Privacy Policy

Learn how Resulinx protects your data and respects your privacy

Last updated: December 25, 2025

Privacy at a Glance

We never sell your personal data
Your resumes are encrypted at rest
You control your data deletion
GDPR & CCPA compliant

1. Information We Collect

Information You Provide to Us

Account Information: Name, email address, password (hashed and secured)

Resume Content: Text, formatting, work history, education, skills, and professional experience

Job Search Data: Target jobs, company preferences, application tracking, interview notes

Communication: Messages you send us, support requests, feedback

Payment Information: Billing details processed securely by Stripe (we never store credit card numbers)

Information We Collect Automatically

Usage Data: Features used, time spent, click patterns, pages visited

Device Information: Browser type and version, operating system, IP address, device identifiers

Performance Data: Error logs, loading times, API response times, system performance metrics

Analytics: Aggregated usage statistics (anonymized and cannot identify individual users)

Authentication Data: Login timestamps, session tokens (JWT), refresh tokens

2. How We Use Your Information

To Provide Our Service:

  • Process and optimize your resumes using AI technology (OpenAI GPT-4)
  • Generate personalized cover letters tailored to job descriptions
  • Provide ATS (Applicant Tracking System) compatibility scoring and detailed analysis
  • Match your resume with relevant job opportunities via Adzuna Job Search API
  • Track your job applications, interviews, and application status
  • Enable secure authentication and session management

To Improve Our Service:

  • Analyze usage patterns to enhance user experience
  • Train and improve our AI models (using anonymized data only - never your personal resume content)
  • Fix bugs and improve system performance and reliability
  • Develop new features based on user feedback and needs
  • Monitor system security and prevent fraudulent activities

To Communicate With You:

  • Send account-related notifications and updates via email (Resend email service)
  • Provide customer support and technical assistance
  • Share product updates and new features (with your consent)
  • Send security alerts and important service announcements
  • Process billing communications and payment confirmations

3. Third-Party Services and Data Sharing

We Do NOT Sell Your Personal Information.

We never sell, rent, or trade your personal data to third parties for marketing purposes.

We Use the Following Trusted Third-Party Services:

OpenAI (AI Processing)

Purpose: Powers our AI resume optimization and cover letter generation

Model: GPT-4

Data Shared: Resume content, job descriptions (temporarily processed)

Retention: OpenAI retains API data for 30 days for abuse monitoring, then deletes it. Your data is NOT used to train OpenAI's models.

Privacy Policy: openai.com/privacy

Stripe (Payment Processing)

Purpose: Secure payment processing and subscription management

Data Shared: Billing information, email address, subscription status

Security: PCI DSS Level 1 certified. We never store credit card numbers on our servers.

Privacy Policy: stripe.com/privacy

Adzuna (Job Matching API)

Purpose: Find and suggest relevant job opportunities matching your resume

Data Shared: Job search queries, location, job titles, skills (no personal identifying information)

Privacy Policy: adzuna.com/about/privacy

Supabase (File Storage)

Purpose: Secure file storage for resumes and documents

Data Shared: Uploaded resume files and documents

Security: Encrypted at rest, access-controlled storage buckets

Privacy Policy: supabase.com/privacy

Resend (Email Delivery)

Purpose: Transactional emails (account verification, password resets, notifications)

Data Shared: Email address, name, email content

Privacy Policy: resend.com/legal/privacy-policy

Neon Database (Data Storage)

Purpose: Secure PostgreSQL database hosting

Infrastructure: Hosted on AWS (Amazon Web Services)

Security: SOC 2 Type II certified, encryption at rest and in transit

Privacy Policy: neon.tech/privacy-policy

Railway (Backend Hosting)

Purpose: Backend API server hosting and infrastructure

Infrastructure: Cloud infrastructure for API services

Data Shared: Server logs, performance metrics

Privacy Policy: railway.app/legal/privacy

Vercel (Frontend Hosting)

Purpose: Web application hosting and content delivery

Infrastructure: Global CDN for fast content delivery

Data Shared: Usage analytics, performance metrics

Privacy Policy: vercel.com/legal/privacy-policy

Sentry (Error Monitoring)

Purpose: Application error tracking and performance monitoring

Data Shared: Error logs, stack traces, performance data (no personal information)

Privacy Policy: sentry.io/privacy

Other Limited Sharing Circumstances:

  • Legal Requirements: When required by law, court order, subpoena, or to protect our rights, safety, and property
  • Business Transfers: In the event of a merger, acquisition, or sale of assets (we will provide advance notice and options to users)
  • Aggregated Data: We may share aggregated, anonymized statistics that cannot identify individual users for research or marketing purposes
  • With Your Consent: Any other sharing will only occur with your explicit consent

4. Data Security and Protection

We implement industry-standard security measures to protect your data:

Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3

Encryption at Rest: All stored data is encrypted using AES-256-GCM encryption in our Neon database and Supabase storage

Password Security: Passwords are hashed using bcrypt with salt (12 rounds) before storage. We never store plain-text passwords.

Secure Authentication: We use JWT (JSON Web Tokens) with secure, HTTP-only cookies for session management

Two-Factor Authentication: Optional 2FA available using TOTP (Time-based One-Time Password) for enhanced account security

Access Controls: Strict employee access controls with multi-factor authentication and role-based permissions

Infrastructure Security: Hosted on SOC 2 Type II compliant infrastructure (Neon/AWS, Railway, Vercel)

Security Monitoring: 24/7 automated monitoring via Sentry for suspicious activities and security threats

Rate Limiting: API rate limiting to prevent abuse and brute force attacks

Regular Backups: Automated daily backups with point-in-time recovery capability

Incident Response: Documented procedures for detecting, responding to, and notifying users of security incidents within 72 hours

While we implement strong security measures, no system is 100% secure. We continuously monitor and improve our security practices.

5. Your Privacy Rights

You have the following rights regarding your personal data:

Right to Access: Request a copy of all personal data we hold about you

We'll provide this within 30 days in machine-readable format (JSON)

Right to Correction: Update or correct inaccurate information in your account settings

You can update most information directly in your account

Right to Deletion: Request deletion of your account and all associated data

Available in account settings. Data deleted within 30 days, except where legal retention required

Right to Portability: Export your data in JSON or PDF format

Download your resumes, cover letters, and profile data anytime

Right to Opt-out: Unsubscribe from marketing communications (you'll still receive essential account emails)

Right to Restriction: Request we limit how we process your data

Right to Object: Object to processing based on legitimate interests

How to Exercise Your Rights:

Email [email protected] or use your account settings. We'll verify your identity and respond within 30 days.

State-Specific Privacy Rights:

California Residents (CCPA/CPRA): You have the right to know what personal information we collect, how it's used, request deletion, opt-out of sale (we don't sell data), and non-discrimination for exercising your rights.

Virginia, Colorado, Connecticut, Utah Residents: Similar rights to CCPA including access, deletion, correction, and opt-out of targeted advertising and profiling.

EU/UK Residents (GDPR): All rights listed above, plus the right to lodge complaints with your local Data Protection Authority and withdraw consent at any time.

6. Data Retention

We retain your data for the following periods:

  • Account Data: Retained while your account is active and for 30 days after deletion request
  • Resume Content: Deleted immediately when you delete individual resumes or within 30 days of account closure
  • Cover Letters: Deleted immediately when removed or within 30 days of account closure
  • Application Tracking Data: Retained while account is active, deleted within 30 days of account closure
  • OpenAI Processing: Resume content sent to OpenAI is retained by them for 30 days for abuse monitoring, then permanently deleted
  • Usage Analytics: Aggregated, anonymized data retained for up to 2 years for service improvement
  • Payment Records: Retained for 7 years as required by financial regulations and tax laws
  • Support Communications: Retained for 2 years for quality assurance and legal compliance
  • Legal Obligations: Some data may be retained longer when required by law, pending litigation, or regulatory investigation

7. Cookies and Tracking Technologies

We use the following cookies and tracking technologies:

Essential Cookies (Required)

Cannot be disabled as they're necessary for the site to function:

  • accessToken: JWT authentication token (expires in 1 hour)
  • refreshToken: Session refresh token (expires in 7 days)
  • session: Session management cookie

Preference Cookies (Optional)

Remember your settings and preferences (theme, language, notification preferences)

Analytics Cookies (Optional)

Help us understand how you use our service:

  • Google Analytics (anonymized IP)
  • Page views and navigation patterns
  • Feature usage statistics

You can disable these in your browser or account settings

Managing Cookies:

You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from using our service.

Do Not Track (DNT):

We respect DNT browser settings. When DNT is enabled, we disable optional analytics tracking.

8. International Data Transfers

Primary Location: Our service is based in the United States. Data is stored on AWS servers and distributed globally via Vercel's CDN.

International Users: If you access our service from outside the United States, your information will be transferred to, stored, and processed in the US.

EU/UK Users: We ensure appropriate safeguards for international transfers, including:

  • Standard Contractual Clauses (SCCs) with our service providers
  • Adequacy decisions where applicable
  • GDPR-compliant data processing agreements

Data Protection: Regardless of where your data is processed, we maintain the same level of protection and comply with applicable privacy laws.

9. Children's Privacy

Age Requirement: Our service is not intended for individuals under 16 years of age.

No Knowingly Collection: We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will delete it immediately.

Parental Notice: If you believe your child under 16 has provided us with personal information, please contact us immediately at [email protected]

10. AI and Automated Decision-Making

AI-Powered Features: We use OpenAI's GPT-4 model to optimize resumes and generate cover letters.

Human Oversight: While AI suggests improvements, you always have final control over your content. We do not make automated decisions that significantly affect you without human review.

AI Training: Your personal resume content is NOT used to train AI models. OpenAI processes your data only to provide our service and deletes it after 30 days.

Transparency: All AI-generated suggestions are clearly marked, and you can accept, modify, or reject them.

11. Changes to This Policy

Updates: We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

Notification: Material changes will be communicated via:

  • Email notification to your registered email address
  • Prominent notice on our website
  • In-app notification upon login

Advance Notice: You'll receive at least 30 days' notice before material changes take effect.

Your Options: If you disagree with changes, you may delete your account before they take effect. Continued use after changes constitutes acceptance.

Version History: Previous versions are available upon request at [email protected]

12. Contact Us

If you have questions about this privacy policy, our privacy practices, or wish to exercise your rights, please contact us:

Company Information:

Tin Dev Studios Inc. (Resulinx)

Dallas, Texas, United States

Privacy Inquiries:

[email protected]

General Support:

[email protected]

Response Time:

We respond to privacy requests within 30 days (or as required by applicable law)

EU/UK Users - Supervisory Authority:

You have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your privacy concerns.