Manager for site analytics.
  • Google reCAPTCHA for bot protection in authentication flows.
  • Local Ollama AI infrastructure for AI review, rewrite, and Smart Import when configured.
  • Puppeteer/Chrome for server-side PDF export.
  • Admins and CEO-role users through role-protected admin pages and APIs, with masking and CEO-only access where implemented.
  • Legal, security, fraud-prevention, abuse-response, accounting, tax, or rights-protection requests when required or appropriate.

10. Security

The application uses session checks, owner filters, CSRF/origin validation on many unsafe routes, rate limits, Redis load guards, encrypted resume storage, sensitive-text encryption for cover letters/job notes, private upload storage, role-based admin access, CEO-only sensitive admin routes, PayPal server verification, file validation, sanitization, and admin audit logging.

No service can guarantee absolute security. Known operational metadata, payment metadata, logs, Redis payloads, and backups must still be treated as sensitive.

11. Retention and Deletion

Account content is kept while your account is active. Temporary import and AI job records expire automatically. Payment records, download logs, AI usage logs, admin audit logs, security logs, and encrypted backups may be retained for security, fraud prevention, tax/accounting, debugging, legal, and disaster recovery needs.

  • Account, resume, cover letter, job tracker, subscription, PayPal order, and review records are generally kept while your account is active.
  • Deleting a resume removes that owned resume record from active database storage.
  • Account deletion deletes the user record and related Prisma records that cascade from the user, such as resumes, cover letters, job applications, subscriptions, PayPal orders, and reviews.
  • Account deletion also attempts to delete that user's AI review Redis jobs.
  • Download logs, AI usage logs, admin audit logs, CSP/security logs, rate-limit records, health/worker metadata, and backups may remain after account deletion.
  • Import jobs and extracted text can be deleted by the user from the import flow and otherwise expire from Redis; private temp files are deleted by terminal job states or stale cleanup.
  • Verification and password reset tokens expire or are cleared when used/replaced, but operational traces may remain in logs/backups.

12. Your Choices and Rights

You can update account profile information, export account data where available, delete individual resumes, delete import jobs, and request account deletion subject to authentication, subscription, payment-record, security-log, legal, and backup-retention limits.

  • You can update your display name in profile settings.
  • You can export account data through the data export endpoint where available; export includes decrypted owner content and payment metadata.
  • You can delete individual resumes, cover letters, jobs, reviews, import jobs, and your account where the app provides those controls.
  • You can cancel or reactivate subscription renewal where available.
  • You can contact us to request access, correction, deletion, or privacy help. We may need to verify your identity and may retain records where required or reasonably necessary.

13. Children and International Use

ResumesFlow is not intended for children under 13. Users under the legal age in their location should use the service only with parent or guardian consent. The service may be operated from the United States and other locations where infrastructure and providers operate.

14. Changes and Contact

We may update this Privacy Policy when the service changes. The latest version will show a new “Last updated” date. For privacy questions or requests, contact [email protected]. For general support, use the contact page.