Privacy Policy

Last updated: July 2026

This policy explains what personal data AI Resume Build ("we", "us") collects, why, and the rights you have over it. It is written to meet India's Digital Personal Data Protection Act, 2023 (DPDP) and the EU General Data Protection Regulation (GDPR), depending on where you are.

This is a general template and a starting point — not legal advice. Have it reviewed by a qualified professional and fill in your company name, address, and contact details before publishing.

1. Who is responsible for your data

AI Resume Build is the data fiduciary (DPDP) / data controller (GDPR) for the personal data processed through this site. Our contact and grievance details are in section 11.

2. What we collect

3. Why we use it, and our lawful basis

PurposeLawful basis
Create your account and sign you inPerformance of contract / necessary for the service you request
Build, save and export your resumePerformance of contract
Process payments for paid tiersPerformance of contract; legal obligation (tax/accounting)
Analytics and product improvementYour consent (withdrawable any time)
Marketing measurementYour consent (withdrawable any time)
Security, fraud prevention, and logsLegitimate interests / legal obligation

We ask for your consent before setting any non-essential cookie or running analytics. You can change or withdraw consent at any time via Cookie settings in the footer. Withdrawing consent does not affect processing already carried out.

4. Sharing your data

We share personal data only with:

We do not sell your personal data.

5. If you publish to the candidate directory

Listing your resume in the public candidate directory is optional and off by default. If you turn it on, your resume becomes publicly viewable, with your email and phone number hidden. You can remove the listing at any time.

6. International transfers

Depending on your region, data may be processed on servers outside your country. Where that happens for users in the EU/UK, we rely on appropriate safeguards (such as Standard Contractual Clauses). For users in India, we process data consistent with the DPDP Act.

7. How long we keep it

We keep your account and resume data while your account is active. If you ask us to delete your account, we remove your personal data except where we must keep certain records (for example, payment records for tax law). Logs are kept for a limited period for security.

8. Your rights

Subject to your region and applicable law, you can:

AccessGet a copy of the personal data we hold about you.
CorrectionFix data that is wrong or incomplete.
Erasure / deletionAsk us to delete your data (DPDP right to erasure; GDPR right to be forgotten).
Withdraw consentTurn off analytics/marketing at any time.
Portability (GDPR)Receive your data in a portable format.
Object / restrict (GDPR)Object to or restrict certain processing.
Grievance redressal (DPDP)Raise a complaint with our Grievance Officer (section 11).
Nominate (DPDP)Nominate someone to exercise your rights in case of death or incapacity.

To exercise any right, contact us using the details in section 11. We respond within the timelines set by applicable law.

9. Children

Under the DPDP Act, processing a child's data requires verifiable parental consent. This service is intended for users who can lawfully consent in their region. If you are below that age, please use the service only with a parent's or guardian's involvement.

10. Security

We use reasonable technical and organizational measures to protect your data, including encrypted connections and access controls. No method of transmission is perfectly secure, but we work to protect your information and will notify you and the relevant authority of a breach where the law requires.

11. Contact & grievance officer

For any privacy request or complaint, contact us at [your support email]. Under the DPDP Act, our Grievance Officer is [name], reachable at [email], [address]. For GDPR matters, our EU representative (if applicable) is [name / contact]. You also have the right to complain to your data protection authority — in India, the Data Protection Board; in the EU, your local supervisory authority.

12. Changes

We may update this policy. We'll post the new version here with a revised "last updated" date and, where required, ask for fresh consent.