Privacy Notice

INTRODUCTION

This notice explains what personal data we collect, for what purposes, the legal bases, who we share it with, how long we keep it, and what rights you have, in line with Regulation (EU) 2016/679 (GDPR).

Our site and services are intended for individuals aged 18+. We do not knowingly collect data from children under 18.

For cookies and similar technologies, see our Cookie Policy.

DATA CONTROLLER

Murgu Adrian — Sole Proprietor (PFA)

Professional address: Onești, Aleea Parcului no. 7, Staircase A, Apt. 1, Bacău County, Romania

Identifiers: CUI 48569206; EUID ROONRC.F4/605/2023; Series B No. 4756551; Primary activity CAEN 6201

Contact email (GDPR): contact@resume-cloud.com

WHAT DATA WE COLLECT

We collect only what’s needed to provide the resume creation and management service. Examples:

• Account data: email, password (hashed), subscription status, profile settings.
• Resume content you enter (identity, education, experience, skills, professional links, photo if you choose to upload).
• Payment status and transaction identifiers (via Stripe). We do not store full card details.
• Technical data: access logs, security events, cookie/consent identifiers, language settings, device/browser; aggregated GA4 analytics (only with consent).

Please do not provide or upload sensitive data (e.g., national ID numbers, health, religious/political beliefs, orientation). If you enter such data in free-text fields, you are responsible for it.

Service intended for users aged 16+.

PURPOSES & LEGAL BASES

• Contract performance — Account creation, FREE/PREMIUM features, payment processing, support.
• Legal obligation — Accounting/tax duties (e.g., invoicing).
• Legitimate interests — Security, abuse/fraud prevention, service improvement, internal operational stats (no marketing profiling).
• Consent — Google Analytics 4; we load scripts only after explicit consent, per the Cookie Policy. Cookie Policy.

DATA SHARING & PROCESSORS

We do not sell your data. Where needed, we use processors to deliver the service:

• Hosting and app delivery platform (Vercel).
• Supabase — authentication and storage for PREMIUM accounts.
• Stripe — payment processing and fraud prevention.
• Resend — transactional emails (e.g., password setup, receipts).
• Google Analytics 4 (consent-only) — aggregated audience measurement.

These providers act under data processing agreements; international transfers may apply as described below.

INTERNATIONAL TRANSFERS

For some services (Stripe, Google, Resend, Vercel/Supabase), data may be transferred outside the EU/EEA (e.g., USA). We rely on Standard Contractual Clauses (SCCs) and additional safeguards to ensure adequate protection.

STORAGE & RETENTION

• Guest users (no account): resume drafts are kept only locally in your browser (localStorage/IndexedDB); not sent to our servers.
• PREMIUM account (Supabase): we keep data while the account exists. When you delete the account, we remove associated content. We do not keep backups of resume content in our systems.
• Fiscal data from accounting documents (e.g., invoices) is kept as required by Romanian law (up to 10 years).
• Technical/security logs: up to 12 months, for abuse detection and service integrity.

If you request deletion of the account/a data copy, we irreversibly remove it from operational systems, keeping only legally required records.

SECURITY MEASURES

We apply appropriate technical and organizational measures to protect personal data:

• Secure transport (TLS) for all connections.
• Service-level encryption for sensitive data and passwords stored as hashes.
• Need-to-know access; admin authentication and logging.
• While we take reasonable steps, no transmission/storage method is absolutely secure.

PUBLIC RESUME & SHARE LINKS

If you enable “Share link” for a resume, it becomes publicly accessible via URL.

• Anyone with the link can view the displayed content.
• We apply a “noindex” directive (meta or X-Robots-Tag) on public resume pages to discourage search engine indexing.
• You can revoke the public link anytime from your account (disable/delete).

YOUR RIGHTS

Under GDPR you have the rights to access, rectification, erasure (“right to be forgotten”), restriction, portability, objection, and to withdraw consent.

• Right of access — receive a copy of your personal data.
• Right to rectification — fix inaccurate or incomplete data.
• Right to erasure — under Art. 17 GDPR conditions.
• Right to restriction — as per Art. 18 GDPR.
• Right to portability — receive data in a structured, commonly used, machine-readable format.
• Right to object — including processing based on legitimate interests.
• Right to withdraw consent — for consent-based processing (e.g., GA4).

Send rights requests to contact@resume-cloud.com

If you are not satisfied with our response, you may contact the Romanian DPA (ANSPDCP): https://www.dataprotection.ro/.

AUTOMATED DECISIONS & PROFILING

We do not make automated decisions producing legal effects and we do not perform marketing profiling.

CHANGES TO THIS NOTICE

We may update this notice to reflect legal or operational changes. We will publish the updated version and adjust the “Last updated” date.