Legal & Compliance

Privacy Policy

We believe your data is yours. Here's exactly what we collect, why we collect it, and how you can control it.

Last updated: May 2026
GDPR & CCPA compliant

Overview

ResumeKraft, Inc. ("we", "our", or "us") operates the ResumeKraft platform at mehtasystems.dev. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered resume builder and related services.

By using ResumeKraft, you agree to the practices described in this policy. If you disagree, please discontinue use of the service.

We never sell your personal data to third parties. Your resume content is yours — we only use it to provide and improve the service.

Data we collect

We collect only what's necessary to provide a great resume-building experience. Here's a breakdown:

CategoryExamplesSource
AccountName, email address, password (hashed)You provide directly
Resume dataWork history, education, skills, cover lettersYou provide directly
LinkedIn importProfile data you choose to importLinkedIn OAuth (with your consent)
UsagePages visited, features used, clicks, session durationAutomatically via cookies & logs
DeviceBrowser type, OS, screen size, IP addressAutomatically collected
PaymentTransaction ID, last 4 digits of card, billing countryStripe (we never store full card details)

How we use your data

Your data powers the service and helps us improve it for everyone. Specifically, we use it to:

  • Authenticate your account and keep it secure
  • Provide the resume builder, AI writing, ATS checker, and all related features
  • Generate AI-powered suggestions tailored to your resume and target job descriptions
  • Process payments and manage your subscription through Stripe
  • Send transactional emails (receipt, password reset, export confirmation)
  • Send product updates and tips — you can unsubscribe at any time
  • Detect abuse, prevent fraud, and enforce our terms of service
  • Improve our AI models using anonymised, aggregated patterns — never your identifiable content without consent

We do not use your resume content to train our AI models by default. You can optionally opt-in to help improve the AI under Settings → Privacy.

Sharing & disclosure

We do not sell, rent, or trade your personal data. We only share it in these circumstances:

  • Service providers — Stripe (payments), AWS (hosting), Postmark (email), Anthropic (AI processing)
    — each under strict data processing agreements
  • Legal obligations — when required by law, court order, or to protect the rights and safety of our users
  • Business transfer — in the event of a merger or acquisition, your data transfers to the new entity subject to the same protections
  • With your consent — for any sharing not described here, we will ask you first

Data retention

We keep your data only as long as necessary to provide the service or meet legal obligations:

  • Active account data is retained for the life of your account
  • After account deletion, personal data is purged within 30 days
  • Backups are purged within 90 days of deletion
  • Payment records are retained for 7 years for tax and accounting compliance
  • Anonymised analytics data may be retained indefinitely

Security

We take security seriously and implement industry-standard measures to protect your data:

  • All data in transit is encrypted via TLS 1.3
  • All data at rest is encrypted with AES-256
  • Passwords are hashed using bcrypt — we never store plaintext passwords
  • Access to production systems is restricted and requires multi-factor authentication
  • We conduct regular security audits and penetration tests
  • We maintain an incident response plan and will notify affected users within 72 hours of a confirmed breach

Found a vulnerability? Please report it responsibly to mehtasystemsdev@gmail.com and we'll respond within 48 hours.

Your rights

Depending on your location, you may have the following rights under GDPR, CCPA, and other applicable laws:

Access
Request a copy of all personal data we hold about you.
Correction
Ask us to correct inaccurate or incomplete data.
Deletion
Request erasure of your personal data ("right to be forgotten").
Portability
Receive your data in a machine-readable format (JSON/CSV).
Opt-out of marketing
Unsubscribe from promotional emails at any time via the link in any email.
Restrict processing
Ask us to limit how we use your data in certain circumstances.

To exercise any right, email mehtasystemsdev@gmail.com. We will respond within 7 days.

Cookies

We use cookies and similar technologies to keep you signed in, remember preferences, and understand how the product is used.

TypePurposeDuration
EssentialAuthentication, session management, security tokensSession / 30 days
FunctionalLanguage, editor preferences, last-used template1 year
AnalyticsPage views, feature usage (anonymised via Plausible)1 year

We do not use advertising or tracking cookies. You can manage cookie preferences in your browser settings — note that disabling essential cookies will affect sign-in functionality.

Children's privacy

ResumeKraft is intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at mehtasystemsdev@gmail.com and we will delete it promptly.

Policy changes

We may update this policy from time to time. When we make material changes, we will:

  1. Update the "Last updated" date at the top of this page
  2. Show an in-app banner for 14 days after the change goes live
  3. Email you at the address on your account for significant changes

Continued use of ResumeKraft after changes take effect constitutes acceptance of the revised policy.

Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, reach out to our privacy team:

RK

Privacy Team — ResumeKraft

We aim to respond to all privacy-related inquiries within 2 business days.

mehtasystemsdev@gmail.com