✦ Legal

Privacy Policy

Last updated: April 18, 2026

This policy explains what data Resume Builder (operated by JobGuarder) collects, how we use it, how we protect it, and what rights you have over it.

1. Introduction

We take your privacy seriously. Resume Builder stores only the data we need to provide the Service — your account details and the resume content you choose to save. We never sell your data.

2. What data we collect

a. Account data

Name, email address, and a salted bcrypt hash of your password (we never store your plain password). If you register via Google or LinkedIn, we receive your name and email from them via OAuth.

b. Resume content

Everything you type into the resume builder — contact details, experience, education, skills, summaries, and so on.

c. Usage data

Basic product telemetry: pages visited, features used, and error logs. Used to improve the product and diagnose issues.

d. OAuth data

If you sign in with Google or LinkedIn, we receive your name, email address, and provider ID (an opaque identifier) from those providers.

3. How we use your data

  • To provide the resume-building, exporting, and AI-rewrite features you invoke.
  • To send transactional emails — password reset links and welcome messages.
  • To improve the product via anonymised, aggregated analytics.
  • We never sell your data to third parties.
  • We never use your resume content to train AI models.

4. AI provider data sharing

When you invoke an AI feature (rewrite, generate, review), the specific text you are working on is transmitted to our AI provider (currently Groq) so the model can produce a result. We send only the minimum text required — not your full resume.

Groq's privacy policy: groq.com/privacy-policy. We instruct providers not to train on your content where that option is available.

5. Data retention

  • Active accounts: your data is retained as long as your account is active.
  • Soft-deleted resumes: flagged as deleted immediately and permanently removed after 30 days.
  • Account deletion: when you request account deletion, all your data is permanently removed within 90 days.

6. Your rights

You have the right to:

  • Access the data we hold about you (export).
  • Correct any data that is inaccurate.
  • Delete your account and all associated data.
  • Withdraw consent for optional processing at any time.

Contact privacy@smartairesumes.com to exercise these rights.

7. Cookies

  • sar_token: HTTP-only session cookie (sameSite=lax, 7-day expiry) used to keep you logged in.
  • OAuth sign-in CSRF protection uses short-lived server-side keys in our cache (Redis), not extra cookies — they expire after 5 minutes and are deleted after a successful callback.
  • No third-party advertising cookies.
  • No cross-site tracking pixels.

8. Security

  • Passwords are hashed with bcrypt (cost factor 12).
  • Data in transit is protected by HTTPS in production.
  • Data at rest is encrypted by our database provider (MongoDB Atlas).
  • Access to production data is limited to authorised operations personnel.

9. Children

The Service is not directed at children under 13. If we discover that we have collected personal information from a child under 13 without parental consent, we will delete it.

10. Changes to this policy

We may update this policy from time to time. For material changes we will notify registered users by email. Continued use of the Service after an update constitutes acceptance of the updated policy.

11. Contact

Questions or concerns about privacy? Reach us at privacy@smartairesumes.com.

See also the Terms of Service. Privacy questions? Email privacy@smartairesumes.com.