§00 · Privacy
Legal · Updated 2026-04-11

Privacy policy.

What we collect, how we use it, and how we protect it. We aim to be transparent and not overstate our security model.

§01

Overview

ResX is a paid SaaS platform that generates tailored resumes and cover letters from your career profile using AI. This policy explains what data we collect, how we use it, and how we protect it. We are committed to being transparent about our data practices and will not overstate our security model.

§02

Information we collect

Account information

Email address, name, and authentication provider details (Google, Apple, or LinkedIn) when you sign in.

Profile data

Career information you provide, including work history, skills, education, certifications, contact details, and notes. This data is stored as your master profile and used to generate tailored documents.

Job materials

Job descriptions, company names, job titles, and source URLs you submit for resume generation.

Generated documents

Resumes, cover letters, and associated metadata produced by the Service, stored with version history under your account.

Billing information

Payment details are collected and processed by Stripe. We store your Stripe customer ID and subscription status but do not store credit card numbers.

Usage data

Non-sensitive operational metadata such as generation timestamps, model name, token usage counts, and export history. We do not log raw prompt content, generated document text, or profile data in application logs.

§03

How we use your information

  • Providing the Service: Your profile data and job descriptions are sent to our backend, which assembles prompts and calls OpenAI to generate resumes and cover letters. Your content is processed transiently for generation and stored in your account.
  • Improving the Service: We may use aggregated, de-identified usage patterns to improve generation quality, product features, and system performance. We will not sell your personal data or career content to third parties.
  • Account operations: Authentication, session management, subscription billing, and transactional email for sign-in and account events.
  • Abuse prevention: Monitoring for automated or bulk usage patterns that exceed fair-use limits.
§04

Third-party services

The Service relies on the following third-party providers:

  • OpenAI:Processes your profile data and job descriptions to generate resumes and cover letters. Content is sent over TLS. Refer to OpenAI's data usage policies for their retention practices.
  • Supabase: Hosts your account data, profile, and generated documents with platform-managed encryption at rest and row-level security.
  • Stripe: Processes payments and manages subscription billing. Stripe handles all payment card data directly.
  • Vercel: Hosts the application. Server-side functions process requests transiently.
  • Resend: Delivers transactional email for sign-in and account notifications.
§05

Data storage and security

Your data is stored in Supabase with provider-managed encryption at rest. All network communication uses TLS encryption in transit. Access to your data is protected by authentication and row-level security policies tied to your user account.

The platform API key used for AI generation is kept server-side and is never exposed to the browser. Generation requests are assembled and sent from our backend.

We do not claim zero-knowledge architecture or end-to-end encrypted AI generation. Our backend processes your content transiently during generation, and your data is stored using standard platform security controls.

§06

Data retention

Your profile, job materials, and generated documents are retained as long as your account is active. Uploaded source resume files are discarded after text extraction and are not stored. Upon account deletion, your data is removed in accordance with our retention schedule and any legal obligations.

§07

Your rights

You may:

  • Access and edit your profile data at any time
  • Export your generated documents as PDF
  • Delete your account and associated data
  • Request information about what data we hold by contacting us
§08

Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies, advertising pixels, or analytics cookies that profile your behavior across other sites.

§09

Children

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from minors.

§10

Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or in-app notice. Continued use of the Service after changes take effect constitutes acceptance.

§11

Contact

For privacy-related questions or data requests, contact us at hello@resx.pro.