This is a practical first draft and still needs legal review before public launch.
The service provider behind the resume service is the controller for processing needed for accounts, resume storage, payments, support, security and legal obligations.
We normally process email address, password hash, verification status, saved resume content, session data, security and audit logs, technical data such as IP address for security-relevant events and payment-related references from Stripe.
The data is used to deliver the service, protect accounts and prevent abuse, send verification and reset emails, administer subscriptions and handle support and incidents.
Card payments are handled by Stripe. The service does not store full card details, only customer and subscription references needed to manage subscription status.
For operations, troubleshooting and security, selected events are logged, such as logins, reset flows, account data exports, webhook events and email errors. Logs are used to detect abuse, troubleshoot delivery issues and follow up incidents.
Account data is stored while the account is active. Security-related tokens and sessions are cleared continuously when they expire. Backup copies and operational logs may remain for a limited time according to operational and recovery routines.
You can request access by exporting your data from the account page, and delete your account when subscription status allows it. You can also request correction of inaccurate data.
When an account is deleted, the account and saved resumes are removed from the active database. Some information may still remain temporarily in backups or necessary security logs for a limited retention period.
Replace this section with the actual contact path for privacy questions before launch.