Privacy Policy

Last updated: March 25, 2026

Information We Collect

ResumeRoo collects various types of information to provide and improve our services. We are committed to being transparent about what we collect and why, in accordance with Australian Privacy Principles (APP 1 and APP 5).

  • Account Information: Name, email address, and password when you create an account.
  • Resume Data: Your uploaded resumes, work experience, education, skills, and other professional information you provide.
  • Usage Data: Information about how you use our services, including pages visited, features used, and time spent.
  • Device Information: IP address, browser type, operating system, and device identifiers.
  • Communication Data: Records of your communications with us, including support requests.

How We Use Your Information

We use the collected information for the following purposes (APP 6):

  • Providing and maintaining our resume analysis and generation services
  • Processing and analyzing your resumes against APS criteria using AI technology
  • Communicating with you about your account and services
  • Sending you important notices about service changes or updates
  • Ensuring security and preventing fraud
  • Complying with legal obligations
  • Improving our services based on aggregated, anonymized data

AI Processing and Third-Party Services

ResumeRoo uses artificial intelligence to analyze and improve your resumes. This involves sharing certain data with third-party AI service providers:

  • OpenRouter API: We use OpenRouter to access AI models for resume analysis and generation. Your resume content may be processed by these AI services to provide our core functionality.
  • Data Processing Agreements: We have appropriate agreements in place with our AI providers to ensure your data is processed securely and not used for training their models without your consent.

Your Data and AI

We do not use your personal resume data to train our own AI models without your explicit consent. AI processing is used solely to provide the services you request.

Data Storage and Security

We implement industry-standard security measures to protect your information (APP 11):

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest
  • Secure Authentication: Password hashing using bcrypt, session management, and multi-factor authentication options
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Infrastructure: Data is stored on DigitalOcean servers, which may include locations outside Australia
  • Regular Audits: Security assessments and vulnerability testing

Cross-Border Data Transfer: Your data may be stored on servers located outside Australia. We take reasonable steps to ensure that overseas recipients handle your data in accordance with Australian Privacy Principles.

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

  • Active Accounts: Data is retained while your account is active and for a reasonable period thereafter
  • Resumes and Documents: Stored until you delete them or close your account
  • Account Deletion: When you delete your account, we initiate deletion of your personal data within 30 days
  • Backups: Residual data may exist in backups for up to 90 days after deletion
  • Legal Requirements: Some data may be retained longer if required by law or for legitimate business purposes

Your Rights

You have the following rights regarding your personal information (APP 12 and APP 13):

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal requirements)
  • Data Portability: Request an export of your data in a machine-readable format
  • Withdraw Consent: Withdraw consent for data processing where applicable
  • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached your privacy

To exercise these rights, please contact us using the information provided below. We will respond within 30 days.

Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Authenticate your session and keep you logged in
  • Remember your preferences and settings
  • Analyze website traffic and usage patterns
  • Improve user experience and functionality

You can manage your cookie preferences through your browser settings. For more details, please refer to our Cookie Policy.

Data Sharing and Disclosure

We respect your privacy and do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With trusted third parties who assist in operating our platform (hosting, AI processing, analytics)
  • Legal Requirements: When required by law, court order, or government authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly consent to the sharing

Your Data Stays Yours

We do not share your resume content with other users or third parties for marketing purposes. Your professional information remains private and secure.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by:

  • Posting the new policy on our website with an updated date
  • Sending an email notification to registered users for significant changes
  • Displaying a prominent notice on our platform

Your continued use of our services after the effective date constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or wish to exercise your privacy rights, please contact us.

We will respond to your inquiry within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Questions? Contact us