Privacy Policy

Last updated: April 14, 2026

1. Data Controller

Resums Online ("we", "us", "our") operates the website resums.online. We are committed to protecting the privacy and personal data of our users ("you") in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Portuguese data protection legislation (Lei n.o 58/2019).

Contact: privacy@resums.online

2. Data We Collect

We collect and process the following categories of personal data:

  • Account data: name, email address, encrypted password, company name.
  • Recruitment data: resumes/CVs uploaded by you (PDF, DOCX, images), candidate names, contact details, and professional information contained in those documents.
  • Usage data: pages visited, features used, timestamps, IP address, browser type.
  • Payment data: processed securely by Stripe. We do not store credit card numbers.
  • Communication data: email addresses and message content when you use our email integration features.

3. Purpose and Legal Basis

Purpose Legal Basis
Provide and maintain the serviceContract performance (Art. 6(1)(b))
AI-powered CV analysis and rankingContract performance (Art. 6(1)(b))
Process payments and manage subscriptionsContract performance (Art. 6(1)(b))
Send service-related communicationsLegitimate interest (Art. 6(1)(f))
Improve our service and fix errorsLegitimate interest (Art. 6(1)(f))
Comply with legal obligationsLegal obligation (Art. 6(1)(c))

4. AI Processing

We use artificial intelligence to analyze resumes against job-specific competencies. This processing:

  • Is performed to fulfill our contract with you (the recruitment analysis service).
  • Produces scores and rankings as decision-support tools, not automated final decisions.
  • Does not result in profiling that produces legal effects. Final hiring decisions are always made by humans.
  • Uses third-party AI providers (DeepSeek, OpenRouter) who process data under our instructions as sub-processors.

5. Data Sharing

We share personal data only with:

  • Stripe: payment processing (PCI DSS certified).
  • AI providers: resume text is sent for analysis (no data retained by providers beyond processing).
  • Google Calendar: if you use interview scheduling integration.
  • Sentry: error tracking (anonymized where possible).
  • Hosting provider: our servers are located in Germany (EU).

We do not sell personal data. We do not share data with advertisers.

6. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account deletion.
  • Uploaded resumes: retained while your account is active. You may delete individual resumes at any time.
  • Payment records: retained for 7 years as required by Portuguese tax law.
  • Usage logs: retained for 12 months, then anonymized or deleted.

7. Your Rights (GDPR)

You have the right to:

  • Access your personal data (Art. 15).
  • Rectify inaccurate data (Art. 16).
  • Erase your data ("right to be forgotten") (Art. 17).
  • Restrict processing (Art. 18).
  • Data portability — receive your data in a structured format (Art. 20).
  • Object to processing based on legitimate interest (Art. 21).
  • Withdraw consent at any time, where consent is the legal basis.

To exercise any of these rights, contact us at privacy@resums.online. We will respond within 30 days.

You may also file a complaint with the Portuguese Data Protection Authority (CNPD): www.cnpd.pt.

8. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/SSL) and at rest.
  • Email passwords encrypted with Fernet symmetric encryption.
  • Database-level locking to prevent race conditions.
  • Rate limiting on sensitive endpoints.
  • Regular security monitoring via Sentry.

9. Cookies

We use strictly necessary cookies for session management and authentication. We do not use advertising or tracking cookies. If we integrate analytics in the future, we will update this policy and request your consent.

10. International Transfers

Our servers are located within the European Union (Germany). When data is processed by AI providers outside the EU, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where applicable.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via email or in-app notice. Continued use of the service after changes constitutes acceptance.

12. Contact

For any questions about this policy or your data, contact us at:
privacy@resums.online