Back to home
TermsPrivacy

Privacy Policy

Effective date: 16 May 2026

This Privacy Policy explains how Tentacle Software Pty Ltd (ABN 13 659 240 605) (“we”, “us”) collects, uses, discloses, and protects personal information when you use Tech Resume Pro (the “Service”). It is designed to satisfy our obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as applicable U.S. state privacy laws (including the California Consumer Privacy Act / California Privacy Rights Act).

1. Information we collect

1.1 You provide to us

  • Account information: email address, password (stored as a one-way hash), display name.
  • Resume content: the resume files you upload (PDF) and the structured data extracted from them (work history, education, skills, contact details that you choose to include).
  • Job descriptions and instructions: JD text and any custom guidance you provide for refinement.
  • Billing information: handled directly by Stripe; we never see or store your full card details. We store a Stripe customer ID, subscription status, billing address (if collected at checkout), and invoice metadata.
  • Support communications: messages you send us via email or in-app.

1.2 Collected automatically

  • Usage and device data: IP address, browser type, pages viewed, timestamps, referring URL, and basic interaction events.
  • Hashed identifiers for anti-abuse: we HMAC-hash your IP and user-agent string with a server-side secret to detect signup farming. Raw IPs are not stored long-term.
  • Cookies and similar technologies: session cookies for authentication and a small number of analytics/telemetry events. We do not use third-party advertising cookies.

1.3 From third parties

  • Stripe sends us webhook events about your subscription (status changes, payment outcomes, dispute notifications).
  • Cloudflare Turnstile may share a signal indicating whether your sign-up appears to be human or bot traffic.

2. How we use information

  • To operate the Service: parsing resumes, analysing job descriptions, generating refinements, producing PDF and LaTeX outputs.
  • To process payments, manage subscriptions, and send transactional emails (receipts, payment failures, account notices).
  • To enforce our Terms, detect and prevent fraud and abuse, and protect the security of the Service and our users.
  • To improve the Service: measuring aggregated usage, debugging errors, and evaluating model performance. We do not use your resume content to train third-party AI models (see section 4).
  • To respond to support requests and to comply with legal obligations.

3. Legal bases (where applicable)

Where Australian, U.S., or other privacy law requires us to identify a lawful basis for processing, we rely on:

  • Performance of a contract: to deliver the Service you requested.
  • Legitimate interests: to secure the Service, prevent abuse, and improve our product, balanced against your rights.
  • Consent: for optional features (e.g. marketing emails); you may withdraw consent at any time.
  • Legal obligation: to comply with tax, accounting, and law-enforcement requirements.

4. Sharing & sub-processors

We do not sell your personal information. We do not share your resume content, job descriptions, or AI outputs with third parties for their independent marketing or model-training purposes. We share information only with the service providers necessary to operate the Service:

  • Supabase: managed Postgres database and object storage for resumes and account data.
  • Vercel: hosting and edge networking for the web application.
  • Stripe: payments, billing, customer portal, fraud detection.
  • OpenRouter and its upstream model providers (including OpenAI and Anthropic): large language model inference. We send the resume content and JD text required to perform the requested refinement; we configure these providers to disable training on our data where the option is available.
  • Langfuse: observability and prompt/response logging used for debugging and quality measurement.
  • Cloudflare: Turnstile CAPTCHA and network protection.

We may also disclose information (a) to comply with a subpoena, court order, or applicable law; (b) to protect our rights, property, or safety, or that of our users or the public; or (c) in connection with a corporate transaction such as a merger, financing, or sale of assets, in which case the recipient will be bound by terms at least as protective as this Policy.

5. International transfers

We are based in Australia. The sub-processors listed above may store and process data in the United States, the European Union, and other regions. When we transfer personal information overseas, we take reasonable steps to ensure the recipient is bound by obligations substantially similar to the Australian Privacy Principles (APP 8) and, where applicable, uses safeguards such as Standard Contractual Clauses for EU/UK transfers.

6. Retention

  • Account & resume data: kept while your account is active. On account deletion, we delete or anonymise your resume content within 30 days, subject to backup retention cycles (up to 90 days).
  • Billing records: retained for at least 7 years to comply with Australian tax and corporate record-keeping laws.
  • Hashed anti-abuse logs: retained for up to 12 months.
  • Telemetry & LLM prompt logs: retained for up to 90 days unless required longer for security investigations.

7. Security

We use industry-standard measures to protect personal information, including encryption in transit (TLS), encryption at rest for stored files, row-level access controls in the database, hashed passwords (Supabase Auth), HMAC-hashed IP storage, and least-privilege service credentials. No system is perfectly secure; we cannot guarantee absolute protection, and you use the Service at your own risk.

8. Your rights

8.1 All users

  • Access: view and download the resume data we hold for you from the dashboard.
  • Correction: update your account information at any time.
  • Deletion: delete your account from the settings page or by emailing us.
  • Complaint: contact us first. If unresolved, Australian residents may complain to the Office of the Australian Information Commissioner (OAIC).

8.2 California residents (CCPA / CPRA)

You have the right to know what personal information we collect, to access it, to request its deletion, to correct inaccurate information, and to opt out of sale or sharing of personal information. We do not sell personal information and we do not share personal information for cross-context behavioural advertising. We do not knowingly collect personal information from consumers under 16. To exercise these rights, email privacy@techresumepro.com; we will verify your request via your account email.

8.3 Other U.S. states

Residents of states with comprehensive privacy laws (e.g. Virginia, Colorado, Connecticut, Utah, Texas) have similar rights to access, correct, delete, and opt out of targeted advertising and certain profiling. We do not engage in targeted advertising or sale of personal information.

9. Children

The Service is not directed to anyone under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

10. AI & automated decisions

AI-generated suggestions are advisory; they do not produce binding decisions about you. You always remain in control of which suggestions to accept, and you may discard the generated output at any time.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified via email or an in-app notice before they take effect. The “Effective date” above identifies the current version.

12. Contact

Privacy questions or requests: email privacy@techresumepro.com or write to Tentacle Software Pty Ltd, NSW 2153, Australia. We will respond within 30 days, or sooner if required by your local law.