Privacy Policy
How we process and protect your information when using our AI-powered resume screening service
Effective Date: July 25, 2025
Resume Screener ("we," "our," or "us") operated by SD IT Support Ltd is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our AI-powered resume screening service.
π Global Privacy Compliance
This Privacy Policy is designed to comply with major privacy laws worldwide, including:
Europe: GDPR, UK GDPR, Swiss DPA
North America: CCPA, VCDPA, CPA, CTDPA, PIPEDA
Asia-Pacific: APPI, K-PIPA, PDPA, Privacy Act 1988
We continuously monitor evolving privacy regulations to ensure ongoing compliance across all jurisdictions where we operate.
π― Our Data Processing Approach
We prioritize privacy by design:
- Processing, Not Storing: Resume content is processed via AI but not permanently stored
- PII-Free Logging: Our audit logs contain no personal information from resumes
- Minimal Data Collection: We only collect what's necessary for service delivery
- You Control Data: As data controller, you decide what to upload and process
1. Information We Collect
π Categories of Personal Information (US State Laws)
- Identifiers: Email addresses, account credentials, IP addresses
- Commercial Information: Purchase history, credit balances, transaction records
- Internet Activity: Usage patterns, log data, session information
- Professional Information: Resume content processed on your behalf (as processor only)
- Sources: Directly from you (account creation, uploads), automatically (usage logs), payment processor (Stripe)
π€ Your Account Information
- Account Data: Email address and encrypted password for authentication
- Credit Information: Credit balance, purchase history, and usage tracking
- Service Usage: Number of batches processed, file counts, and feature usage
π Audit and Activity Logs
π What We Log (No PII)
- Batch Activity: Number of files processed, credit amounts, processing status
- Credit Transactions: Purchases, spending, refunds with Stripe session IDs
- User Activities: Login/logout, password changes, account actions
- Technical Data: IP addresses, user agents, timestamps (for security)
- Job Criteria: Number of criteria used (not the actual criteria text)
π Resume Processing
- File Upload: Temporary storage of PDF/DOCX files during processing
- Text Extraction: Resume content converted to text for AI analysis
- Processing Results: AI-generated scores, rankings, and analysis summaries
- No Long-term Storage: Resume content is not permanently stored in our systems
2. How We Use Your Information
π― Service Delivery
- Resume Analysis: Process uploaded resumes through AI for ranking and scoring
- Account Management: Maintain your account, credit balance, and processing history
- Payment Processing: Handle credit purchases and automatic refunds via Stripe
- Customer Support: Provide assistance and resolve technical issues
π Service Improvement
- Usage Analytics: Monitor processing volumes and success rates
- Security Monitoring: Detect fraud and protect against abuse
- Performance Optimization: Improve processing speed and reliability
3. Third-Party Processing
β οΈ AI Processing Disclaimer
Our service uses artificial intelligence for resume analysis. Please note:
- No Accuracy Guarantee: AI analysis may produce incorrect or incomplete results
- Guidance Only: Results should be treated as guidance, not definitive assessments
- Your Decision Responsibility: You remain solely responsible for all hiring decisions
- Technology Limitations: AI performance may vary based on content and formatting
π€ OpenAI Processing
- Purpose: AI analysis of resume content for scoring and ranking
- Data Sent: Resume text content and job criteria for analysis
- Processing Location: OpenAI's global infrastructure
- Data Retention: OpenAI may retain data for up to 30 days for safety monitoring, then it's deleted
- Privacy Policy: Governed by OpenAI's privacy policy and data usage terms
π’ Other Service Providers
- Supabase: Database hosting and user authentication (no resume content stored)
- Stripe: Payment processing for credit purchases and refunds
- Hosting Infrastructure: Cloud services for application hosting and delivery
4. Data Retention and Deletion
β±οΈ Retention Periods and Criteria
- Resume Content: Processed immediately, not stored long-term (temporary processing only)
- Processing Results: Available until you delete them or close your account (user-controlled)
- Account Data: Retained while your account is active, deleted within 30 days of account closure
- Audit Logs: Batch activity (2 years - business records), credit transactions (7 years - tax compliance), user activity (1 year - security)
- OpenAI Processing: Up to 30 days for safety monitoring, then automatically deleted
- Sensitive Information: We do not intentionally collect sensitive personal information; any sensitive data in resumes is processed but not stored
ποΈ Automatic Deletion
- Temporary files are deleted immediately after processing
- Failed processing attempts are cleaned up within 24 hours
- Expired authentication tokens are automatically purged
- Account deletion removes all your data except legally required audit logs
5. Your Rights and Controls
β Your Data Rights
- Access: Request a copy of your account data and processing history
- Correction: Update or correct your account information
- Deletion: Delete your account and all associated data
- Portability: Export your processing results and account data
- Control: Choose what resumes to upload and process
πͺπΊ GDPR Rights (EU Residents)
- Legal Basis: We process data based on legitimate interests (service delivery), contract performance (account management), and consent where applicable
- Right to Object: Object to processing based on legitimate interests
- Right to Restrict: Request limitation of processing in certain circumstances
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
- Automated Decision-Making: Our AI analysis is used for guidance only; final hiring decisions remain with you
- Supervisory Authority: You have the right to lodge a complaint with your local data protection authority
πΊπΈ US State Privacy Rights
For residents of California, Virginia, Colorado, Connecticut, and Utah:
- Sale/Sharing: We do not sell or share personal information for monetary or other valuable consideration
- Opt-Out: Right to opt out of sale/sharing (not applicable as we don't sell/share)
- Sensitive Information: Right to limit use and disclosure of sensitive personal information
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights
- Authorized Agents: You may designate an authorized agent to make requests on your behalf
- Appeal Process: If we deny your request, you have the right to appeal our decision
π¨π¦ Canadian Privacy Rights (PIPEDA & Provincial Laws)
For Canadian residents under PIPEDA and provincial privacy laws:
- Consent Principle: We obtain meaningful consent for collection, use, and disclosure of personal information
- Access Rights: Right to access personal information we hold about you
- Correction Rights: Right to correct inaccurate or incomplete personal information
- Withdrawal of Consent: Right to withdraw consent, subject to legal or contractual restrictions
- Accountability: We are accountable for personal information under our control
- Privacy Officer: Contact privacy@resumescreener.io for privacy concerns
- Complaints: Right to file complaints with the Privacy Commissioner of Canada or provincial commissioners
π International Privacy Rights
For residents of other jurisdictions with comprehensive privacy laws:
π¦πΊ Australia (Privacy Act):
- β’ Access and correction rights
- β’ Anonymity and pseudonymity options
- β’ Complaints to OAIC
π§π· Brazil (LGPD):
- β’ Data subject rights similar to GDPR
- β’ Legal basis for processing
- β’ ANPD authority complaints
π―π΅ Japan (APPI):
- β’ Disclosure and correction rights
- β’ Consent for sensitive information
- β’ PPC complaints process
π°π· South Korea (K-PIPA):
- β’ Access, correction, deletion rights
- β’ Consent requirements
- β’ PIPC authority oversight
πΈπ¬ Singapore (PDPA):
- β’ Access and correction rights
- β’ Consent and notification requirements
- β’ PDPC complaints mechanism
π³πΏ New Zealand:
- β’ Privacy principles compliance
- β’ Access and correction rights
- β’ Privacy Commissioner complaints
Universal Rights: Regardless of location, you have the right to contact us about your personal information, request access to data we hold about you, and file complaints with your local privacy authority.
6. Data Controller Responsibilities
β οΈ Your Legal Obligations
When you upload resumes, YOU are the data controller. You must:
- Obtain Consent: Get explicit consent from candidates before uploading their resumes
- Inform Candidates: Tell them their data will be processed by Resume Screener and OpenAI
- Have Legal Basis: Ensure you have lawful basis for processing under applicable laws
- Handle Rights Requests: Respond to candidate requests for access, correction, or deletion
- Limit Purpose: Use data only for the hiring purposes disclosed to candidates
7. Security Measures
- End-to-end encryption for data transmission
- Secure authentication and access controls
- Regular security monitoring and updates
- PII-free audit logging to minimize data exposure
- Immediate deletion of temporary processing files
8. International Data Transfers and Global Compliance
π Cross-Border Processing
As a global service, your data may be processed in various countries:
- United States: OpenAI processing for AI analysis
- European Union: Infrastructure and hosting services
- United Kingdom: SD IT Support Ltd operations (data controller)
- Global Cloud Infrastructure: Distributed processing for performance optimization
π Transfer Safeguards by Jurisdiction
- EU/UK/Switzerland: Standard Contractual Clauses (SCCs) and adequacy decisions where applicable
- Canada: Comparable privacy protection standards and contractual commitments
- Asia-Pacific: Appropriate safeguards including binding corporate rules and certification mechanisms
- Other Jurisdictions: Adequate protection measures as required by local privacy laws
We continuously monitor international data transfer requirements and update our safeguards to ensure compliance with evolving privacy laws worldwide.
9. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or service notifications. Continued use constitutes acceptance of updates.
10. Exercising Your Rights
π§ Contact Information
- Privacy Email: privacy@resumescreener.io
- General Support: support@resumescreener.com
- Response Time: 30 days for rights requests (45 days if complex), 2-3 business days for general inquiries
π How to Make a Request
- Identity Verification: We may request information to verify your identity before processing requests
- Authorized Agents: Third parties may make requests on your behalf with proper authorization
- Request Details: Please specify which rights you wish to exercise and provide relevant details
- Appeal Process: If we deny your request, you may appeal by emailing privacy@resumescreener.io with "Appeal" in the subject line
Who We Are
Resume Screener is a service operated by SD IT Support Ltd, a company registered in England and Wales (Company No. 15846904). We act as a processor for resume data on behalf of our customers and as a controller for customer account and billing data.
If you have any questions, please contact legal@resumescreener.io.
By using Resume Screener, you acknowledge that you have read and understood this Privacy Policy and agree to our data processing practices as described herein.