Privacy Policy
Effective 2026-05-20 · Last updated 2026-05-20
Harshit Singh (sole proprietor, operating as JuicedResume) ("we", "us", "our") operates JuicedResume ("Service"). This Privacy Policy describes what personal data we collect, how we use it, who we share it with, and the controls available to you. It complies with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the EU GDPR where applicable.
1. Information we collect
1.1 Account information
- Name, email address, profile photo (provided by you via Clerk authentication).
- Authentication provider identifiers (e.g. Google sub, GitHub user ID) when you sign in via OAuth.
1.2 Resume content
- Resume text, work history, education, skills, projects, and any other content you enter or upload.
- Uploaded files (PDF / DOCX) and the extracted text from them.
1.3 Billing information
- Stripe customer ID, subscription status, plan, renewal date. We do not store full credit card numbers — Stripe holds these.
1.4 AI provider keys (optional, "BYOK")
- If you opt to provide your own Anthropic / OpenAI / Google API keys, we store them encrypted at rest (AES-256-GCM). The encryption key is held in our infrastructure environment, not in the database.
1.5 Usage events
- Logs of AI calls, exports, scoring runs, and MCP operations — used to enforce plan limits and detect abuse. Not used for advertising or third-party analytics.
1.6 Cookies
- Session cookies set by Clerk (authentication) and Vercel (deployment routing). No third-party advertising or behavioural-tracking cookies.
2. How we use information
- To provide the Service: render and store resumes, run scoring, route AI calls.
- To bill you and prevent fraud (via Stripe).
- To respond to support requests.
- To send service announcements (billing, security, breaking changes). You may opt out of non-essential email at any time.
- To enforce these terms and detect abuse.
We do not:
- Sell your personal data.
- Use your resume content to train AI models.
- Share data with third parties for advertising.
3. Sub-processors
We use the following sub-processors to operate the Service. Each has been vetted for security and is bound by data-processing agreements where required.
| Sub-processor | Purpose | Location |
|---|---|---|
| Clerk | User authentication | United States |
| Neon | Database hosting (Postgres) | Singapore (ap-southeast-1) |
| Stripe | Payment processing | United States / India |
| Vercel | Application hosting | Global edge |
| DeepSeek | AI text generation — resume parsing cleanup, scoring fixes, and job tailoring | China |
| Anthropic / OpenAI / Google | AI text generation — only when you supply your own API key (BYOK) | United States |
4. Cross-border data transfers
Our database is hosted in Singapore (Neon ap-southeast-1). Authentication and billing involve transfers to the United States (Clerk, Stripe). When you opt into BYOK AI, your prompts and responses are sent to the AI provider you've chosen (in the US, by default). All transfers occur under standard contractual clauses or equivalent safeguards.
5. Retention
- Account + resume data: retained while your account is active and for 30 days after deletion (in case of accidental deletion).
- Billing records: 7 years, as required under Indian tax law.
- Usage event logs: 90 days.
- Resume version history: 30 days for paid plans, not retained for free plan.
6. Your rights
Under DPDP / GDPR you have the right to:
- Access — export all your resume data from Settings → Profile → Export, or by email.
- Correct — edit any data in-app, or write to us if any account-level field is wrong.
- Delete — delete your account from Settings → Profile → Delete Account. We will erase your data within 30 days. Some data may be retained where legally required (e.g. billing records for tax).
- Withdraw consent — for example, remove your BYOK keys at any time from Settings → AI Keys.
- Lodge a complaint — with the Data Protection Board of India (DPDP) or your local supervisory authority (GDPR).
To exercise any of these rights, email privacy@juicedresume.com. We respond within 30 days.
7. Security
- TLS 1.2+ in transit for all connections.
- AES-256-GCM encryption at rest for BYOK API keys.
- Database encryption at rest provided by Neon.
- Authentication handled by Clerk (SOC 2 Type II audited).
- Principle of least privilege for internal access. Access logs reviewed monthly.
No system is perfectly secure. We commit to disclosing material breaches within 72 hours of confirmation, per DPDP Act.
8. Children
The Service is not directed to children under 13. If you believe a child has provided us personal information, contact privacy@juicedresume.com and we will delete it.
9. Changes
We may update this Policy. Material changes will be announced by email at least 30 days before they take effect. Continued use after the effective date means you accept the updated Policy.
10. Contact
Privacy questions or data-subject requests:
Harshit Singh (sole proprietor, operating as JuicedResume) New Housing Board Colony, Shahdol, Madhya Pradesh, India Email: privacy@juicedresume.com Phone: +91-9691997617