Privacy Policy

Last updated: February 15, 2026

This Privacy Policy describes how Guardian Nexus LLC ("we," "us," or "our") collects, uses, and protects your information when you use Resume Nexus ("the Service").

1. Information We Collect

Account Information

When you create an account, we collect:

• Your name and email address
• A password (hashed — we never store or access your plaintext password)

Uploaded Content

When you use the Service, you may upload or paste:

• Resumes (PDF, DOCX, or TXT files, or pasted text)
• Job descriptions (PDF, DOCX, or TXT files, or pasted text)

Important: Resumes and job descriptions may contain personally identifiable information (PII) of job candidates. You are responsible for ensuring you have the right to upload and process this information.

AI Provider Credentials

If you choose to use your own AI provider API key, the key is encrypted at rest using industry-standard encryption (Fernet/AES-128-CBC). Plaintext keys are never stored or logged.

Usage Data

We automatically collect:

• Screening session metadata (timestamps, document counts, AI provider used)
• Audit logs of account actions (login, settings changes, data deletion)

We do not log filenames, email addresses, resume content, or other PII in server logs. Only anonymized IDs and action types are recorded.

2. How We Use Your Information

• To provide the Service: Processing resumes and job descriptions through AI analysis.
• To authenticate you: Managing your account and sessions.
• To improve the Service: Aggregated, anonymized usage statistics (never individual content).
• To communicate with you: Account-related emails (verification, password reset, security alerts).

3. Third-Party AI Processing

To perform screening analysis, your uploaded resumes and job descriptions are sent to your selected AI provider:

• OpenAI — subject to the OpenAI Terms of Use and Privacy Policy.
• Anthropic — subject to the Anthropic Terms and Privacy Policy.
• Ollama (self-hosted) — processed on your own infrastructure; no data leaves your network.

Both OpenAI and Anthropic state that API data is not used to train their models. However, we encourage you to review their current policies directly.

4. Data Storage and Security

• Account data and screening results are stored in Supabase (PostgreSQL) with Row Level Security ensuring data isolation between users.
• Uploaded files are stored in Supabase Storage with per-user path isolation.
• All data is encrypted in transit (TLS/HTTPS) and at rest.
• API keys are encrypted using Fernet symmetric encryption before storage.
• We implement rate limiting, input validation, and CSRF protection.

5. Data Retention

You control how long your data is retained through the Settings page. Options include:

• 7 days, 30 days, 90 days, 1 year, or manual deletion only
• Option to automatically delete screening results when source documents expire

You may delete all your data at any time via Settings. Deletion is permanent and includes all resumes, job descriptions, screening sessions, results, and stored files.

6. Data Sharing

We do not sell, rent, or share your personal information or uploaded content with third parties, except:

• AI providers: As described in Section 3, to perform screening analysis.
• Infrastructure providers: Supabase (database/storage), Vercel (hosting) — operating as data processors under their respective DPAs.
• Legal compliance: If required by law, regulation, or valid legal process.

7. Your Rights

You have the right to:

• Access your data through the Service interface.
• Export your screening results (Excel or HTML format).
• Delete any or all of your data at any time.
• Close your account, which triggers permanent deletion of all associated data.

8. Cookies

We use strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies. No third-party analytics are embedded in the Service.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

11. Contact

For privacy-related questions or to exercise your data rights, contact us at privacy@resumenex.us.