Last updated: April 2026

Privacy Policy

This Privacy Policy explains how Resimay collects, uses, and protects your information when you use our service.

Last updated: 2026-04-18. Subject to review by legal counsel before public launch.

1. Introduction

Resimay is an AI-powered job application tracker and resume tailoring platform, operated as an independent software product from the Province of Ontario, Canada. By using Resimay, you agree to the collection and use of information as described in this policy.

Our service helps you track job applications, tailor your resume to specific job descriptions, and understand why you may be getting rejected — so you can improve your chances before your next application.

2. Information We Collect

We collect the following categories of information:

  • Account information: email address and name provided at registration.
  • Resume content: the text of your resume(s) that you upload or paste into the platform.
  • Job applications: job titles, company names, job descriptions, application status, and notes you enter about your applications.
  • Technical data: IP address, browser type, device type, and session data collected automatically when you use the service.
  • Usage data: which features you use, how often, and your in-app activity patterns (e.g., resume tailor count, streak data).

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Resimay service.
  • Process your resume and job descriptions through AI to generate tailored content, keyword analysis, rejection insights, and follow-up drafts.
  • Manage your account, billing (for Pro subscribers), and customer support.
  • Improve and develop the product based on aggregated, anonymized usage patterns.
  • Send you transactional emails (e.g., password reset, account notifications). We do not send marketing emails without your explicit consent.

4. AI Processing

Resimay uses a third-party AI processing provider to power its AI features, including resume tailoring, keyword analysis, rejection analysis, and follow-up email drafts.

When you use an AI feature, the relevant portion of your resume text and/or the job description you provide are transmitted to our AI provider's API for processing. This transmission is encrypted in transit and governed by our provider's API data usage policy.

We do NOT use your resume content to train AI models.Our AI provider's API terms similarly prohibit using API inputs to train models without explicit consent. Your resume data is used only to generate the specific output you requested.

5. Third-Party Services

Resimay relies on the following trusted third-party sub-processors to operate:

  • Anthropic (AI processing)— powers the AI features. Your resume text and job descriptions are sent to Anthropic's API for generation. Anthropic contractually does not use API inputs to train its models.
  • Supabase — managed PostgreSQL database host. Your account data, job applications, resumes, and AI outputs are stored in an encrypted Supabase-hosted PostgreSQL instance.
  • Railway — runs the Resimay backend API and scheduled jobs (data purge, job-board refresh).
  • Vercel — hosts the Resimay web application and serves static assets. If you consent to analytics, Vercel also provides cookieless, aggregate page-view and performance metrics (no PII).

Each sub-processor has its own privacy policy. We select providers with strong data protection commitments and review that list periodically.

6. International Data Transfers

Resimay is operated from Ontario, Canada, but some of the sub-processors listed above are headquartered in the United States and may store or process your data on servers outside of Canada and the European Economic Area. Specifically:

  • Anthropic — AI inference happens on United States infrastructure.
  • Supabase — your database project is hosted in a region we select at provisioning time (currently United States); the operator can migrate between regions as infrastructure requirements change.
  • Vercel — frontend edge and analytics infrastructure is distributed globally, including the United States.

All transfers are encrypted in transit (TLS 1.2 or higher). Where GDPR applies, we rely on each provider's published Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms. By using Resimay you consent to your data being transferred to, stored in, and processed in these jurisdictions. If this is a concern for you, please do not upload sensitive content and contact us at privacy@resimay.ai to discuss alternatives.

7. Data Retention

Your account data is retained for as long as your account is active. If you delete your account (in-app or by written request), all associated personal data — your profile, master resume, job applications, tailored resumes, rejection analyses, cover letters, and interview sessions — is permanently purged from our primary database within 30 days by an automated cleanup job.

Anonymized, aggregated usage statistics (e.g., keyword match rates for a given job title) may be retained indefinitely as they cannot be used to identify you, and only when you explicitly opted in (see Section 9, Global Insights). Encrypted backups held by Supabase for disaster recovery may retain deleted rows for a further period governed by Supabase's retention schedule; those backups are not queryable by the Resimay application.

8. Your Rights

You have the right to:

  • Access & portability— download a machine-readable JSON copy of every piece of your personal data at any time from the account settings menu (“Export my data”), or request one by email.
  • Correction — update your profile, master resume, and application records in-app at any time, or request correction of data you cannot change yourself.
  • Deletion (erasure) — delete your account in-app from the settings menu. Your data is purged within 30 days as described in Section 7.
  • Objection & restriction — ask us to stop processing your data for a specific purpose (e.g., opt out of Global Insights).
  • Complaint — lodge a complaint with your local data-protection authority. In Canada that is the Office of the Privacy Commissioner (priv.gc.ca); in the EU/EEA, your national supervisory authority.

To exercise any right that isn't self-serve, contact us at privacy@resimay.ai. We will respond within 30 days.

9. Global Insights (opt-in)

Resimay may surface aggregated market insights (e.g., trending job titles, in-demand skills) derived from anonymized application data across the platform.

Your data is only included in Global Insights if you have explicitly opted in (insights_consent = true in your account settings). No personally identifiable information (PII) — including your name, email, resume text, or specific job applications — is ever included in insights data.

When consent is given, we retain de-identified metadata (normalized job title, experience level, matched keywords, outcome) at month-level granularity — never an exact timestamp — so it cannot be correlated back to you. When you delete your account, all your personal data is removed; these anonymized insight rows are retained because they contain no personal identifiers and continue to power insights for other job seekers.

What we never do

Some commitments worth calling out separately:

  • We never sell your data — to anyone, for any reason.
  • We never run ads — there are no advertising trackers on Resimay.
  • We never share your resume text with third parties, other than the AI provider required to generate the output you requested (see Section 4).
  • We never share your interview transcripts or AI coaching feedback — those stay private to your account.

10. Children's Privacy

Resimay is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@resimay.ai and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or via an in-app notice, and update the “Last updated” date at the top of this page. Continued use of Resimay after changes take effect constitutes your acceptance of the updated policy.

12. Contact

For any privacy-related questions or requests, contact us at:

privacy@resimay.ai