CraftMyResumecraftmyresume.

Privacy policy

Last updated: 2026-05-08

TL;DR

We store the resumes and job applications you create with us, the email you sign in with, and a payment ID for any credit purchases. We send your resume and a job description to our AI provider (DeepSeek, with Groq as fallback) so they can generate a tailored cover letter or rewrite a bullet on your behalf. We do not sell your data. You can export or delete everything from your account settings.

Who we are

CraftMyResume is operated by CraftMyResume Labs Pvt Ltd (“we”, “us”), Bengaluru, India. Reach us at hello@craftmyresume.org.

What we collect

  • Account data: the email address you sign in with (Google OAuth or magic link), your name and avatar if Google provides them, and the username you set for your public profile.
  • Resumes: the structured resume content (work history, education, skills) you enter, plus generated PDFs.
  • Jobs: job descriptions, company names, your application status, contact persons, and notes you add to tracker entries — including JDs the browser extension captures from pages you choose to save.
  • AI inputs & outputs: for each AI call we keep a hash of the input (for caching), the resulting text, and the credit cost — so you can see what was charged and replay your history.
  • Devices: a record of each device you sign in from (browser, extension, mobile) — kind, label, last-seen time, and push-notification token if you opt into mobile notifications. So you can revoke an old laptop without nuking everything.
  • Payments: a Razorpay payment id and the credit pack purchased. We never see or store your card or UPI details — that's held entirely by Razorpay/Stripe.
  • Public profile views: if you publish a public profile, we count views against a hashed (one-way) IP so we can show you traffic without retaining IPs themselves.

How we use it

  • To run the product you're paying for — render resumes, tailor cover letters, track applications, share your public profile.
  • To send sign-in links and important account emails (we use Resend as the transactional email provider).
  • To bill credits accurately when you use AI features and to honor refunds.
  • To detect abuse (rate-limiting, automated scraping).

We don't use your data to train any AI model. We don't sell any data. We don't do behavioral advertising.

Who we share it with

  • DeepSeek (primary) and Groq (fallback) — your resume content and the JD text you submit are sent to these AI APIs to generate the response. Neither provider retains your prompts for training under their stated API policies, but you should treat any content you submit as having left our infrastructure.
  • Razorpay (India) and Stripe (global) — they process payments and we receive only a payment ID + receipt.
  • Resend — sign-in emails and lifecycle messages.
  • Vercel (web hosting) and IONOS (our VPS that hosts the API and the Postgres database). Data is encrypted in transit (TLS) and at rest.
  • Sentry / PostHog — error and product analytics. We strip resume content from these payloads.

The browser extension

The CraftMyResume browser extension only reads the page when you click the “Save this JD” button. It does not collect browsing history, run on every page, or report what you visit. The text it sends to our servers is the job description on the page you chose to save — no cookies or unrelated content. It stores a long-lived API token that you can revoke from Settings → Connected devices.

Your rights

  • Export all your data as JSON (settings → Export).
  • Delete your account and everything we have about you — request it at craftmyresume.org/account/delete. This is irreversible and cascades to resumes, jobs, cover letters, devices, and tokens.
  • Revoke individual devices/tokens without nuking your account.
  • Email hello@craftmyresume.org if any of the above doesn't work for you.

Retention

Resumes, jobs, and cover letters are retained for as long as your account exists. Database backups are kept for 7 days. Audit records (credit transactions, AI job logs) are retained for 7 years to satisfy tax/financial-record obligations.

Children

We don't target anyone under 16. If you believe a minor has registered, email us and we'll delete the account.

Changes

We'll update the “Last updated” date at the top and email signed-in users about material changes at least 14 days before they take effect.