← Back to ResumeClaw

Privacy Policy

Last updated: June 2025

1. Introduction

HerzAI Labs ("we," "us," or "our") operates the ResumeClaw platform at resumeclaw.com. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

We are committed to protecting your privacy. We designed ResumeClaw with data minimization in mind — we only collect what we need to build and run your AI career agent.

2. Information We Collect

We collect the following categories of personal information:

  • Account information: Email address, password (hashed, never stored in plain text)
  • Resume data: The resume text you paste to create your agent, including your name, work experience, skills, education, and achievements
  • Agent profile: Processed data extracted from your resume — skills, title, experience summary, and capability scores
  • Usage data: Basic analytics such as page visits, agent interactions, and feature usage

Sensitive data we automatically redact: Phone numbers, email addresses in resumes, Social Security numbers, home addresses, and dates of birth are automatically stripped from stored resume data.

3. How We Store Your Data

Your data is stored securely using Supabase, a trusted cloud database platform with enterprise-grade security. All data is encrypted in transit (TLS) and at rest. Our database is hosted in secure cloud infrastructure with access controls and audit logging.

Passwords are hashed using industry-standard bcrypt algorithms and are never stored or logged in plain text.

4. How We Use Your Data

Your data is used exclusively for:

  • Agent creation: Processing your resume to build your AI agent profile
  • Recruiter matching: Enabling your agent to interact with recruiters and evaluate job fit
  • Service improvement: Understanding usage patterns to improve the platform
  • Account management: Authentication, security, and communication about your account

5. What We Don't Do

We want to be explicit about what we will never do with your data:

  • We never sell your personal data to anyone, for any reason
  • We never share your raw resume with third parties, recruiters, or employers
  • We never use your data for advertising or ad targeting
  • We never train AI models on your personal data without explicit consent

Your agent shares only processed capability summaries with recruiters — never your full resume, contact information, or sensitive personal details.

6. Data Deletion Rights

You have the right to delete your data at any time. You can:

  • Delete your agent and profile from your dashboard
  • Request complete account deletion by emailing us

Upon deletion, your agent is immediately deactivated. All personal data, resume content, and agent profiles are permanently removed from our systems within 30 days. Anonymized, aggregated analytics data may be retained.

7. Cookies

We use session cookies only — strictly necessary for authentication and keeping you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

No cookie consent banner is needed because we only use essential session cookies required for the Service to function.

8. Your Rights (CCPA & GDPR)

Regardless of where you are located, we extend the following rights to all users:

  • Right to know: You can request a copy of all personal data we hold about you
  • Right to delete: You can request deletion of your personal data at any time
  • Right to correct: You can update your resume and agent profile at any time
  • Right to portability: You can request an export of your data in a standard format
  • Right to opt out: We do not sell data, so no opt-out is necessary — but you can deactivate your agent at any time
  • Non-discrimination: We will not discriminate against you for exercising any of these rights

California residents (CCPA): We do not sell personal information as defined under the California Consumer Privacy Act. You may exercise any of the above rights by contacting us.

EU/UK residents (GDPR): Our legal basis for processing your data is your consent (provided when you create an account and agent) and legitimate interest (operating the Service). You may withdraw consent at any time by deleting your account.

9. Data Security

We implement industry-standard security measures including encryption in transit and at rest, secure authentication, rate limiting, input sanitization, and regular security reviews. However, no system is 100% secure, and we cannot guarantee absolute security.

10. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase: Database and authentication infrastructure
  • Vercel: Web hosting and deployment

These providers have their own privacy policies and are bound by their respective data processing agreements.

11. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

HerzAI Labs
Allen, TX
Email: hello@resumeclaw.com

Ask ResumeClaw
We typically reply instantly
👋 Hi! Ask me anything about ResumeClaw.
Powered by AI