Privacy Policy

Last updated: 21 March 2026|~7 min read

UK GDPR compliant · Data hosted in the UK

Data residency: United Kingdom

Who we are

ResumeLens ("we", "us", "our") operates the website resumelens.ai and provides an AI-powered CV analysis and job matching service. We are committed to protecting your personal data and handling it responsibly in accordance with UK data protection law (UK GDPR and the Data Protection Act 2018).

If you have any questions about this policy, contact us at: privacy@resumelens.ai

What data we collect

We collect the following categories of personal data:

Account data

Name, email, and encrypted password when you register.

CV / resume files

PDF uploads processed temporarily and stored securely in Azure Blob.

Job descriptions

Text you paste into the tool for matching purposes.

Analysis results

Match scores, improvement tips, and comparisons linked to your account.

Usage data

Pages visited, features used, timestamps — collected to improve the service.

Technical data

IP address, browser type, and device information collected automatically.

How we use your data

We use your data for the following purposes:

To provide and operate the ResumeLens service
To analyse your CV against job descriptions using AI
To store and display your analysis history
To manage your account and authenticate your identity
To send you service-related communications (account confirmations, password resets)
To improve and develop the service based on usage patterns
To comply with legal obligations

We do not use your CV data to train AI models. Your documents are used solely to generate the analysis you request.

Legal basis for processing

Under UK GDPR, we process your data under the following legal bases:

Contract performance — to deliver the service you signed up for
Legitimate interests — to improve the service, prevent fraud, and ensure security
Legal obligation — where we are required to process data by law
Consent — for any optional communications such as marketing emails

Third parties we share data with

We share your data only with the following trusted third-party services, which are necessary to operate ResumeLens:

OpenAI
AI inferenceSub-processor
CV and job description text is sent to OpenAI's API to generate analysis results. Inputs are not used to train models by default.
Microsoft Azure
Hosting & storageSub-processor
Data is stored securely in Azure Storage (UK region). Azure is certified under ISO 27001 and complies with UK GDPR.
Auth0 (Okta)
AuthenticationSub-processor
Manages account authentication and stores login credentials securely.
Google Analytics
AnalyticsSub-processor
Collects aggregated usage data (pages visited, traffic sources, device type) to help us understand how the service is used. IP addresses are anonymised. No CV content or personal account data is sent.
Microsoft Clarity
Product analyticsSub-processor
Records anonymised session interactions (clicks, scrolls, heatmaps) so we can improve usability. Form inputs and uploaded content are masked by default. No CV files are captured.

We do not sell your data to any third party. Ever.

Data retention

We retain your account and analysis data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or accounting purposes.

Uploaded CV files are stored in Azure Blob Storage and are retained for the duration of your account. You may request deletion at any time.

Your rights

Under UK GDPR, you have the following rights:

Right of access

Request a copy of the data we hold about you.

Right to rectification

Correct inaccurate or incomplete data.

Right to erasure

Request deletion of your data (“right to be forgotten”).

Right to restrict processing

Limit how we use your data.

Right to data portability

Receive your data in a structured, machine-readable format.

Right to object

Object to processing based on legitimate interests.

Right to withdraw consent

Where processing is based on consent.

To exercise any of these rights, contact us at privacy@resumelens.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Cookies

We use two categories of cookies:

Essential cookies — required for authentication and session management. These cannot be disabled.
Analytics cookies — set by Google Analytics and Microsoft Clarity to help us understand how the service is used. These are only loaded after you accept analytics via our cookie banner and can be withdrawn at any time.

We do not use advertising or third-party marketing cookies.

Security

We take security seriously. All data is transmitted over HTTPS. Passwords are hashed and never stored in plain text. CV files are stored in private Azure Blob containers with no public access. We conduct regular security reviews of our infrastructure.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date at the top of this page. For significant changes, we will notify you by email. Continued use of ResumeLens after changes are posted constitutes your acceptance of the updated policy.

Questions about your data?

Our team responds to privacy requests within 30 days.

Email privacy team Visit Contact page