Plain English summary: Your resume data lives on your device. AI features send your content to Google's Gemini API to generate suggestions — nothing else. We don't sell your data. Cloud sync is optional and encrypted. If you create a public digital profile, only the information you choose to include is visible. You can delete everything, anytime.
Resumiq (“we”, “us”, “our”) is operated by Sparse Technologies Limited and is committed to protecting your privacy. This Policy explains what personal information we collect, how we use it, with whom we share it, and your rights. It applies to the Resumiq mobile application (“App”) and the website at moshlabs.org/app/resumiq/.
By downloading or using the App, you acknowledge that you have read and understood this Policy. If you do not agree, please do not use the App.
1. Information We Collect
1.1 Information you provide directly
Account credentials If you register or sign in, we collect the email address and name associated with your account. Authentication is managed through Firebase Authentication (Google LLC) and, where applicable, via your Google or Apple account.
Resume and CV data This is the core of the App. It includes any information you enter to build a resume:
- Personal information: full name, professional title, email address, phone number, postal or city/country address, LinkedIn profile URL, personal website URL, and any other contact details you choose to include
- Professional experience: employer names, job titles, dates of employment, responsibilities, and achievements
- Education: institutions attended, qualifications obtained, dates, and academic achievements
- Skills, certifications, licences, and professional affiliations
- Projects, publications, volunteer work, languages, and any custom sections you create
- Summary or objective statements
- A profile photograph, if you choose to upload one
This data is stored locally on your device using encrypted local storage (Hive) by default. It only leaves your device if you use AI features or enable cloud sync.
Cover letters and AI-generated content Text you write or accept from AI suggestions, including cover letters, bullet point rewrites, and LinkedIn summaries generated within the App.
Job descriptions Text you paste into the App when using the ATS (Applicant Tracking System) analysis feature. This text is sent to our AI service for analysis and is not stored on our servers.
Job application tracking data Information you enter into the application tracker: company names, job titles, application dates, interview stages, notes, salary expectations, and any other details you choose to record.
Digital profile content If you create a public digital profile, you select which sections of your resume to publish. This content becomes publicly accessible on the internet at your chosen profile URL. Only information you explicitly include in the public profile is published.
Support communications If you contact us for support, we retain the content of your message and our reply for up to two years to assist with follow-up queries.
1.2 Information collected automatically
Device and technical information We collect your device model, operating system version, and a device identifier for the purpose of diagnosing compatibility issues and improving app stability. This information is collected via Firebase Crashlytics (Google LLC).
Crash reports When the App encounters an error, a report is automatically generated containing technical diagnostic information (stack trace, device state at the time of the error). This is used exclusively to identify and fix bugs. Crash reports do not contain the content of your resume.
Usage analytics We collect anonymised, aggregated information about how the App is used: which screens are visited, which features are activated, and general interaction patterns. This data is collected via Firebase Analytics (Google LLC) and cannot be linked back to you as an individual.
Subscription and purchase records When you purchase a Premium subscription or lifetime licence, transaction metadata (such as a purchase token, subscription status, and entitlement record) is processed by RevenueCat, Inc. and the relevant app store (Google Play or the Apple App Store). We receive only the entitlement status necessary to unlock Premium features; we do not receive your full payment card details.
1.3 What we do not collect
We do not collect:
- Bank account numbers, payment card numbers, or any banking credentials
- Government-issued identification numbers (passport, national ID, tax ID)
- Precise GPS location
- Biometric data
- The content of emails, messages, or documents outside the App
- Any information about your contacts, calendar, or other apps on your device
- Your browsing history
2. How We Use Your Information
We use the information described above for the following purposes:
Delivering the App Resume data is used to render your resume on screen, apply templates, and generate PDF exports — entirely on your device without involving our servers unless you opt into the features below.
AI-powered writing assistance When you use AI features (bullet generation, bullet enhancement, ATS scoring, cover letter generation, LinkedIn summary), the relevant portion of your resume and any associated job description you provide are transmitted to the Google Gemini API. This transmission occurs in real time; the content is processed to produce a response and is not retained by us on our servers. Google’s handling of this data is governed by the Google Gemini API Terms of Service and Google’s Privacy Policy.
Cloud synchronisation (Premium) If you enable cloud sync, your resume data is transmitted to and stored in Cloud Firestore (Google LLC). This allows you to access your resumes across multiple devices. Sync is entirely optional and can be disabled or deleted at any time.
Public digital profile If you create a public digital profile, we publish the content you select to our hosting infrastructure so it is accessible at your profile URL. This is an intentional, user-initiated act. You can remove the public profile at any time.
Analytics and service improvement Anonymised usage data is used to understand which features are used, identify usability issues, and prioritise improvements.
Crash diagnostics Crash reports are used solely to reproduce, diagnose, and fix software defects.
Subscription management Subscription status and entitlement data is used to determine whether Premium features should be made available to you.
Customer support Support correspondence is used to understand and resolve your query.
Legal compliance and security We may process personal data to comply with applicable laws and regulations, enforce our Terms of Service, detect and prevent fraud, and protect the safety and integrity of the App and its users.
3. Data Storage and Security
3.1 Local storage (default for all users)
All resume data is stored locally on your device using Hive, an encrypted NoSQL database. Data stored locally never leaves your device unless you use the AI features or enable cloud sync. Uninstalling the App removes local data.
3.2 Cloud sync (Premium — optional)
If you enable cloud sync:
- Data is encrypted in transit using TLS 1.2 or higher
- Data is stored in Cloud Firestore (Google LLC), which encrypts data at rest
- Access is restricted to your authenticated user account via Firebase Security Rules
- You can disable sync at any time in the App settings; doing so does not delete cloud-stored data unless you explicitly request deletion
3.3 AI processing
When you use AI features, the relevant text (resume content or job description) is transmitted to the Google Gemini API over an encrypted connection. This data is processed in real time by Google’s infrastructure in accordance with Google’s API terms. We do not store a copy of this transmission on our servers. You should not enter sensitive information (such as passport numbers or financial details) into AI prompts.
3.4 Profile photographs
If you upload a profile photograph, it is stored in Firebase Storage (Google LLC) under a path accessible only to your authenticated account. If you add it to a public digital profile, it becomes publicly accessible.
3.5 Security measures
We implement reasonable technical and organisational security measures, including:
- TLS encryption for all data in transit
- Encryption of data at rest in cloud storage
- Firebase Security Rules restricting each user’s data to their own authenticated session
- Secure storage of authentication tokens on device (using Flutter Secure Storage)
- Periodic review of access controls and security practices
No system is entirely secure. While we take privacy and security seriously, we cannot guarantee that unauthorised access, disclosure, or alteration will never occur.
4. Data Sharing and Disclosure
We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.
We share data only in the following limited circumstances:
Sub-processors and service providers We use the following sub-processors to operate the App. Each is bound by its own privacy obligations and processes data only on our instruction or as described in this Policy:
| Sub-processor | Purpose | Location |
|---|---|---|
| Google LLC (Firebase Auth) | Authentication, account management | USA |
| Google LLC (Cloud Firestore) | Cloud sync of resume data (Premium) | USA |
| Google LLC (Firebase Storage) | Profile photo storage | USA |
| Google LLC (Firebase Analytics) | Anonymised usage analytics | USA |
| Google LLC (Firebase Crashlytics) | Crash reporting | USA |
| Google LLC (Gemini API) | AI writing assistance, ATS analysis | USA |
| RevenueCat, Inc. | Subscription management and entitlement | USA |
| Apple Inc. (App Store) | App distribution, in-app purchases (iOS) | USA |
| Google LLC (Google Play) | App distribution, in-app purchases (Android) | USA |
Legal requirements We may disclose personal data when required by applicable law, regulation, court order, or government authority, or when we have a good-faith belief that disclosure is necessary to protect our legal rights, the safety of individuals, or to investigate fraud.
Business transfers In the event of a merger, acquisition, asset sale, or similar corporate transaction, user data may be transferred as part of that transaction. We will notify affected users by publishing a notice in the App or by email before any such transfer takes effect, and the acquirer will be required to honour this Policy or obtain fresh consent.
5. Data Retention
| Category | Retention period |
|---|---|
| Local resume data (on device) | Until you delete it, clear app data, or uninstall the App |
| Cloud-synced resume data (Premium) | While your account is active; deleted within 30 days of account deletion request |
| Profile photograph | Until you remove it from the App or delete your account |
| Public digital profile | Until you remove it from the App or delete your account |
| AI transmissions (Gemini API) | Not retained on our servers; subject to Google’s data practices |
| Analytics data | Retained in anonymised, aggregated form for up to 24 months |
| Crash reports | Technical identifiers retained for up to 12 months |
| Subscription records | Transaction metadata retained as required by applicable financial and tax law (typically 7 years) |
| Support correspondence | Up to 2 years from the date of the last communication |
6. Your Rights and Choices
Depending on your location, you may have the following rights:
Access. You may request a copy of the personal data we hold about you.
Correction. You may request that we correct inaccurate or incomplete data. Note that most of your data can be corrected directly within the App.
Deletion. You may delete your account and all associated server-side data at any time. See the Data Deletion page for step-by-step instructions.
Data portability. You may export your resume data from within the App as a PDF. We aim to add structured data export (JSON) in a future update.
Restriction and objection. You may ask us to restrict processing of your data or object to processing based on legitimate interests.
Withdrawal of consent. Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Opt out of analytics. You may disable analytics tracking at any time in the App’s Privacy Settings.
Public profile removal. You may remove your public digital profile at any time from the App’s Profile settings. Upon removal, the public URL will cease to return your content.
To exercise any rights not available directly within the App, contact us at moshlabs2+resumiq@gmail.com. We will respond within 30 days. We may need to verify your identity before processing your request.
EU and UK residents: You also have the right to lodge a complaint with your local supervisory authority (for EU residents, the relevant data protection authority in your Member State; for UK residents, the Information Commissioner’s Office).
California residents (CCPA/CPRA): You have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of the sale or sharing of personal information. We do not sell or share personal information as defined by the CCPA.
7. International Data Transfers
Resumiq is operated globally. Our sub-processors (Google, RevenueCat) are primarily based in the United States. If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with data transfer restrictions, your personal data may be transferred to and processed in the United States.
We rely on the following transfer mechanisms:
- Google LLC: operates under the EU–US Data Privacy Framework and Standard Contractual Clauses
- RevenueCat, Inc.: relies on Standard Contractual Clauses for transfers from the EEA/UK
By using the App, you acknowledge that your data may be processed in the United States or other countries outside your jurisdiction of residence.
8. Children’s Privacy
The App is not directed at children under the age of 13 (or 16 in the EEA and UK). We do not knowingly collect personal information from anyone under the applicable minimum age. If you believe a child under this age has provided us with personal information, please contact us immediately at moshlabs2+resumiq@gmail.com and we will delete that information promptly.
9. Third-Party Links
The App may allow you to include links to external websites in your resume (such as your portfolio or LinkedIn profile). These sites are not operated by us. We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies before providing your personal information to them.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other legitimate business reasons. When we make material changes, we will:
- Update the “last updated” date at the top of this page
- Display a notice within the App
- Send a notification to the email address associated with your account where the change is significant
Your continued use of the App after the effective date of a revised Policy constitutes your acceptance of the changes to the extent permitted by applicable law.
11. Contact
For privacy questions, data access requests, deletion requests, or concerns:
Email: moshlabs2+resumiq@gmail.com
Subject line: Privacy Inquiry — Resumiq
Website: https://moshlabs.org/app/resumiq/
Operator: Sparse Technologies Limited