Privacy Policy
This policy explains what personal data AI Resume Build ("we", "us") collects, why, and the rights you have over it. It is written to meet India's Digital Personal Data Protection Act, 2023 (DPDP) and the EU General Data Protection Regulation (GDPR), depending on where you are.
1. Who is responsible for your data
AI Resume Build is the data fiduciary (DPDP) / data controller (GDPR) for the personal data processed through this site. Our contact and grievance details are in section 11.
2. What we collect
- Account data: your email address, used to verify you and sign you in.
- Resume content: the information you enter (name, experience, education, skills, links) so we can build, save, and export your resume.
- Payment data: when you buy a paid tier, payment is handled by our gateway (Razorpay in India, Stripe elsewhere). We receive confirmation of payment, not your full card details.
- Usage & device data: basic logs and, only with your consent, analytics about how the site is used.
- Cookies: a necessary session cookie to keep you signed in, plus optional analytics/marketing cookies you can accept or reject.
3. Why we use it, and our lawful basis
| Purpose | Lawful basis |
| Create your account and sign you in | Performance of contract / necessary for the service you request |
| Build, save and export your resume | Performance of contract |
| Process payments for paid tiers | Performance of contract; legal obligation (tax/accounting) |
| Analytics and product improvement | Your consent (withdrawable any time) |
| Marketing measurement | Your consent (withdrawable any time) |
| Security, fraud prevention, and logs | Legitimate interests / legal obligation |
We ask for your consent before setting any non-essential cookie or running analytics. You can change or withdraw consent at any time via Cookie settings in the footer. Withdrawing consent does not affect processing already carried out.
4. Sharing your data
We share personal data only with:
- Payment processors (Razorpay / Stripe) to take payment.
- Hosting and email providers that run the service on our behalf, under contract.
- Authorities where required by law.
We do not sell your personal data.
5. If you publish to the candidate directory
Listing your resume in the public candidate directory is optional and off by default. If you turn it on, your resume becomes publicly viewable, with your email and phone number hidden. You can remove the listing at any time.
6. International transfers
Depending on your region, data may be processed on servers outside your country. Where that happens for users in the EU/UK, we rely on appropriate safeguards (such as Standard Contractual Clauses). For users in India, we process data consistent with the DPDP Act.
7. How long we keep it
We keep your account and resume data while your account is active. If you ask us to delete your account, we remove your personal data except where we must keep certain records (for example, payment records for tax law). Logs are kept for a limited period for security.
8. Your rights
Subject to your region and applicable law, you can:
| Access | Get a copy of the personal data we hold about you. |
| Correction | Fix data that is wrong or incomplete. |
| Erasure / deletion | Ask us to delete your data (DPDP right to erasure; GDPR right to be forgotten). |
| Withdraw consent | Turn off analytics/marketing at any time. |
| Portability (GDPR) | Receive your data in a portable format. |
| Object / restrict (GDPR) | Object to or restrict certain processing. |
| Grievance redressal (DPDP) | Raise a complaint with our Grievance Officer (section 11). |
| Nominate (DPDP) | Nominate someone to exercise your rights in case of death or incapacity. |
To exercise any right, contact us using the details in section 11. We respond within the timelines set by applicable law.
9. Children
Under the DPDP Act, processing a child's data requires verifiable parental consent. This service is intended for users who can lawfully consent in their region. If you are below that age, please use the service only with a parent's or guardian's involvement.
10. Security
We use reasonable technical and organizational measures to protect your data, including encrypted connections and access controls. No method of transmission is perfectly secure, but we work to protect your information and will notify you and the relevant authority of a breach where the law requires.
11. Contact & grievance officer
For any privacy request or complaint, contact us at [your support email]. Under the DPDP Act, our Grievance Officer is [name], reachable at [email], [address]. For GDPR matters, our EU representative (if applicable) is [name / contact]. You also have the right to complain to your data protection authority — in India, the Data Protection Board; in the EU, your local supervisory authority.
12. Changes
We may update this policy. We'll post the new version here with a revised "last updated" date and, where required, ask for fresh consent.