Privacy Policy

The service made available at rezumic.com (the "Service") is operated by an individual founder, a sole proprietor based in India ("Rezumic", "we", or "us"), acting as the data controller for personal data processed in connection with the Service. The full legal name and registered address of the controller are available to data subjects, supervisory authorities, and other competent bodies on written request submitted to [email protected].

The Service is designed to minimise personal data processed by Rezumic. Resume content entered into the builder is held client-side in the user's browser (localStorage) and is transmitted to Rezumic only when the user actively requests generation of a PDF. The Service does not maintain user accounts, authentication credentials, or persistent user profiles, and operates without first-party tracking cookies.

Rezumic processes the following categories of personal data in connection with the Service: (i) resume content submitted to Rezumic at the time the user requests PDF generation, persisted as a transient record in a pdf_jobs table; (ii) product-analytics events describing aggregated, non-content interaction with the Service (see the Cookies & Tracking Technologies Policy for the full event catalogue); (iii) session recordings captured by PostHog with all form inputs and rendered resume text masked at source; and (iv) server logs containing request metadata (IP address, timestamp, request path, response status).

Where the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") or comparable legislation applies, Rezumic relies on the legal basis of legitimate interests pursuant to Article 6(1)(f) GDPR for the processing of resume content (to deliver the PDF requested by the user), product analytics and session recordings (to operate, secure, and improve the Service), and server logs (security, abuse prevention, and incident response). Data subjects in jurisdictions recognising a right to object to such processing may exercise that right in accordance with Section 8 below.

Personal data is retained only for as long as necessary for the purposes set out in Section 4 and in any event no longer than: resume content persisted in PDF job records — twenty-four (24) hours from creation, after which records are deleted automatically; browser-side drafts — until cleared by the user or by the browser; product-analytics events — twelve (12) months; session recordings — twelve (12) months; server logs — thirty (30) days. Backup copies, where present, are subject to standard rotation policies of the relevant subprocessors and are overwritten in the ordinary course.

Personal data may be processed at the following locations operated by the subprocessors listed in Section 11: Cloudflare (global edge network); Railway (United States, US-West region); Neon (United States, US-East region); and PostHog (United States), accessed via a first-party reverse proxy at e.rezumic.com operated by Rezumic. No processing occurs on infrastructure controlled directly by Rezumic.

The Service is operated from India and its supporting infrastructure is primarily located in the United States. No European Commission adequacy decision under Article 45 GDPR currently designates India or the United States generally as providing adequate protection for personal data. Transfers of personal data outside the European Economic Area, the United Kingdom, or other jurisdictions with applicable transfer-control rules are therefore conducted in reliance on the Standard Contractual Clauses adopted by the European Commission and equivalent safeguards published by each relevant subprocessor.

Subject to applicable law and our verification of the requester's identity, data subjects may request access to, correction of, or deletion of personal data Rezumic holds about them; portability of the data they have provided (delivered as a JSON export of the ResumeData structure); and they may object to processing carried out on the basis of our legitimate interests. Requests must be submitted in writing to [email protected] and must contain sufficient information for Rezumic to identify the requester and authenticate the request. Rezumic responds to verifiable requests within the time period required by applicable law and may decline, or charge a reasonable fee for, requests that are manifestly unfounded, excessive, or repetitive, or where an exemption applies. Where Rezumic is unable to comply with a request in whole or in part, the reasons will be provided to the requester. Nothing in this Privacy Policy limits any non-waivable statutory right available to a data subject under applicable law.

The Service is intended for users aged eighteen (18) and older. Rezumic does not knowingly process personal data of any person under the age of 18. Without limiting the foregoing, Rezumic does not knowingly collect personal information from children under the age of 13 within the meaning of the U.S. Children's Online Privacy Protection Act (COPPA). Any personal data inadvertently collected from a minor will be deleted upon notification to [email protected].

Rezumic implements technical and organisational measures appropriate to the nature of the data processed, including transport-layer encryption (TLS) for data in transit, least-privilege access controls for production systems, and reliance on the security capabilities of the subprocessors identified in Section 11. No information system can guarantee absolute security. In the event of a personal-data breach reasonably likely to result in a risk to the rights and freedoms of natural persons, Rezumic will notify affected parties and any competent supervisory authority in accordance with applicable law.

Rezumic does not sell or rent personal data and does not share personal data with advertising networks or data brokers. The following subprocessors process personal data on behalf of Rezumic, in each case under contractual safeguards and only to the extent necessary to perform the Service: PostHog (United States) — product analytics and session recording; Cloudflare — frontend hosting, content delivery, edge proxy; Railway (United States) — application hosting; Neon (United States) — managed Postgres for the 24-hour PDF job record. Payment-processing services are not engaged in the current release of the Service. Any additional subprocessor will be reflected by an update to this Privacy Policy.

Rezumic may modify this Privacy Policy from time to time. Modifications take effect upon posting of the revised text on this page together with an updated effective date. Material changes will be highlighted on the Service for a reasonable period following posting. Continued use of the Service after the effective date of a revision constitutes acknowledgement of the revised Policy.

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Grievance Officer designated by Rezumic may be reached at [email protected]. Complaints will be acknowledged within twenty-four (24) hours of receipt and addressed within thirty (30) days, in accordance with applicable law.

All notices, requests, and other communications relating to this Privacy Policy must be addressed in writing to [email protected].