Privacy Policy

1. Who we are

ResumeLens ("we", "us", "our") operates the website resumelens.ai and provides an AI-powered CV analysis and job matching service. We are committed to protecting your personal data and handling it responsibly in accordance with UK data protection law (UK GDPR and the Data Protection Act 2018).

If you have any questions about this policy, contact us at: privacy@resumelens.ai

2. What data we collect

We collect the following categories of personal data:

• Account data — your name, email address, and encrypted password when you register.
• CV / resume files — PDF files you upload for analysis. These are processed temporarily and stored securely in Azure Blob Storage.
• Job descriptions — text you paste into the tool for matching purposes.
• Analysis results — match scores, improvement tips, and comparison results associated with your account.
• Usage data — pages visited, features used, and timestamps, collected to improve the service.
• Technical data — IP address, browser type, and device information collected automatically.

3. How we use your data

We use your data for the following purposes:

• To provide and operate the ResumeLens service
• To analyse your CV against job descriptions using AI
• To store and display your analysis history
• To manage your account and authenticate your identity
• To send you service-related communications (account confirmations, password resets)
• To improve and develop the service based on usage patterns
• To comply with legal obligations

We do not use your CV data to train AI models. Your documents are used solely to generate the analysis you request.

4. Legal basis for processing

Under UK GDPR, we process your data under the following legal bases:

• Contract performance — to deliver the service you signed up for
• Legitimate interests — to improve the service, prevent fraud, and ensure security
• Legal obligation — where we are required to process data by law
• Consent — for any optional communications such as marketing emails

5. Third parties we share data with

We share your data only with the following trusted third-party services, which are necessary to operate ResumeLens:

• OpenAI — CV and job description text is sent to OpenAI's API to generate analysis results. OpenAI processes this data under their API data usage policy and does not use API inputs to train their models by default.
• Microsoft Azure — your data is stored securely in Azure Storage (UK region). Azure is certified under ISO 27001 and complies with UK GDPR.
• Auth0 (Okta) — manages account authentication and stores your login credentials securely.

We do not sell your data to any third party. Ever.

6. Data retention

We retain your account and analysis data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or accounting purposes.

Uploaded CV files are stored in Azure Blob Storage and are retained for the duration of your account. You may request deletion at any time.

7. Your rights

Under UK GDPR, you have the following rights:

• Right of access — to request a copy of the data we hold about you
• Right to rectification — to correct inaccurate or incomplete data
• Right to erasure — to request deletion of your data ("right to be forgotten")
• Right to restrict processing — to limit how we use your data
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — to object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent

To exercise any of these rights, contact us at privacy@resumelens.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use essential cookies only — these are required for authentication and session management. We do not use advertising or tracking cookies. No cookie consent banner is required for essential cookies under UK law.

9. Security

We take security seriously. All data is transmitted over HTTPS. Passwords are hashed and never stored in plain text. CV files are stored in private Azure Blob containers with no public access. We conduct regular security reviews of our infrastructure.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date at the top of this page. For significant changes, we will notify you by email. Continued use of ResumeLens after changes are posted constitutes your acceptance of the updated policy.