← Back to GetSmartResume

Privacy Policy

Last updated: 2026-05-12. Controller: Denis Šachmajev (Czech Republic). Privacy and data requests: soniya@getsmartresume.com.

1. Scope

This policy describes how we collect, use, and share personal data when you use our websites, dashboards, authentication, and payments. It is intended to meet transparency requirements under the EU General Data Protection Regulation (“GDPR”), the UK GDPR, and similar laws where they apply to you.

2. Data we process

  • Account and profile: email address, password hash (held by our authentication provider), name or display name if you provide it, and profile or usage data you save in the product.
  • Technical data: IP address, browser type, device identifiers, pages viewed, and approximate timestamps—used for security, debugging, and aggregated analytics.
  • Payments: when you purchase premium access, our payment processor (Stripe) receives billing-related data you enter at checkout. We store purchase references (such as session or customer identifiers) needed to prove entitlement and comply with tax and accounting rules.
  • Communications: messages you send us (for example via contact channels) and service emails such as confirmations or security notices.

3. Purposes and legal bases (GDPR)

Depending on the situation, we rely on one or more of the following legal bases under Article 6 GDPR:

  • Contract (Art. 6(1)(b)): providing the Service you sign up for, including accounts, dashboards, tests, and premium content you paid for.
  • Legitimate interests (Art. 6(1)(f)): securing the Service, preventing abuse, improving features, and measuring aggregated usage—balanced against your rights.
  • Consent (Art. 6(1)(a)): where we ask for optional marketing or non-essential cookies, and you opt in. You may withdraw consent at any time without affecting processing that was based on another ground.
  • Legal obligation (Art. 6(1)(c)): where we must retain or disclose information to comply with law, court orders, or tax rules.

4. Processors and international transfers

We use trusted service providers who process data on our instructions, including for example:

  • Supabase (authentication and database hosting)—may process data in the EU, US, or other regions according to their infrastructure and your project configuration.
  • Stripe (payments)—may process payment data in the United States and other countries under Stripe’s agreements and safeguards (such as Standard Contractual Clauses where applicable).
  • Vercel (hosting and analytics where enabled) and Cloudflare (performance and security telemetry where enabled).

Where GDPR requires safeguards for transfers outside the EEA/UK, we rely on appropriate mechanisms such as the EU Commission Standard Contractual Clauses or equivalent UK arrangements, as offered by our providers.

5. Retention

We keep personal data only as long as needed for the purposes above, including legal, tax, and dispute-resolution periods. Account data is deleted or anonymized when no longer required, subject to backups and legal holds.

6. Your rights (EU/EEA, UK, and similar)

Where the GDPR or UK GDPR applies, you may have the right to:

  • Access your personal data and receive a copy (Art. 15);
  • Rectify inaccurate data (Art. 16);
  • Erase data in certain cases (“right to be forgotten”, Art. 17);
  • Restrict processing (Art. 18);
  • Data portability for data you provided, where processing is automated and based on contract or consent (Art. 20);
  • Object to processing based on legitimate interests, including profiling (Art. 21);
  • Withdraw consent at any time, where processing is based on consent (Art. 7(3));
  • Lodge a complaint with your local supervisory authority.

To exercise these rights, email soniya@getsmartresume.com or use the Contact page. We may need to verify your identity before responding.

7. Cookies and similar technologies

We use cookies and similar technologies that are necessary for authentication, security, and core functionality. Where we use optional analytics or marketing technologies, we will request your consent where required (for example in the EU/EEA).

8. Children

The Service is not directed at children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children.

9. Changes

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. For material changes, we may provide an additional notice (for example by email or banner).

10. Related documents

Please also read our Terms of Use, which govern use of the Service alongside this policy.