Privacy Policy

Controller: Optima Resume ("we", "us", "our").

Privacy contact: support@optimaresume.app

For legal information, see the Legal Notice page.

• Uploaded documents and extracted resume data needed to generate output (for example CV/resume content fields).
• Technical and security data (for example request metadata, hashed IP-based abuse prevention signals, and service logs).
• Service interaction data (selected output language/template and download counter interaction).
• Communication data if you contact support/legal/privacy channels.
• Client-side storage data required for essential functionality (for example local cache values).

• Service delivery (CV/resume generation and PDF output): GDPR Article 6(1)(b) (contract/performance of requested service).
• Security, fraud prevention, abuse/rate-limit controls, and service reliability: GDPR Article 6(1)(f) (legitimate interests).
• Compliance with legal obligations and law-enforcement requests where applicable: GDPR Article 6(1)(c).
• Optional consent-based processing where legally required (for example non-essential cookies): GDPR Article 6(1)(a) and ePrivacy rules.

Based on the current implementation, uploaded files are sent to our backend function and processed through infrastructure/providers used to run the service, including:

• Supabase infrastructure (API/runtime/database components) used for endpoint execution and counter/rate-limit operations.
• Google Gemini API used to transform uploaded document content into structured resume output.
• Hosting and delivery infrastructure required to serve the website.

We do not sell personal information for money.

• Rate limiting: for CV generation requests, IP addresses are hashed before abuse-control checks, with a default limit of 3 generation requests per 24-hour period.
• File restrictions: supported file types are PDF, DOCX, and plain text; oversized files are rejected.
• Client-side local storage is used to cache the public download counter value for faster UI rendering.

Where personal data is transferred outside your jurisdiction, we rely on legally recognized transfer mechanisms (for example adequacy decisions or Standard Contractual Clauses) and apply safeguards appropriate to the transfer context.

We keep personal data only for as long as necessary for the purposes described in this policy, including security, legal, and operational requirements. Uploaded resume content is processed for generation and is not intended for permanent storage in our own application database.

If third-party AI services are used, their retention and model-improvement terms may apply according to your and our configuration/tier.

Depending on where you live, you may have privacy rights such as requesting access, correction, deletion, or objection/restriction for certain processing activities. You may also have the right to submit a complaint with your local authority where applicable.

Optima Resume does not sell personal information for money.

For any privacy request: support@optimaresume.app.

We do not set non-essential cookies.

We use only essential browser storage (localStorage) for theme preference and to cache the download counter for faster rendering. This data is stored only on your device and contains no personal or identifiable information.

If non-essential cookies or tracking technologies are introduced in the future, we will implement consent/notice controls as required by applicable law.

We implement technical and organizational safeguards designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. No internet transmission or storage system is guaranteed 100% secure.

This service is not directed to children under 13, and we do not knowingly collect personal data from children under 13.

We may update this policy to reflect legal, technical, or business changes. Updates will be posted on this page with a revised effective date.