Privacy Policy
At ResuMaxxing, privacy is not a passive legal checkbox—it is a core engineering constraint. We operate under a model of absolute utility and minimal data footprint.
Zero AI Training
We process text via enterprise APIs. Your career experience is strictly transient and is never used to train public models.
On-Server Extractors
PDF parsing is executed entirely locally on our cloud servers. We do not transmit your files to external OCR APIs.
Instant Purge
Deleting your account initiates an immediate database query to erase all resume content and records instantly.
01 / Introduction
ResuMaxxing ("we", "our", or "the Service") provides an online platform that enables users to build, format, track, and optimize professional resumes and job applications. This Privacy Policy outlines what information we collect, how it is handled, and your options regarding your personal data. By creating an account or using any feature of the Service, you agree to this Privacy Policy.
02 / Information We Collect
Authentication is managed securely by Clerk. When you sign up, Clerk stores your email address, and if you choose Google or GitHub Sign-In, your basic profile information (such as name and avatar). No password credentials reside directly in our database.
When you upload a PDF resume, we extract raw text on our server using pdfplumber. The uploaded document is parsed in memory and is not stored. We send the extracted plain text to our AI processing model solely to match and populate your Master Profile.
Data you enter or update in your Master Profile (e.g. contact details, experience bullets, projects, education, technical skills, languages, awards) is securely saved in our relational MySQL database only when you hit the "Save Changes" action. Unsaved modifications remain in your browser session and are not transmitted.
03 / Third-Party Data Integrations
To maintain system performance and security, we only use a limited number of necessary third-party service providers. We never sell, rent, or trade your data to third parties.
- Clerk: Identity management, authentication sessions, and secure user profile storage.
- OpenAI API: Used for matching, scoring, and generating resume achievements. Under our OpenAI developer API configuration, OpenAI is contractually prohibited from using our data inputs for training public AI models.
04 / Billing & Transaction Security
Currently, authorization and feature access are controlled via pre-generated redeem codes. We do not collect credit cards, bank accounts, or financial transactions.
To ensure total separation of financial data, future premium packages will be handled exclusively by Lemon Squeezy as our Merchant of Record. At no point will your payment cards or billing credentials touch, transit, or reside on ResuMaxxing servers.
05 / Data Retention & Webhook Scrubbing
We store your structured resume details for as long as your account exists. If you choose to delete your account, your profile is permanently scrubbed.
Clerk Webhook Sync: Initiating an account deletion triggers an automated Clerk webhook listener on our backend server. This instantly executes a cascade purge that deletes all stored master profiles, resume structures, and tracked jobs from our database.
06 / Cookies & Session Analytics
We use strictly necessary technical cookies and local storage items required to keep you signed in, manage token verification, and store client-side builder drafts. We do not load marketing trackers, Facebook Pixels, or cross-site tracking beacons.
07 / Your Rights & Choice
Regardless of your location, you have the right to access, edit, or delete the personal information we hold. You can review your profile in the dashboard or export your complete JSON resume structure. For assistance or data-related inquiries, contact support at support@resumaxxing.tech.
08 / Changes to This Policy
We reserve the right to amend or update this Privacy Policy at any time. When modifications are made, we will adjust the revision date at the top of the page. Your continued use of the Service following any updates constitutes acceptance of the new policy terms.
09 /Children's Privacy
Our Service is intended exclusively for individuals who are at least 13 years of age. We do not knowingly solicit or collect data from children under 13. If we become aware that we have inadvertently collected information from a child under 13, we will immediately delete that information from our database.
SYSTEM_LOG // PRIVACY_PROTOCOL_ACTIVE // NO_MARKETING_COOKIES
ENCRYPTION_STATUS // AES_256_ACTIVE // TRANSIT_TLS_1_3
For inquiries regarding privacy engineering, email security@resumaxxing.tech.