← Back to PixelResume

Privacy Policy

Last updated: May 28, 2026

✦ The short version

We never sell or share your email or any personal data with third parties for advertising, marketing, or any other purpose.
We don't use trackers from ad networks. The only analytics we run is Google Analytics for aggregate traffic stats.
You own your data. Export or delete your resumes anytime. No questions asked.
We only contact you about your account: verification emails, password resets, exports you requested, and (if you opt in) expiry reminders.
No marketing emails. No newsletter. No "we miss you" spam. Period.

1. What we collect

When you create an account, we store:

Email address: Used for login, account recovery, and exports you request.
Name: Used for personalization in the app and in emails (we use just your first name).
Password: Stored as a one-way bcrypt hash. We can't see your actual password, and never will.
Resume content: The data you type into the builder, encrypted in transit (HTTPS) and stored in our database.
Optional Google identity: If you sign in with Google, we store your Google ID and avatar URL (not your password).
Plan and payment metadata: Stripe customer ID and session ID. We do not see or store your card details; those stay with Stripe.
Hashed IP address in email logs: stored for abuse prevention only. The raw IP is hashed (SHA-256), not stored in plain text.

2. What we don't collect

We don't track you across other websites.
We don't read or analyze your resume content for any purpose other than rendering and exporting it.
We don't profile you for advertising.
We don't sell, lease, or rent any personal data to anyone, for any price, ever.

Our promise: Your email address will never be passed to a third party for marketing or advertising purposes. Not now, not ever. If we ever fail this promise, it would be a breach of this policy and grounds for legal action.

3. Who we share data with, and why

We work with a small number of essential service providers ("data processors") who help us run the service. They are bound by their own privacy obligations and only see the minimum data needed to do their job:

Stripe: Handles payment processing. They see your email and payment info (which they need). They do not get access to your resume content.
Google: Only if you choose to sign in with Google. They verify your identity and provide your name, email, and profile picture.
Google Analytics: Aggregate site traffic only (page views, country, device type). We have IP anonymization enabled. We do not identify individual users.
Resend: Transactional email delivery (account verification, PDF exports, password reset). They see your email address and the content of emails sent to you. They do not get access to your resume data. Resend Privacy Policy.

That's the complete list. There are no advertising networks, no data brokers, no analytics tools beyond GA, and no "partners".

International data transfers

Stripe, Google, and Resend are US-based companies. When we use their services, your data may be transferred to and processed in the United States. These transfers are covered by the EU Standard Contractual Clauses (SCCs) or equivalent mechanisms under GDPR Article 46. Each provider has agreed to these obligations and is bound by their own privacy and data protection commitments.

4. Legal basis for processing (GDPR)

If you are located in the European Union, we process your personal data under the following legal bases (GDPR Article 6):

Contract performance (Art. 6(1)(b)): Covers processing your email, name, and resume content to provide the service you signed up for (account management, PDF generation, exports).
Legitimate interests (Art. 6(1)(f)): Covers security measures (login monitoring, rate limiting, CSRF protection), fraud prevention, and aggregate analytics (Google Analytics with IP anonymization). These interests do not override your rights.
Consent (Art. 6(1)(a)): Optional expiry reminder emails. You can withdraw consent at any time in your account settings.
Legal obligation (Art. 6(1)(c)): Covers retaining certain records if required by applicable law.

5. How we use your data

To provide the service (storing your resumes, generating PDFs, sending exports).
To send you transactional emails: account verification, password resets, PDF deliveries you requested, and (only if you opt in) Pro expiry reminders.
To prevent abuse (rate limiting, login attempt monitoring).
To understand aggregate usage and improve the product (via Google Analytics).

6. How long we keep it

Account data: Kept while your account is active.
Deleted resumes: Kept in a "trash" state for 30 days so you can restore them, then permanently purged.
Email logs: Kept for up to 7 days for rate-limiting and abuse prevention, then purged.
Account deletion: When you delete your account, all your data is permanently removed within 30 days.

7. Your rights

You can, at any time:

Access: Request a copy of all data we hold about you.
Correct: Edit your name, email, and resume content directly in the app.
Delete: Delete your account from the Account page. This permanently removes all your data within 30 days.
Export: Download your resumes anytime as PDF.
Opt out: Disable expiry notifications anytime in your account settings.
Complain: If you're in the EU, you have the right to file a complaint with your local data protection authority. We hope you'll contact us first so we can fix it.

8. Cookies

We use only essential cookies:

Session cookie: Keeps you logged in. Expires when you close your browser or sign out.
CSRF token: A security measure to prevent cross-site request forgery.
Google Analytics cookies: Anonymous traffic measurement.

We don't use advertising cookies, social media trackers, or any third-party advertising scripts.

9. Security

All traffic uses HTTPS with HSTS and modern TLS.
Passwords are stored as one-way bcrypt hashes.
CSRF protection on all state-changing requests.
Strict Content Security Policy.
Login attempt monitoring against brute-force attacks.
Database backups stored securely.

No system is 100% secure, but we take this seriously. If you believe you've found a vulnerability, please email security@pixelresume.com.

10. Children

PixelResume is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe we have collected such data, please contact us and we'll delete it.

11. Changes to this policy

If we make meaningful changes to this policy, we'll notify all registered users by email at least 14 days before the change takes effect. You'll always have the option to delete your account before any new policy applies to you.

12. Contact

Questions, complaints, GDPR requests, or just curious? Use our contact form or reach out directly:

Email: support@pixelresume.com

Data controller: Richard Novotny, operating as PixelResume

Business ID: 74619560

Address: Prague, Czech Republic, European Union

If you are in the EU and believe we have not adequately addressed your concern, you have the right to lodge a complaint with the Czech Data Protection Authority (ÚOOÚ) or the supervisory authority in your country of residence.