Privacy Policy

eAIresume.com is operated by [YOUR LEGAL ENTITY NAME, e.g. Sathpadi Innovations Pvt Ltd] ("we", "us", "our"), registered in [INDIA / your jurisdiction] at [REGISTERED ADDRESS]. For privacy questions contact [privacy@eairesume.com].

When you use eAIresume.com we collect the following categories of data:

• Account data — name, email, hashed password (or Google account identifier when you sign in with Google).
• Resume content — files you upload (PDF/DOCX), parsed text and the structured JSON, JD-tailored versions, edit history.
• Sign-in events — timestamp, IP address (hashed after 30 days), browser user-agent, approximate city/country derived from IP.
• Recruiter visit analytics — when someone views your public profile we log the visit timestamp, hashed IP, user-agent, referrer, and (for Pro/Elite) approximate location.
• Payment data — handled by Razorpay (India settlement) and Stripe (where enabled). We never see or store your full card number; we only store the provider's customer/subscription identifiers.
• Operational logs — request paths, response codes, error traces (forwarded to Sentry when enabled). These do not include resume content.

• Run the service you signed up for (parse, edit, tailor, publish resumes).
• Compute ATS / LinkedIn match scores against job descriptions you paste.
• Send your resume content to our LLM provider (currently Anthropic Claude) to produce restructured and tailored versions. Anthropic does not train on this data per their commercial-API terms.
• Authenticate you and protect against abuse (rate limiting, bot detection).
• Process payments via Razorpay and Stripe.
• Email you about service changes, password resets, verification, and (when you opt in) product updates.

We share data only with sub-processors that operate the service:

• Anthropic, PBC — LLM resume cleanup, tailoring, and rewriting.Privacy policy
• Razorpay Software Pvt Ltd — payment processing for India and international cards.
• Stripe, Inc. — payment processing for the US/EU markets (where enabled on your account).
• Hosting providers — Vercel (frontend), Fly.io (backend), Neon (Postgres), Cloudflare R2 (file storage), Upstash (Redis). All operate under standard data- processor terms.
• Sentry — error monitoring (when configured). No resume content is sent to Sentry.

We never sell your data. We never share it with recruiters except via your own published subdomain — which only contains what you have explicitly chosen to publish.

Some sub-processors (Anthropic, Stripe, Vercel, Cloudflare) are located outside India. We rely on Standard Contractual Clauses (EU SCCs) and the sub-processors' own certifications (SOC 2, ISO 27001) to protect your data during transfer.

• Account data — until you delete your account.
• Resumes and tailored copies — until you delete each one.
• Recruiter visit logs — kept indefinitely for your analytics, but IP addresses are zeroed after 30 days.
• Auth events — 12 months, then aggregated.
• Operational logs — 30 days at the hosting layer.

Under the DPDP Act (India), GDPR (EU), CCPA (California) and similar laws you can:

• Access your data (download all your resumes via the JSON export button).
• Correct your data (edit any field in the resume editor or Account page).
• Delete your data (delete individual resumes, subdomains, or your whole account).
• Port your data to another service (use the JSON export per resume; account-wide export available on request).
• Withdraw consent at any time and request restriction of processing. Contact [privacy@eairesume.com].

Passwords are stored as bcrypt hashes. JWTs are signed with a per-deployment secret. Refresh tokens are revocable and revoked on password change. Payment card data never touches our servers. All traffic is over HTTPS with HSTS.

We use cookies to keep you signed in (`air_access`, `air_refresh` httpOnly cookies) and to remember your currency / interface preferences. We do not use third-party advertising cookies. The cookie banner lets you accept or decline analytics cookies if we enable any in the future.

eAIresume.com is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact [privacy@eairesume.com] and we'll remove it.

Material changes will be notified by email at least 14 days before they take effect. The "last updated" date at the top of this page always reflects the current version.