AI Resume Pro — AI-Powered Resume Optimization & Cover Letter Generator

1. Who We Are

This privacy policy describes how AI Resume Pro ("we", "our", or "us") collects, uses, and protects your personal information when you use our AI writing tools at agents2035.com. We are committed to protecting your privacy and handling your data transparently.

2. Information We Collect

In the past 12 months, we have collected the following categories of personal information (as defined by CCPA §1798.110):

Identifiers: If you choose to provide your email address for payment recovery, we store it. Payment session identifiers (randomly generated) are stored in your browser.
Internet or network activity: IP address (hashed with SHA-256), browser user-agent (hashed), and interaction data (pages visited, tools used). These are used solely for security purposes (fraud prevention, rate limiting).
Content you provide: Resumes, job descriptions, product descriptions, blog topics, and other text you input into our AI tools. This content is processed temporarily and not retained after the processing session ends.
Commercial information: Payment transaction records including product purchased, amount, and timestamp. Payment card details are handled exclusively by Creem (our payment processor) and are never seen or stored by us.

We do notcollect: social security numbers, driver's license numbers, precise geolocation data, biometric data, or sensitive personal characteristics.

3. How We Use Your Data

We process your data under the following legal bases (GDPR Art. 6):

Performance of a contract (Art. 6(1)(b)): Processing your input text to generate AI-powered content using DeepSeek API. This is the core service you requested.
Legitimate interest (Art. 6(1)(f)): Maintaining service security through rate limiting and fraud detection; storing payment records for verification and anti-abuse purposes.
Consent (Art. 6(1)(a)): Storing your email address for payment recovery purposes (you provide this voluntarily via the save-email feature).

4. Data Retention

Resume and input content: Not retained. Processed in real-time and discarded immediately after the AI response is returned to your browser.
Payment records: Retained for 90 days for fraud detection and refund processing, then permanently deleted.
Email addresses: Retained until you request deletion. Contact us at sunday80@proton.me to request removal.
Rate limit counters (hashed IP/UA): Retained for the duration of the rate limit window (1 minute), then automatically expired.

5. Third-Party Data Sharing

We share data with the following service providers for the purpose of delivering our service:

DeepSeek (深度求索) — AI Data Processor:Your text input is transmitted to DeepSeek's API for AI content generation. DeepSeek acts as our data processor under GDPR Art. 28. The data transmitted is limited to: text you enter into our tools (resume content, job descriptions, product names, etc.). We provide DeepSeek with no personal identifying information. DeepSeek processes this data per their commercial use terms and privacy policy. Data is not retained by DeepSeek for model training. See DeepSeek Privacy Policy.
Creem (payment processor): Payment transactions are processed by Creem (powered by Stripe). We transmit only the product ID and your checkout session to Creem. See Creem's Privacy Policy.
Upstash (Redis database): Hashed IP addresses and session metadata are stored in Upstash Redis for rate limiting and payment verification. See Upstash's Privacy Policy.
Vercel (hosting): Our application is hosted on Vercel. Vercel may process your IP address and request data for load balancing and DDoS protection. See Vercel's Privacy Policy.

We do not sell, rent, or share your personal information with any third parties for their own marketing or advertising purposes.

6. Cross-Border Data Transfers

Our servers are hosted on Vercel's global edge network. Your data may be processed in the United States and in countries where our service providers operate (including China for DeepSeek API processing). When transferring personal data across borders, we ensure appropriate safeguards are in place, including:

Data processing agreements (DPAs) with all sub-processors
Standard Contractual Clauses (SCCs) where applicable
Technical measures (encryption in transit via HTTPS/TLS)

7. Your Rights

GDPR Rights (EU/EEA Users)

Under the GDPR, you have the right to:

Access: Request a copy of your personal data we hold
Rectification: Correct inaccurate personal data
Erasure: Request deletion of your personal data
Restriction: Request restriction of processing
Portability: Receive your data in a machine-readable format
Objection: Object to processing based on legitimate interests
Withdraw consent: Withdraw consent at any time

CCPA/CPRA Rights (California Users)

Under the CCPA/CPRA, California residents have the right to:

Know: Request disclosure of categories and specific pieces of personal information collected
Delete: Request deletion of personal information
Correct: Request correction of inaccurate personal information
Opt-out: We do not sell or share personal information as defined by CCPA. However, California residents may exercise their right to opt out of any future sale or sharing by contacting us.
Non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise any of these rights, contact us through one of the following methods:

Email: sunday80@proton.me
Online form:Submit your privacy request by email with the subject line “CCPA Privacy Request” or “GDPR Data Request”. Your identity will be verified before we process any request.

We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing your request.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

Encryption in transit (TLS 1.3) for all communications
SHA-256 hashing of IP addresses for rate limiting (not stored in plaintext)
Email addresses encrypted at rest (AES-256-GCM)
Payment card data never touches our servers (handled exclusively by Creem/Stripe)
No permanent storage of uploaded resume content

8.1. Data Breach Notification

In the event of a personal data breach, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (per GDPR Art. 33), where the breach is likely to result in a risk to your rights and freedoms.
Notify affected users without undue delay if the breach is likely to result in a high risk to your rights and freedoms (per GDPR Art. 34).
Document all breaches, including the facts, effects, and remedial actions taken (per GDPR Art. 33(5)).

Notifications will be sent via email if you have provided one, or through a prominent notice on our website.

9. Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email (if you have provided one) or through a notice on our website. Continued use of the service after changes constitutes acceptance.

11. Contact

For privacy concerns or to exercise your rights, contact us at:

Email: sunday80@proton.me

Physical address: Tianjin Jincai Fengcheng Technology Co., Ltd., Room 1881, 4th Floor, Gate 2, Xinli Investment Headquarters, 700m West of No.5 Bridge, Jintang Highway, Dongli District, Tianjin, China

1. Who We Are

2. Information We Collect

In the past 12 months, we have collected the following categories of personal information (as defined by CCPA §1798.110):

Identifiers: If you choose to provide your email address for payment recovery, we store it. Payment session identifiers (randomly generated) are stored in your browser.
Internet or network activity: IP address (hashed with SHA-256), browser user-agent (hashed), and interaction data (pages visited, tools used). These are used solely for security purposes (fraud prevention, rate limiting).
Content you provide: Resumes, job descriptions, product descriptions, blog topics, and other text you input into our AI tools. This content is processed temporarily and not retained after the processing session ends.
Commercial information: Payment transaction records including product purchased, amount, and timestamp. Payment card details are handled exclusively by Creem (our payment processor) and are never seen or stored by us.

We do notcollect: social security numbers, driver's license numbers, precise geolocation data, biometric data, or sensitive personal characteristics.

3. How We Use Your Data

We process your data under the following legal bases (GDPR Art. 6):

Performance of a contract (Art. 6(1)(b)): Processing your input text to generate AI-powered content using DeepSeek API. This is the core service you requested.
Legitimate interest (Art. 6(1)(f)): Maintaining service security through rate limiting and fraud detection; storing payment records for verification and anti-abuse purposes.
Consent (Art. 6(1)(a)): Storing your email address for payment recovery purposes (you provide this voluntarily via the save-email feature).

4. Data Retention

Resume and input content: Not retained. Processed in real-time and discarded immediately after the AI response is returned to your browser.
Payment records: Retained for 90 days for fraud detection and refund processing, then permanently deleted.
Email addresses: Retained until you request deletion. Contact us at sunday80@proton.me to request removal.
Rate limit counters (hashed IP/UA): Retained for the duration of the rate limit window (1 minute), then automatically expired.

5. Third-Party Data Sharing

We share data with the following service providers for the purpose of delivering our service:

DeepSeek (深度求索) — AI Data Processor:Your text input is transmitted to DeepSeek's API for AI content generation. DeepSeek acts as our data processor under GDPR Art. 28. The data transmitted is limited to: text you enter into our tools (resume content, job descriptions, product names, etc.). We provide DeepSeek with no personal identifying information. DeepSeek processes this data per their commercial use terms and privacy policy. Data is not retained by DeepSeek for model training. See DeepSeek Privacy Policy.
Creem (payment processor): Payment transactions are processed by Creem (powered by Stripe). We transmit only the product ID and your checkout session to Creem. See Creem's Privacy Policy.
Upstash (Redis database): Hashed IP addresses and session metadata are stored in Upstash Redis for rate limiting and payment verification. See Upstash's Privacy Policy.
Vercel (hosting): Our application is hosted on Vercel. Vercel may process your IP address and request data for load balancing and DDoS protection. See Vercel's Privacy Policy.

We do not sell, rent, or share your personal information with any third parties for their own marketing or advertising purposes.

6. Cross-Border Data Transfers

Data processing agreements (DPAs) with all sub-processors
Standard Contractual Clauses (SCCs) where applicable
Technical measures (encryption in transit via HTTPS/TLS)

7. Your Rights

GDPR Rights (EU/EEA Users)

Under the GDPR, you have the right to:

Access: Request a copy of your personal data we hold
Rectification: Correct inaccurate personal data
Erasure: Request deletion of your personal data
Restriction: Request restriction of processing
Portability: Receive your data in a machine-readable format
Objection: Object to processing based on legitimate interests
Withdraw consent: Withdraw consent at any time

CCPA/CPRA Rights (California Users)

Under the CCPA/CPRA, California residents have the right to:

Know: Request disclosure of categories and specific pieces of personal information collected
Delete: Request deletion of personal information
Correct: Request correction of inaccurate personal information
Opt-out: We do not sell or share personal information as defined by CCPA. However, California residents may exercise their right to opt out of any future sale or sharing by contacting us.
Non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise any of these rights, contact us through one of the following methods:

Email: sunday80@proton.me
Online form:Submit your privacy request by email with the subject line “CCPA Privacy Request” or “GDPR Data Request”. Your identity will be verified before we process any request.

We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing your request.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

Encryption in transit (TLS 1.3) for all communications
SHA-256 hashing of IP addresses for rate limiting (not stored in plaintext)
Email addresses encrypted at rest (AES-256-GCM)
Payment card data never touches our servers (handled exclusively by Creem/Stripe)
No permanent storage of uploaded resume content

8.1. Data Breach Notification

In the event of a personal data breach, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (per GDPR Art. 33), where the breach is likely to result in a risk to your rights and freedoms.
Notify affected users without undue delay if the breach is likely to result in a high risk to your rights and freedoms (per GDPR Art. 34).
Document all breaches, including the facts, effects, and remedial actions taken (per GDPR Art. 33(5)).

Notifications will be sent via email if you have provided one, or through a prominent notice on our website.

9. Children's Privacy

10. Changes to This Policy

11. Contact

For privacy concerns or to exercise your rights, contact us at:

Email: sunday80@proton.me

Privacy Policy

1. Who We Are

2. Information We Collect

3. How We Use Your Data

4. Data Retention

5. Third-Party Data Sharing

6. Cross-Border Data Transfers

7. Your Rights

GDPR Rights (EU/EEA Users)

CCPA/CPRA Rights (California Users)

8. Data Security

8.1. Data Breach Notification

9. Children's Privacy

10. Changes to This Policy

11. Contact

Privacy Policy

1. Who We Are

2. Information We Collect

3. How We Use Your Data

4. Data Retention

5. Third-Party Data Sharing

6. Cross-Border Data Transfers

7. Your Rights

GDPR Rights (EU/EEA Users)

CCPA/CPRA Rights (California Users)

8. Data Security

8.1. Data Breach Notification

9. Children's Privacy

10. Changes to This Policy

11. Contact