Privacy Policy

ResiMatch.AI ("we," "us," or "our") is an AI-powered job digest platform that aggregates job listings from multiple sources, applies intelligent filters and AI scoring, and delivers personalized job digests to our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, application, and related services (collectively, the "Service").

This policy applies to all users of the Service, including visitors to our marketing pages, registered account holders, and API consumers. By accessing or using ResiMatch.AI, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

We collect information in the following categories:

2.1 Account Information

When you create an account, we collect your name and email address. If you authenticate via a third-party provider (such as Google), we receive the profile information you authorize that provider to share with us.

2.2 Resume Data

If you upload a resume for AI-powered job matching, we parse the document to extract structured data including skills, work experience, education history, and certifications. The original file and parsed data are stored securely to enable our matching and scoring features. You may delete your resume data at any time through your account settings.

2.3 Job Search Preferences

We collect the saved searches, filters, preferred locations, job categories, salary ranges, and other preferences you configure. This data is used to curate and deliver your personalized job digests.

2.4 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, browser type, operating system, and device information. This data is collected through server logs and first-party analytics.

2.5 Payment Information

When you subscribe to a paid plan, payment processing is handled entirely by Stripe, our third-party payment processor. We do not receive, store, or process your credit card number, CVV, or full payment card details. We receive only a confirmation of payment status, the last four digits of your card, and your Stripe customer identifier for billing management purposes.

We use the information we collect for the following purposes:

• Service delivery: To operate and provide the core Service, including aggregating job listings, applying your saved search filters, assembling job digests, and delivering them via email, webhook, or API.
• AI scoring: To analyze your resume against job listings using our AI matching system (powered by AWS Bedrock) to generate relevance scores and skill match assessments. AI scoring is an opt-in feature that you can disable at any time.
• Platform improvement: To understand how users interact with the Service, identify areas for improvement, develop new features, and fix bugs. Usage data is aggregated and anonymized before analysis wherever possible.
• Communications: To send transactional emails (account verification, password resets, billing receipts), deliver your scheduled job digests, and notify you of material changes to our Service or policies. We do not send unsolicited marketing emails without your explicit consent.
• Security and fraud prevention: To detect and prevent fraudulent activity, abuse, and unauthorized access to the Service.

We do not sell your personal data. We do not rent, trade, or otherwise make your personal information available to third parties for their marketing purposes.

We share information only with the following categories of third-party service providers who process data on our behalf:

• Amazon Web Services (AWS): Cloud infrastructure hosting, data storage, AI/ML processing (via AWS Bedrock for job matching), and email delivery (via Amazon SES). Data is processed in AWS data centers in the United States.
• Stripe: Payment processing for subscription billing. Stripe receives only the payment information necessary to process your transactions. See Stripe's Privacy Policy.
• Job data providers: We query third-party job listing APIs to aggregate job postings. We send only your search criteria (job titles, locations, keywords) to these providers, never your personal identity or resume data.

We may also disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

We retain your account information and service data for as long as your account is active and as needed to provide you with the Service. Our specific retention practices are:

• Account data: Retained while your account is active. Upon account deletion, your account data (name, email, preferences, saved searches) is permanently deleted within 30 days.
• Resume data: Purged immediately upon deletion from your account settings. When you delete your account, all associated resume data is deleted immediately as part of the deletion process.
• Usage logs: Anonymized and aggregated usage data may be retained indefinitely for analytics purposes. Server logs containing IP addresses are retained for no more than 90 days.
• Billing records: Transaction records are retained as required by applicable tax and financial regulations, typically for a period of seven years.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of any inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data. You can delete your account at any time from your account settings, which initiates the deletion process described in Section 5.
• Data export: Request a machine-readable export of your personal data, including your profile information, saved searches, and resume data.
• Opt-out of AI scoring: You may disable AI-powered resume-to-job scoring at any time through your account settings without affecting your ability to use other features of the Service.
• Withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time.

To exercise any of these rights, contact us at privacy@resimatch.ai. We will respond to your request within 30 days. For users in the European Economic Area, we comply with GDPR requirements for data subject access requests.

We take the security of your personal information seriously and implement industry-standard measures to protect it, including:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: All stored data, including resume files and database records, is encrypted at rest using AES-256 encryption.
• Access controls: Access to personal data is restricted to authorized personnel on a need-to-know basis, enforced through role-based access controls and multi-factor authentication.
• API security: API keys are hashed before storage. Webhook payloads are signed with HMAC-SHA256 to ensure integrity.
• Regular audits: We conduct regular security assessments, including static analysis security testing (SAST), software composition analysis (SCA), and dependency vulnerability scanning.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we commit to promptly notifying affected users in the event of a data breach as required by applicable law.

ResiMatch.AI uses a minimal set of cookies that are necessary for the operation of the Service:

• Session cookies: Essential cookies used to maintain your authenticated session. These are strictly necessary for the Service to function and cannot be disabled.
• Preference cookies: Used to remember your settings, such as your preferred theme (light or dark mode) and interface language. These cookies improve your experience but are not required.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track you across other websites. We do not participate in cross-site tracking or ad networks.

ResiMatch.AI is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@resimatch.ai.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email at the address associated with your account at least 30 days before the changes take effect. We will also update the "Last updated" date at the top of this page.

Non-material changes (such as clarifications or formatting updates) may be made without prior notice. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

privacy@resimatch.ai

We aim to respond to all inquiries within 30 days. If you are located in the European Economic Area and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.