What we store
Account email, the resume content you author, AI request metadata (provider, model, tokens, cost) and export artifacts. We don't collect resume content from outside the product.
Privacy
What we store, why, and how to remove it.
A plain-English summary lives below. The full policy is being drafted alongside our compliance review and replaces this page before we open paid plans.
This is a working summary, not a final legal document. The production privacy policy will replace this page once the legal review completes.
Where it lives
Postgres on Supabase with row-level security. Exports are stored in a private bucket and served through whiteresume.com signed URLs. Service-role keys are server-only and never reach the browser.
AI processing
AI requests run server-side against the configured providers. Prompt versions are logged. We do not enable provider-side training on your content.
Cookies and analytics
Authentication cookies are httpOnly and SameSite=Lax. We minimise third-party tracking and disclose any analytics provider in this section as it ships.
Data export and deletion
You can export your resume data as JSON at any time and request full account deletion from settings. Deletion is irreversible.
Changes
Material changes are announced by email. The current revision date is displayed at the bottom of this page.
Last updated · Working draft