Last updated: 2026-05-11 · Effective: 2026-05-11
Cookie Policy
This Cookie Policy explains what cookies and similar technologies (collectively, “cookies”) ResumesTailor uses on resumestailor.com and the ResumesTailor application (collectively, the “Service”), why we use them, and how you can control them. It supplements our Privacy Policy and forms part of our Terms of Service.
1. What are cookies?
A cookie is a small text file that a website stores in your browser when you visit it. Cookies are widely used to make websites work, to make them work more efficiently, and to provide information to the site owner. The same legal rules apply to similar storage technologies, such as local-storage, session-storage and web beacons, which we therefore also treat as “cookies” for the purposes of this Policy.
Cookies can be classified by:
- Who sets them: first-party (set by resumestailor.com) or third-party (set by a domain other than the one you are visiting).
- How long they last: session cookies (deleted when the browser closes) or persistent cookies (remain until they expire or are deleted).
- What they do: strictly necessary, functional, analytics, or marketing.
2. The categories of cookies we use
2.1 Strictly necessary (always active)
These cookies are required to deliver the Service. Without them, parts of the Service cannot function. They do not store personal data beyond what is needed to keep you signed in and secure your session, and we do not require consent for them under applicable law.
2.2 Functional (always active)
These cookies remember your preferences (theme, language) and let the Service personalize features that you have configured. Disabling them will not prevent the Service from working, but you will lose those preferences between sessions.
2.3 Analytics (consent-based)
These cookies help us understand how the Service is used — which features are popular, where users encounter errors, and where to invest engineering time. We use them only with your consent (or where your browser sends a Global Privacy Control signal, we treat that as a withdrawal of consent). You can manage this category from Manage Cookies.
2.4 Marketing / advertising
We do not currently use marketing or cross-context behavioural advertising cookies. If we add them in the future, we will list them here and obtain consent before they are activated.
3. The specific cookies we set
The table below identifies the cookies and similar technologies that the Service uses today. We may update this inventory from time to time; the “Last updated” date at the top of the page reflects the most recent revision.
| Name | Party | Category | Purpose | Duration |
|---|---|---|---|---|
resumestailor.session_token | First-party | Strictly necessary | Authenticates your signed-in session. HttpOnly, Secure, SameSite=Lax. | 7 days (rolling) |
better-auth.csrf_token | First-party | Strictly necessary | CSRF protection for authentication requests. | Session |
rt-cookie-consent | First-party | Strictly necessary | Records your cookie-banner choice so we don’t ask again. | 12 months |
theme (localStorage) | First-party | Functional | Remembers your light / dark mode preference. | Until cleared |
ph_* (multiple) | Third-party (PostHog) | Analytics | Pseudonymous product analytics — feature usage, session replays (only with explicit consent), funnels. Only set if our PostHog key is configured and you have consented. | 12 months |
Google OAuth state cookies (g_csrf_token, __Secure-*, etc.) | Third-party (Google) | Strictly necessary | Set by Google during the sign-in flow when you authenticate via Google OAuth. | Per Google’s policy |
We do not use first-party advertising cookies, social-media tracking pixels (Facebook Pixel, LinkedIn Insight Tag, etc.), or third-party retargeting cookies on the Service.
4. How we obtain consent
On your first visit to resumestailor.com we display a cookie banner with two equally-prominent options: Accept and Manage. If you click Manage you can grant or deny consent at the category level. If you do nothing, we apply only the strictly-necessary category until you make a choice. We do not treat closing the banner as consent.
Your choice is stored in a first-party cookie (rt-cookie-consent) for twelve (12) months, after which we will ask again. You may withdraw or change your choice at any time using the Manage Cookies link in the footer.
5. Browser signals we respect
- Global Privacy Control (GPC). If your browser sends the
Sec-GPC: 1header, we treat that as a request to opt out of non-essential analytics processing, in addition to a request to opt out of “sale” or “share” of personal information for purposes of California, Colorado and other US-state privacy laws. - Do Not Track (DNT). There is no industry consensus on how to interpret DNT signals, so we currently do not rely on DNT alone, but the GPC signal above supersedes DNT and is honoured.
6. Browser-level controls
Most browsers let you view, manage, delete and block cookies directly. Where you delete or block cookies, you may not be able to sign in to the Service. The links below take you to the cookie-management documentation for popular browsers:
Information about disabling cookies for other browsers is usually available from the browser developer’s documentation.
7. Mobile and extension considerations
Our browser extension does not set cookies of its own beyond the storage required for sign-in tokens, which it stores in the browser’s extension-storage APIs (not as traditional cookies). The extension communicates with resumestailor.com using your existing session cookies and does not introduce additional tracking.
8. Changes to this Cookie Policy
We will revise this Policy when we add, change or remove cookies, when the law changes, or when we add new functionality that requires disclosure. Material changes will be announced in-app and via the cookie banner.
9. Contact
Questions? Email support@resumestailor.com.