Privacy Policy
How Boost My Resume collects, stores, and processes your data, including AI processing, transfer safeguards, and deletion.
Boost My Resume is operated by N Marketing SASU (SIREN 890 496 565), 61 rue de Lyon, 75012 Paris, France. This policy explains what we collect, why, how long we keep it, and the rights you have over it. We are the data controller for personal data processed through the service.
What we collect
When you use Boost My Resume, we hold the following:
- Account information. Your email address (required to sign in), an optional display name, an optional locale preference, and your current plan tier.
- Source resumes. PDF and DOCX files you upload, stored in our managed object storage. We parse each upload into a structured profile so we can re-use it across tailorings.
- Resume photo (optional). If you add a photo to a resume in the builder, we store the cropped image (a JPEG, private to your account in our EU object storage) and its crop settings. It appears only on that resume's preview and exports. We never send the image to the AI/LLM providers, never run face recognition or any biometric processing on it, and you can remove it at any time from the editor.
- Tailored resumes. The structured resume we generate for each job, with scores and the verbatim job description you pasted.
- Self-tailoring ("Match") data. When you tailor a resume yourself in the builder (the manual "Match" tab), we store the verbatim job description you paste against that resume, an extracted summary of the posting's hiring requirements, and any cover letter you generate. The requirement summary is also held in a shared cache keyed by a fingerprint of the job-description text, so the same posting is only analysed once; that cache entry carries no link to your account.
- Cover letters. The generated text of each cover letter you produce.
- Anonymized job-description analytics. Aggregate, non-personal statistics with no link back to your account, used to study which roles people tailor for and to publish aggregate, non-personal insights and research about the job market.
- Public ATS check. If you use our public ATS check without an account, we hold an anonymous result keyed by a random identifier (no email, no account) plus a content hash of the file you uploaded. We do not store the uploaded file itself. This is detailed under Public ATS check (no account needed).
- Payment metadata from Stripe. Customer ID, subscription ID, plan and billing dates. We never see or store your card number.
- Credit ledger. Credit balance and usage history.
- Support and feedback. Contact-form submissions and feedback on each tailoring.
How we use it
We use this data only to:
- run the service you signed up for (parse your resume, generate tailored output, render PDFs and DOCX files);
- power the self-tailoring ("Match") tools when you tailor a resume yourself (extract a job posting's requirements, score how well your resume covers them, draft suggested resume bullets from text you provide, generate a cover letter, and translate a job description into your resume's language);
- send transactional email (sign-in confirmations, password resets, email-change confirmations, receipts, and a one-time "your result is ready" notice with a secure one-click sign-in link when your first tailoring finishes) - these are service messages tied to an action you took, so they are sent regardless of your marketing-email preferences;
- process payments and tax through Stripe;
- answer your support requests and act on your feedback;
- protect the service against abuse (rate limits, bot checks, fraud signals).
We do not sell your data, share it with advertisers, or use your resumes or job descriptions to train any machine-learning model. The terms governing our third-party AI processing providers prohibit using customer content to train models.
Legal bases (GDPR Article 6)
- Performance of a contract - to provide the tailoring, generation, billing and support you signed up for, including sending only the text needed for an AI feature you request to our model providers.
- Consent - when you sign in through an OAuth provider, they share specific fields with us based on your authorisation.
- Legitimate interest - to keep the service secure (rate limits, bot detection, abuse mitigation) and to study and publish aggregate, non-personal usage and job-market patterns.
- Legal obligation - to keep tax and billing records required by French and EU law.
Sub-processors
We rely on a small number of sub-processors, each bound by a Data Processing Agreement and, where applicable, the EU Standard Contractual Clauses.
- EU cloud hosting and managed database services
- Payment, billing and tax processing
- Transactional email delivery
- Third-party AI/LLM processing providers
- CDN and bot-protection
- Optional OAuth sign-in providers
The current list of named sub-processors, including jurisdictions and DPA references, is available on request at contact@boostmyresume.org.
International transfers
Your account data, source resumes, tailored outputs and authentication records are stored in the EU. This storage commitment does not mean that AI processing stays in the EU. When you request an AI feature, the text needed to provide it is processed by third-party AI providers; the legal basis is performance of the service you requested. One of these providers uses a global endpoint, so we do not guarantee that AI processing occurs or remains in the EU. These providers are bound by Data Processing Agreements and, where applicable, the EU Standard Contractual Clauses, and their terms prohibit using customer content to train models. Some other sub-processors may also process limited data outside the EU under the same safeguards. The third-party analytics, ad-attribution and tag-management scripts described under Cookies involve transfers to the United States (Google LLC, Microsoft Corporation) and Singapore (Ahrefs Pte. Ltd.); these run only on the public site and, in GDPR jurisdictions, only after you accept on the cookie banner. Our self-hosted, first-party usage analytics (Umami, described under Cookies) introduces no new external sub-processor and no transfer outside the EU - it runs on our own EU servers (Germany), already covered by our hosting provider.
How long we keep it
- Account profile - for as long as your account is open. If you request deletion, we honour the 30-day grace period described below; once the grace period ends, the profile is permanently removed without undue delay.
- Source and tailored resumes, cover letters - for as long as your account is open, so you can re-export prior outputs. Deleted together with your account.
- Resume photos - kept as long as the resume they belong to. Deleting the photo in the editor, deleting the resume, or deleting your account removes the stored image. Duplicating a resume copies its photo; each copy is deleted with its own resume.
- Job descriptions - kept verbatim while your account is open, so you can re-tailor against a past posting or audit how a result was produced. We do not trim, summarise or rewrite the stored text. On request via the contact form below, we permanently delete the stored verbatim text within a short delay. An anonymized analytics row, with no link back to you, may be retained indefinitely (next bullet).
- Anonymized JD analytics - retained indefinitely. The row has no link back to your account and cannot be re-identified. The same applies to anonymized analytics derived from a job description pasted into the public ATS check.
- Self-tailoring ("Match") data - the job description and any cover letter you save against a resume in the manual "Match" tab are kept for as long as that resume exists, and are deleted when you delete the resume or your account. The shared requirement-summary cache (keyed by a fingerprint of the job-description text, with no link to your account) holds entries for up to 180 days and clears unused entries on an ongoing basis.
- Public ATS check result - the anonymous score report is kept for 30 days so you can re-open or refresh your result, after which it is deleted. The content hash of an uploaded file is kept for the same 30 days to recognise an identical re-upload and serve the stored result without re-running the model; it cannot reconstruct the file. The uploaded file itself is processed in memory to produce the score and is not stored. See Public ATS check (no account needed).
- Stripe payment metadata and invoices - retained for the duration required by tax law (currently 10 years for accounting records under French law), then deleted.
- Support messages and feedback - retained for as long as your account is open, then deleted with the account.
- Operational and security logs - application and security logs use a non-reversible reference to your account and are retained for a limited period (currently up to 90 days), then deleted.
- First-party usage analytics (Umami) - we retain aggregate statistics only (page views, referrers, UTM source/medium/campaign, approximate country, browser/device type and custom-event counts). We do not store your raw IP address or User-Agent.
Security and fraud prevention data
To prevent fraud, defend against payment disputes and secure your account, we keep a record of key consent and payment events: technical identifiers, region, the version of the Terms and Privacy Policy you accepted, and event timestamps. Legal basis: legitimate interest (Article 6(1)(f) GDPR). Where we rely on legitimate interest, you have the right to object to the processing on grounds relating to your particular situation (Article 21) - write to contact@boostmyresume.org to exercise this right. These records are retained for 13 months from your last activity, after which the technical identifiers and region are anonymized.
Cookies
We run a small number of strictly necessary cookies plus a short list of analytics, ad-attribution and tag-management scripts on the public site. If you are in the EU, the UK, Norway, Iceland or Liechtenstein, none of the analytics, ad-attribution or tag-management scripts load until you click Accept on the cookie banner at the bottom of the page. If you decline, none of them load and none of their cookies are set. Outside those jurisdictions, the scripts load by default and you can opt out through your browser's cookie controls.
The signed-in product area (your dashboard, the tailoring workbench, settings, billing) does not load any cookie-based or third-party analytics, ad-attribution or tag-management script - only the strictly necessary cookies below. The one exception is our self-hosted, cookieless first-party usage analytics (Umami, described below), which runs across the whole site, including the signed-in product area; it sets no cookies and loads no script in your browser.
Strictly necessary
These are set regardless of consent because the service cannot function without them.
- Authentication session - set when you sign in. Required to keep you signed in across requests.
- Theme preference - a first-party cookie remembering your light or dark setting.
- Consent choice (
bmr_consent) - a first-party cookie that records your Accept or Decline click on the cookie banner so we do not ask again on every page. Values:acceptedorrefused. Lifetime: 1 year.SameSite=Lax. - Stripe checkout - set inside the Stripe iframe during checkout. Stripe is the controller for this cookie.
- Cloudflare Turnstile - set on sign-up, forgot-password, reset and contact forms, and on the two public ATS check pages (
/resume-atsand/resume-job-offer), to confirm you are not a bot. Cloudflare is the controller for this cookie.
Analytics, ad-attribution and tag management (public site only, consent-gated in GDPR jurisdictions)
- Google Tag Manager - Google LLC (United States) under the EU Standard Contractual Clauses. Loads a lightweight container script from
googletagmanager.comthat decides which of our downstream tags to fire based on your consent state. The container script itself does not set any tracking identifiers; it only delivers and gates the tags listed below. - Google Ads conversion tracking - Google LLC (United States) under the EU Standard Contractual Clauses, fired from inside the Google Tag Manager container above. Sends three conversion events to Google Ads to enable keyword-level attribution for our paid search campaigns: account creation (
sign_up), tailoring submission (tailoring_submitted) and successful purchase (purchase). Each event carries an event name, a value in cents, a currency, and an anonymous transaction ID; no email, name or resume content is sent. - Google Analytics 4 - Google Ireland Limited (EU) with onward transfers to Google LLC (United States) under the EU Standard Contractual Clauses. Visitor analytics and conversion import into Google Ads. Sets first-party
_gaand_ga_*cookies (2 years). - Microsoft Clarity - Microsoft Corporation (United States), with EU-region collection where available, under the EU Standard Contractual Clauses. Session recording and heatmaps on public pages only - we deliberately do not record any signed-in product surface. Sets
_clck(1 year) and_clsk(1 day) first-party cookies. - Ahrefs Web Analytics - Ahrefs Pte. Ltd. (Singapore). Privacy-friendly visitor analytics for SEO. Marketed as cookieless; Ahrefs uses a hashed fingerprint of request signals instead of a cookie.
First-party usage analytics (self-hosted, cookieless, runs everywhere including the product area)
- Umami (self-hosted) - a privacy-friendly analytics tool we run on our own servers in the EU (Germany), the same infrastructure that hosts the application. Unlike the items above, this is not a third-party service: there is no external analytics recipient, no new sub-processor, and no transfer outside the EU. No Umami script ever loads in your browser and no cookie is set by this baseline measurement. Our own server records aggregate usage - page views, referrer, UTM campaign source, approximate country, browser and device type, and counts of a few product actions (such as opening a dialog, signing up, or submitting a tailoring), including some interaction signals (scroll depth, which outbound links are clicked, which buttons are clicked described by their tag and accessible label, and which forms are submitted by form name). These signals never capture on-screen text, what you type, or your form-field values - no résumé or job-description content is ever recorded. The product-action events carry only aggregate metadata (for example the chosen sign-in method, your interface language, or the length of a pasted job description as a number); they never include your email or any resume or job-description text. To work out an approximate country and device, our server passes your IP address and browser User-Agent to Umami - it does not store your raw IP address or User-Agent. These interaction events use a short-lived random session key stored in your browser's
sessionStorage(not a cookie) so two events in the same visit can be joined; it holds no name, email or device fingerprint and is cleared when you close the tab. Because it is first-party, cookieless, and self-hosted, this baseline measurement runs in all jurisdictions and is not gated behind the cookie banner. Legal basis: legitimate interest (Article 6(1)(f) GDPR) in understanding aggregate usage of our own service. Where we rely on legitimate interest you have the right to object (Article 21) - write to contact@boostmyresume.org.
First-party analytics cookies (consent-gated, feed the self-hosted Umami above)
These two cookies improve the same self-hosted, first-party Umami measurement described above - they add no new third party and the data stays on our own EU infrastructure. They are consent cookies: they are set only for visitors who accept the cookie banner, or for visitors outside GDPR jurisdictions. EU, UK and EEA visitors who decline keep the cookieless, aggregate-only analytics described above and neither cookie is set. Both are first-party and httpOnly, and both are dropped if you later decline or withdraw consent.
- Visitor id (
bmr_vid) - a first-party,httpOnlycookie holding a random UUID (no name, email or device fingerprint). It gives a single visitor a persistent id so we can measure one visitor's journey across sessions in our self-hosted Umami. Lifetime: about 1 year (rolling). Legal basis: consent (ePrivacy / GDPR). - First-touch attribution (
bmr_attr) - a first-party,httpOnlycookie storing the marketing source captured on your first landing: the Google Ads click id (gclid),utm_*campaign parameters, and the hostname of the external site that referred you. It lets us attribute a later sign-up or purchase back to the ad or source that brought you, in the same self-hosted Umami. Captured once on first touch and never overwritten. Lifetime: about 1 year. Legal basis: consent (the same banner gate asbmr_vid).
Google Consent Mode v2
Google Tag Manager uses four consent categories defined by Google: ad_storage, ad_user_data, ad_personalization and analytics_storage. In GDPR jurisdictions, the container loads in the default-denied state on your first visit, which means none of the Google tags above store identifiers or send personal data until consent is given. Our cookie banner is binary - a single Accept click sets all four categories to granted at once, and a single Decline click leaves all four denied. We do not currently offer per-category granular control; you either accept or decline the whole set.
How to change your mind
In GDPR jurisdictions, clear the bmr_consent cookie for boostmyresume.org in your browser and the banner will show again on your next visit. We do not currently expose an in-app button to re-open the banner. Anywhere in the world, blocking third-party cookies, using your browser's tracking-protection mode, or installing a content blocker stops these scripts from loading even on visits where they would otherwise run.
Switzerland is treated as a non-GDPR jurisdiction for the purpose of this banner: Swiss visitors do not see the consent banner and the scripts load by default. Swiss residents can still object at any time under the Swiss Federal Act on Data Protection by writing to contact@boostmyresume.org.
Account deletion
You can request deletion of your account from Settings → Danger zone. We mark your account as pending deletion, then allow a 30-day grace period during which you can cancel the request simply by signing in again. After the grace period ends, your account is closed and your data is queued for permanent removal: profile, source resumes, resume photos, tailored resumes, cover letters (including self-tailored "Match" cover letters and the job descriptions you saved against a resume), contact messages and feedback. Removal is completed on an operator-run schedule rather than instantly; if you need written confirmation that removal has been completed for your account, write to contact@boostmyresume.org. Stored verbatim job descriptions are kept beyond account closure for the security and dispute-prevention purposes described above; to delete those, write to the same address. Anonymized JD analytics (which carry no link to you) are not affected.
Public ATS check (no account needed)
We offer a public ATS check that anyone can use without an account and without giving us an email address. There are two pages: a general readability check (/resume-ats), and a job-match check (/resume-job-offer) where you also paste a job description. The check returns an honest ATS readability score and, on the match page, a job-match score against the posting you paste. It is a best-practices pre-check, not a guarantee that any application will succeed or reach a human reviewer.
Here is exactly what happens to your data on these pages:
- The file you upload is not stored. Your resume (PDF, DOC or DOCX) is processed in memory to produce the score, then discarded. We keep only a content hash (an md5 fingerprint) of it, so that an identical re-upload can be served from the stored result instead of re-running the model. The hash is not your resume content and cannot be used to reconstruct the file.
- The result is anonymous. The score report - the numeric scores and the per-point evidence and recommendation text - is stored against a random identifier, not against any account or email address. It carries no
user_id. The random identifier lets you poll for, re-open and refresh your result; anyone who does not hold that identifier cannot reach the report. - The job description you paste (match page only) is sent to the model to compute the match score. From it we derive and store an anonymized analytics row (the same aggregate, non-personal job-market statistics described above), which carries no link to you, and we may cache the employer's company logo (a public favicon) in a public storage bucket.
- Where it is processed. Processing begins on our own infrastructure in the EU (a private microservice on a German server), and the necessary text is also processed by third-party AI providers. One of these providers uses a global endpoint, so we do not guarantee that this AI processing stays in the EU. The provider terms prohibit training on customer content; these are the same sub-processors and safeguards described under Sub-processors and International transfers.
- Abuse prevention. Cloudflare Turnstile (an anti-bot check) runs on these pages, and we apply per-IP rate limiting. The IP address is used transiently to enforce the rate limit and is not stored with your result.
Because this path is anonymous by design, we cannot link a stored result back to a specific person. This limits the data-subject rights that depend on identifying you: we have no way to single out "your" anonymous result on request. If you want a result removed, send us the random identifier from its URL and we will delete the corresponding report. The legal basis for this processing is our legitimate interest (Article 6(1)(f) GDPR) in offering a no-signup tool and in keeping it secure against abuse.
Your rights
Under the GDPR, you have the right to access, correct, delete, restrict, or object to the processing of your personal data, and the right to data portability (Articles 15 to 22). To exercise any of these rights - access, rectification, deletion, portability, restriction or objection - write to us at contact@boostmyresume.org or use the contact form. Data protection requests can also be sent directly to dpo@boostmyresume.org. For convenience, account deletion can also be initiated directly from Settings → Danger zone. We acknowledge requests within one business day and respond within one month, as set out in Article 12(3) of the GDPR. You also have the right to lodge a complaint with a supervisory authority, for users in France the CNIL.
Children
The service is not intended for users under 16. If we learn that we have collected personal data from a child under 16, we will delete it (GDPR Article 8).
Changes to this policy
When we update this policy, the "Last updated" date at the top changes. Material changes will be announced in the app and by email to active users.
Contact
For any question about this policy or how we handle your data, email us at contact@boostmyresume.org.