Last updated: April 28, 2026 · Effective: April 28, 2026
Resume AI Optimizer ("we", "our", "the app", "the service") is a mobile application that uses artificial intelligence to assist users in tailoring their resumes for specific job descriptions. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have over your data.
Data Controller:
Jeremiah Divyan David
A3/245, Manna Farm, Padappai
Kancheepuram, Tamil Nadu 601301
India
Email: jd@ezerapp.com
By installing or using the app, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, do not use the app.
The app is a paid download (US$0.99 one-time, or local equivalent) that includes 99 starter credits. Optional in-app purchases include the Pro auto-renewing subscription (US$9.99 / month for 999 monthly credits) and one-time credit top-ups (Uplift US$4.99 for 499 credits; Boost US$29.99 for 2,999 credits).
All purchases (the paid download, the Pro subscription, and credit top-ups) are processed by Apple or Google as the merchant of record. We do not see, store, or process your credit card number, bank account, or any other payment instrument.
We do not store the contents of your resumes or job descriptions on our servers after the AI request completes. The content is held in memory only for the duration of the request, sent to Anthropic's Claude API, and discarded once the optimized output is returned to you.
When you use in-app feedback features (thumbs-up / thumbs-down on an AI result, "Report a problem with this output", or "Report a Problem" in Settings), we store the feedback you submit in Firestore so our support team can review it. Specifically:
We never include your original resume or your pasted job description in a feedback submission. Content-report excerpts are capped at 800 characters and contain only the AI output, so we can identify the problem without reproducing your full resume content on our servers.
Feedback is used solely to (a) respond to abuse/content reports under App Store and Google Play policies, (b) fix bugs you report, and (c) improve the quality of AI output. It is not used for advertising or sold to third parties.
| Purpose | Data used | Legal basis (EEA/UK) |
|---|---|---|
| Create & authenticate your account | Name, email, SSO ID, Firebase UID | Performance of contract (Art. 6(1)(b)) |
| Verify the paid download, Pro subscription & credit purchases | Subscription/credit data, store receipts | Performance of contract (Art. 6(1)(b)) |
| Run AI resume optimization | Resume text, job description, refinement chat messages | Performance of contract (Art. 6(1)(b)) and your explicit consent via the AI consent gate (Art. 6(1)(a) / Art. 9(2)(a) where applicable) |
| Save outputs to your Drive | Generated PDF/DOCX, Drive OAuth token (held only on your device) | Performance of contract (Art. 6(1)(b)) |
| Improve app stability & performance | Crash logs, pseudonymous analytics | Legitimate interests (Art. 6(1)(f)) — keeping the app working |
| Prevent fraud & abuse | Account metadata, IP at request time (not stored), credit transaction logs | Legitimate interests (Art. 6(1)(f)) |
| Comply with legal obligations | Whatever is legally required | Legal obligation (Art. 6(1)(c)) |
The app supports three sign-in methods. You choose which one to use. We only ever receive what that provider chooses to share with us:
drive.file scope so we can save generated documents to a folder our app creates in your Google Drive (see Section 5).Files.ReadWrite.AppFolder scope so we can save generated documents to an app-specific folder in your OneDrive (see Section 5).Authentication is handled by Firebase Authentication. We do not see, store, or have access to your Apple, Google, or Microsoft password.
You can revoke our access at any time from your provider's account-management page (Apple ID Settings → Sign in with Apple; myaccount.google.com → Security → Third-party access; account.microsoft.com → Privacy → App access).
Generated resumes are saved to your own cloud drive — not ours. We do not host, mirror, copy, index, scan, or otherwise touch the resumes that end up in your Drive. They belong to you, live in your account, and stay with you if you stop using our app.
drive.file OAuth scope. This is the most restrictive Drive scope Google offers.Files.ReadWrite.AppFolder Microsoft Graph scope. This is the most restrictive OneDrive scope Microsoft offers.The app's core feature — resume optimization, fit assessment, and chat-based refinement — is powered by Anthropic's Claude API, a large language model service operated by Anthropic, PBC (United States).
When you tap "Optimize", "Check Fit", or send a chat message, we transmit the following to Anthropic over an encrypted (TLS 1.2+) connection:
Anthropic processes the request, returns the result to our backend, and we forward it to your device. We do not retain the request or response in our database. Anthropic's data handling and retention policies apply during processing — see anthropic.com/privacy. Anthropic states that data submitted via its API is not used to train its models by default.
Automated decision-making (GDPR Art. 22): the AI processing is automated. It does not produce a legal or similarly significant decision about you — it produces a suggested resume edit that you are free to accept, reject, or ignore. You always remain in control of the final document. The AI consent gate (shown the first time you use any AI feature) is your explicit opt-in to this automated processing.
Important: While we take reasonable measures to protect your data during transmission, we cannot guarantee absolute security of any data sent over the internet or processed by third-party AI services. You transmit your resume content at your own risk and are solely responsible for the accuracy and appropriateness of what you upload. Do not upload resumes containing data you are not legally permitted to share.
If you grant permission, we may send you a small number of helpful reminders about your job search — for example, a friendly nudge to revisit the app a few days after you last optimized a resume, or a note that an unused free credit is still available. Notifications are opt-in only and are disabled by default. We never send marketing or promotional messages.
To deliver these messages we use Firebase Cloud Messaging (operated by Google LLC), which routes notifications to Apple's APNs service on iOS and to Google's FCM service on Android. We store a device-specific notification token, your time zone, and the hour you first opened the app on your user document so we can send each reminder at a sensible local time. We do not share these signals with anyone outside the operator and our infrastructure provider.
You can turn notifications off at any time in two ways: (1) toggle "Helpful reminders" off inside the app's Settings screen, or (2) revoke notification permission in your device's OS settings. Either action stops all further messages. We also automatically stop sending reminders if you ignore three messages in a row, or after twelve lifetime reminders, whichever comes first.
Your data may be processed by the following service providers (sub-processors). Each is governed by its own privacy policy.
| Provider | Purpose | Data shared | Location | Policy |
|---|---|---|---|---|
| Apple Inc. | Sign in with Apple, App Store payments, push notifications | Account ID, purchase receipts | USA / global | Link |
| Google LLC (Firebase, Google Sign-In, Google Drive, Google Play) | Authentication, database, analytics, crash reporting, file storage, payments | Account ID, email, name, usage events, crash logs, generated files | USA / global | Link |
| Microsoft Corporation (Identity Platform, Graph API, OneDrive) | Authentication, OneDrive file storage | Account ID, email, name, generated files | USA / global | Link |
| Anthropic, PBC | AI resume optimization (Claude API) | Resume text, job description, chat messages | USA | Link |
International transfers. If you are located in the European Economic Area, the United Kingdom, Switzerland, or any country with a data-export restriction, your data will be transferred to and processed in the United States and other countries that may not offer the same level of data protection as your home jurisdiction. We rely on the following legal mechanisms:
| Data category | Retention period |
|---|---|
| Account profile (name, email, SSO ID) | Until you delete your account, then erased within 30 days |
| Subscription & credit history | 7 years (financial / tax records) |
| Resume / job description content | Not retained — held only in memory for the AI request, then discarded |
| Chat-to-Refine messages | Not retained on our servers after the request completes |
| Generated PDF/DOCX files | We do not retain them; they are saved directly to your Drive |
| Firebase Analytics events | Up to 14 months (Firebase default) |
| Firebase Crashlytics reports | Up to 90 days |
| In-app feedback, content reports & bug reports | Up to 365 days, then deleted. Reports acted on for safety/legal reasons may be retained longer in anonymized form. |
| Server logs (Cloud Functions) | 30 days |
No method of electronic transmission or storage is 100% secure. While we apply reasonable industry-standard safeguards, we cannot guarantee absolute security and are not liable for any unauthorized access, data breach, or security incident beyond our reasonable control.
Subject to your jurisdiction, you have the following rights:
To exercise any of these rights, email jd@ezerapp.com. We will respond within 30 days (or sooner if required by law).
You can delete your account and all associated personal data in three ways:
Your account and personal data will be erased from our systems within 30 days. Note: subscription billing data may be retained longer where required by tax/financial law (see Section 8). Files you saved to your Google Drive or OneDrive are yours and are not deleted by us — you can delete them directly in your Drive.
The app is intended for users aged 16 and older. We do not knowingly collect personal data from anyone under 16. If you are under 16, do not use the app and do not provide any information to us. If we discover that we have collected data from a person under 16, we will delete it promptly. Parents or guardians who believe their child has provided personal data may contact us at jd@ezerapp.com for removal.
In the United States, this complies with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501–6506). In the EEA, it complies with GDPR Art. 8 (digital consent age, set to 16 across the EU and lower in some Member States — we apply the highest threshold).
Data Controller: see Section 1.
EU Representative (Art. 27 GDPR): To be designated. We are in the process of appointing an EU representative through a service such as Prighter, EDPO, or DataRep. EU residents may contact us in the meantime at jd@ezerapp.com.
UK Representative (UK GDPR Art. 27): To be designated. UK residents may contact us in the meantime at jd@ezerapp.com.
Supervisory authority complaint: you have the right to lodge a complaint with the data protection authority in your country of residence. For the EU list, see edpb.europa.eu/about-edpb/members. For the UK, see the Information Commissioner's Office.
Online Dispute Resolution (EU Reg. 524/2013): the European Commission's ODR platform is available at ec.europa.eu/consumers/odr/.
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you specific rights. In the past 12 months we have collected the following categories of personal information (per Cal. Civ. Code §1798.140):
"Do Not Sell or Share My Personal Information." We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. We do not have a "Do Not Sell" link because there is nothing to opt out of.
Sensitive personal information. We do not collect or process sensitive personal information as defined by CPRA.
You have the right to: know what we collect, delete your information, correct inaccurate information, opt out of sale/sharing (n/a), limit use of sensitive data (n/a), and not be discriminated against for exercising these rights. To exercise your rights, email jd@ezerapp.com. We will verify your identity using your registered email address. You may designate an authorized agent to make a request on your behalf.
Shine the Light (Cal. Civ. Code § 1798.83): we do not share personal information with third parties for their direct marketing purposes.
Residents of US states with comprehensive privacy laws have rights similar to those described above (access, delete, correct, opt out of targeted advertising — which we do not engage in). Submit requests to jd@ezerapp.com.
The data controller's identity is in Section 1. You have rights of access, correction, deletion, portability, information about sharing, and revocation of consent. Complaints may be filed with the Autoridade Nacional de Proteção de Dados (ANPD). Our Data Protection Officer (Encarregado) for Brazil can be reached at jd@ezerapp.com.
We comply with the Personal Information Protection and Electronic Documents Act and, for Quebec residents, the Act respecting the protection of personal information in the private sector (Law 25). You may file a complaint with the Office of the Privacy Commissioner of Canada or, in Quebec, the Commission d'accès à l'information.
We are a Data Fiduciary under the Digital Personal Data Protection Act, 2023. Our Grievance Officer can be reached at jd@ezerapp.com. You may also escalate to the Data Protection Board of India.
We comply with the Act on the Protection of Personal Information. The purpose of use is described in Section 3 above. We provide personal data to third parties only as described in Section 7.
Where local law provides additional rights (e.g., South Korea PIPA, Singapore PDPA, Australia Privacy Act, South Africa POPIA, Turkey KVKK, Saudi Arabia PDPL, UAE PDPL), those rights are honored. Email us to exercise them.
To the fullest extent permitted by applicable law, we disclaim all liability for:
Our total aggregate liability for any privacy-related claim is governed by the Limitation of Liability section of our Terms & Conditions.
If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where required by law (e.g., GDPR Art. 33), and we will notify affected users without undue delay where required (e.g., GDPR Art. 34, US state breach notification laws).
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be notified in-app or by email at least 30 days before they take effect, where required by law. Your continued use of the app after the effective date constitutes acceptance of the revised policy. If you do not agree with a change, you must stop using the app and may delete your account.
For privacy questions, data subject access requests, account deletion, or to designate an authorized agent:
Email: jd@ezerapp.com
Postal: Jeremiah Divyan David, A3/245, Manna Farm, Padappai, Kancheepuram, Tamil Nadu 601301, India