Privacy policy.

Resumely is operated by [Company name TBD], registered in Kenya at [address TBD]. For privacy-related questions, contact our Data Protection Officer at privacy@resumely.co.ke.

Account data: your email, name, and phone number (when you provide one).

Resume content: every word you write, paste, or upload into the resume builder. This is the core data we process to generate your PDF.

Payment data: Paystack transaction references and amounts. We do not store card numbers, CVVs, or M-Pesa PINs.

Usage data: anonymous events (page views, button clicks, AI calls) tracked via PostHog. Used to improve the product.

Technical data: IP address, browser user agent, and device type, logged at the edge for security and abuse detection. Retained for 30 days.

To provide the resume-building service.

To process AI rewrites — we send your content to our AI providers (Anthropic, OpenAI, Google) ONLY when you request a rewrite, and only for the duration of that request.

To send transactional emails (receipts, password resets, resume deliveries) via Resend.

To send your resume PDF to your WhatsApp number, if you provide one. We use WhatsApp Click-to-Chat — your number is not stored beyond the delivery moment.

To detect abuse (rate limiting, fraud detection on payments).

AI providers (Anthropic, OpenAI, Google) — to generate AI rewrites you request. None of these providers train their models on your data (we use their commercial APIs, not consumer apps).

Paystack — for payment processing.

Resend — for transactional email delivery.

PostHog — for anonymous product analytics. PostHog only sees anonymised events, not your resume content.

Sentry — for error tracking. Stack traces may include partial input. We mask all PII before sending.

We do not sell your data. We do not share it with marketing partners.

Primary database: PostgreSQL hosted in [region TBD before launch].

PDF storage: MinIO object storage co-located with the database.

All data is encrypted in transit (HTTPS / TLS 1.3) and at rest (AES-256).

Resume content: retained while your account is active. Deleted within 24 hours of account closure.

Payment records: retained for 7 years per Kenyan tax law.

Anonymous analytics: retained indefinitely in aggregated form.

Server logs: 30 days.

Under the Kenya Data Protection Act 2019, you have the right to: access your data (we'll send you a JSON export), correct your data (do it yourself in the editor any time), delete your account (do it yourself in the dashboard or email privacy@resumely.co.ke), object to processing, and lodge a complaint with the Office of the Data Protection Commissioner (ODPC).

We respond to data-subject access requests within 30 days. There is no fee for the first request in any 12-month period.

Strictly-necessary cookies: session cookies for keeping you logged in.

Analytics cookies: PostHog uses cookies to identify unique visitors across sessions. You can opt out from the cookie banner.

We do not use advertising cookies. We do not have any third-party advertising on Resumely.

Resumely is not directed at people under 18. We do not knowingly collect data from anyone under 18. If we discover we have, we delete it.

We update this policy when our practices change. Material changes are notified by email at least 14 days before they take effect. The 'Last updated' date below tracks the most recent change.

privacy@resumely.co.ke for any privacy question. ODPC contact details: https://www.odpc.go.ke.