FixThatCV

Privacy Policy

Last updated: November 1, 2025

At FixThatCV, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our Service. We comply with GDPR (General Data Protection Regulation) and POPIA (Protection of Personal Information Act).

1. Information We Collect

1.1 Information You Provide

When you use our Service, you provide us with:

  • Account Information: Name, email address, and authentication credentials
  • Resume Content: Your resume files (PDF, Word, or text format) containing your work experience, education, skills, and other professional information
  • Job Descriptions: Job postings you paste into our Service for analysis
  • Payment Information: Billing details processed securely through Paystack (we do not store full credit card numbers)
  • Job Application Data: Information you enter into our job tracker feature

1.2 Automatically Collected Information

We automatically collect certain information when you use our Service:

  • Usage Data: Pages visited, features used, time spent on the Service, and interaction patterns
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Cookies and Tracking: Session cookies for authentication and analytics cookies to improve our Service
2. How We Use Your Information

We use your information for the following purposes:

  • Provide the Service: Analyze your resume using AI, generate ATS compatibility scores, identify keywords, and create optimized resume content
  • Process Payments: Handle credit pack purchases and maintain transaction records
  • Improve Our Service: Analyze usage patterns to enhance features, fix bugs, and develop new functionality
  • Customer Support: Respond to your inquiries, troubleshoot issues, and provide assistance
  • Security: Detect and prevent fraud, abuse, and security threats
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes
  • Communications: Send service-related notifications, updates, and (with your consent) marketing communications
3. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing is necessary to provide the Service you requested
  • Legitimate Interests: We have legitimate business interests in improving our Service, preventing fraud, and ensuring security
  • Consent: You have given explicit consent for specific processing activities (e.g., marketing emails)
  • Legal Obligation: Processing is required to comply with legal requirements
4. How We Share Your Information

We do not sell your personal information. We may share your information with:

  • Service Providers: Third-party companies that help us operate the Service, including:
    • Cloud storage providers (AWS S3) for secure file storage
    • AI service providers (OpenAI) for resume analysis
    • Payment processors (Paystack) for handling transactions
    • Analytics providers for usage insights
  • Legal Requirements: Government authorities, law enforcement, or other parties when required by law or to protect our rights
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
  • Access Controls: Strict access controls limit who can view your data
  • Secure Storage: Files are stored on enterprise-grade cloud infrastructure (AWS S3)
  • Regular Audits: We conduct security reviews and vulnerability assessments
  • Secure Payments: Payment information is processed through PCI-compliant payment processors

However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

  • Account Data: Retained while your account is active and for up to 90 days after account closure
  • Resume Files: Stored for the duration of your account and deleted within 90 days of account closure
  • Analysis Results: Retained for your reference while your account is active
  • Payment Records: Retained for 7 years to comply with tax and accounting regulations
  • Usage Logs: Retained for up to 12 months for security and analytics purposes

You can request deletion of your data at any time by contacting us (see Section 9).

7. Your Rights (GDPR & POPIA)

Under GDPR and POPIA, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request that we limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent for processing activities that require it
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Essential Cookies: Required for authentication and basic functionality (cannot be disabled)
  • Analytics Cookies: Help us understand how users interact with the Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, but disabling essential cookies may affect Service functionality.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States (where our cloud infrastructure is located). These countries may have different data protection laws than your country.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with service providers
  • Compliance with GDPR and POPIA requirements
10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or through a prominent notice on the Service. The "Last updated" date at the top of this policy indicates when it was last revised.

Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Data Protection Officer: [email protected]

Website: https://resumeats-pro.manus.space

For GDPR-related inquiries: If you are located in the European Economic Area (EEA) and have concerns about our data practices, you may also contact your local data protection authority.

For POPIA-related inquiries: If you are located in South Africa, you may contact the Information Regulator at [email protected] or visit https://www.justice.gov.za/inforeg/

Your Privacy is Protected

We use enterprise-grade security to keep your data safe