Privacy
Policy.
Last updated: May 22, 2026
The short version: we collect what we need to score your resume, we don't sell your data, and you can delete your account at any time.
- • We collect: your email (if you sign in), the resume text you submit, and your audit history.
- • We don't sell your data. Ever.
- • Payments go through Stripe — we never see your card number.
- • Email hello@resumelab.co.ke to delete your account and we'll wipe everything within 30 days.
Who we are
ResumeLab (“we”, “us”) provides AI-powered resume evaluation and rewriting. We're the data controller for the personal data described in this policy. Contact us at hello@resumelab.co.ke.
Data we collect
We collect only what we need to run the Service:
- Account data — email, name, profile picture (from Google OAuth if you sign in).
- Resume content — the text, PDF, DOCX, or LinkedIn copy you submit for analysis.
- Audit data — scores, AI rewrites, cover letters, evaluation timestamps.
- Subscription data — Stripe customer ID, subscription status, billing-period dates. We never see or store full card numbers — Stripe handles that.
- Marketing list data — email + source tag if you opt in via the launch list or exit-intent form.
- Technical data — IP address (used for the free-tier rate limit), user-agent, timestamps of requests. Not used for tracking ads.
We do NOT use cookies for advertising or third-party tracking.
Why we use it (legal basis)
- Contract — to run the audits and subscriptions you signed up for.
- Legitimate interest — to keep the Service secure, prevent abuse, and improve features.
- Consent — for the launch-list / marketing emails (you can unsubscribe anytime).
- Legal obligation — to comply with tax, accounting, and regulatory requirements.
Who we share data with (sub-processors)
We share data only with trusted vendors needed to run the Service:
We sign data-processing agreements with these vendors and never sell your data.
How long we keep data
- Account + audits — until you delete your account.
- Anonymous IP-trial data — 30 days, then auto-pruned.
- Subscriber email list — until you unsubscribe.
- Billing records — 7 years (tax law).
- Server logs — 30 days.
Your rights (GDPR, CCPA & friends)
You can ask us at any time to:
- Access a copy of your personal data
- Correct inaccurate or incomplete data
- Delete your account and all associated data (right to erasure)
- Export your audits in a portable format (data portability)
- Object to certain processing or withdraw consent for marketing
- Lodge a complaint with a supervisory authority (e.g. ODPC Kenya, ICO UK)
Email hello@resumelab.co.ke and we'll respond within 30 days.
Security
We use HTTPS for all traffic, encrypted storage at the hosting layer, OAuth-based authentication (no app-managed passwords), and isolated payment handling via Stripe. Despite this, no system is 100% secure — if we ever detect a breach affecting your data we will notify you within 72 hours.
International transfers
Some of our sub-processors are located in the United States. Where we transfer EU/UK personal data outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) or adequacy decisions.
Children
ResumeLab is intended for users aged 16 and older. We don't knowingly collect data from children under 16. If you believe we have, contact us and we'll delete it.
Changes to this policy
We may update this policy. We'll post the latest version at /privacy and update the “Last updated” date at the top. Material changes will also be announced via email if you have an account.
Contact
Privacy questions: hello@resumelab.co.ke.