Skip to main content
ResumesTailor

Last updated: 2026-05-11

Your Data Rights

This page summarises the rights you have over your personal data under the major privacy laws that apply to ResumesTailor, and explains how to exercise them. It supplements our Privacy Policy, which contains the canonical descriptions of how we process personal data and what we share with third parties.

1. Who is the controller / fiduciary?

ResumesTailor is the data controller for the purposes of the EU and UK General Data Protection Regulation (“GDPR”), and the data fiduciary for the purposes of India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”). We are the business for the purposes of California’s CCPA/CPRA. Contact: support@resumestailor.com.

2. Self-serve tools (use these first)

Several rights can be exercised yourself, without contacting us:

  • Export your data. Settings → Privacy & Data → Download. Generates a single JSON file containing every record we hold about you (resumes, cover letters, optimization history, job applications, portfolios, preferences, subscriptions, payments, audit logs).
  • Delete your account. Settings → Danger Zone → Delete Account. Removes your content within thirty (30) days and anonymizes the rest, subject to legally-required retention of financial records.
  • Edit your profile. Settings → Profile.
  • Manage cookies. Footer → Manage Cookies.
  • Marketing opt-out. Unsubscribe link in any marketing email.

3. Rights under the EU/UK GDPR

If you are in the European Economic Area, the United Kingdom or Switzerland, you have the rights listed below. The article numbers refer to the EU GDPR; the UK GDPR contains equivalent provisions.

  • Article 13/14 — Information. Right to be informed about how we process your personal data. This page and the Privacy Policy provide that information.
  • Article 15 — Access. Right to obtain a copy of the personal data we hold about you and information about the processing.
  • Article 16 — Rectification. Right to have inaccurate personal data corrected and incomplete personal data completed.
  • Article 17 — Erasure (“right to be forgotten”). Right to have your personal data deleted in defined circumstances (e.g., when the data is no longer needed, or you withdraw consent and there is no other legal basis).
  • Article 18 — Restriction. Right to have processing restricted while a dispute is being resolved.
  • Article 20 — Portability. Right to receive personal data you provided in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • Article 21 — Objection. Right to object to processing based on legitimate interests, and an absolute right to object to direct-marketing processing.
  • Article 22 — Automated decision-making. Right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you. We do not engage in such processing — AI tailoring is suggestive, not decisional.
  • Article 7(3) — Withdraw consent. Where consent is the lawful basis, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Article 77 — Complain. Right to lodge a complaint with your local supervisory authority. See section 9 below.

4. Rights under India’s DPDP Act, 2023

If you are a data principal in India, you have the following rights under the DPDP Act:

  • Section 11 — Right to access information. Receive a summary of the personal data being processed and the processing activities undertaken on it.
  • Section 12 — Right to correction and erasure. Request correction, completion, updating, or erasure of personal data.
  • Section 13 — Right of grievance redressal. Address grievances to us; we will respond within the period prescribed by the rules made under the DPDP Act. Our designated grievance contact is support@resumestailor.com.
  • Section 14 — Right to nominate. Designate another person to exercise these rights on your behalf in the event of your death or incapacity.
  • Withdraw consent. Withdraw consent at any time with the same ease with which it was given. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Complain to the Data Protection Board of India. If you remain unsatisfied with our response to a grievance, you may complain to the Data Protection Board of India.

5. Rights under California’s CCPA / CPRA

If you are a California resident, you have the following rights:

  • Right to know — what categories of personal information we collect, the sources of that information, the purposes for collection, the categories of third parties with whom we share it, and the specific pieces of personal information we have collected about you.
  • Right to delete personal information, subject to permitted exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing of personal information. We do not sell or share personal information as those terms are defined by the CCPA/CPRA.
  • Right to limit use and disclosure of sensitive personal information. We do not use sensitive personal information beyond providing the Service.
  • Right of no retaliation for exercising your rights.
  • Right to designate an authorized agent to act on your behalf.

We honour valid Global Privacy Control (GPC) signals as a request to opt out of sale/share for visitors who appear to be California residents.

6. Rights under other US state privacy laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Tennessee (TIPA), Delaware (DPDPA), New Jersey (NJDPA), New Hampshire (NHDPA), Indiana (ICPA), Kentucky (KCDPA), Maryland (MODPA), Minnesota (MCDPA), Rhode Island (RIDTPPA), Nebraska (NDPA), and other US states with comprehensive privacy laws have rights similar to those listed above, including access, correction, deletion, portability, and opt-out of targeted advertising and sale. Contact us at support@resumestailor.com to exercise these rights.

7. Rights under other laws

  • Brazil (LGPD). Access, correction, anonymization, blocking, deletion, portability, information, revocation of consent.
  • Australia (Privacy Act 1988). Access, correction, complaint to the OAIC.
  • Canada (PIPEDA and provincial laws). Access, correction, complaint to the OPC or provincial commissioner.
  • South Africa (POPIA). Access, correction, deletion, objection.

8. How to make a request

  1. Where possible, use the self-serve tools in Section 2.
  2. Otherwise, email support@resumestailor.com with the subject line “Data subject request” and tell us:
    • Which right you are exercising;
    • The country, state or region whose law you are relying on (if you know);
    • The email address associated with your account (if any);
    • Any additional context that will help us help you.
  3. We will acknowledge the request within ten (10) calendar days and substantively respond within thirty (30) days. For complex requests we may extend by an additional thirty (30) days and will tell you if so. DPDP-Act erasure requests will be honoured within the period specified by the rules made under the DPDP Act.
  4. We may need to verify your identity before acting on the request. For signed-in users we treat the authenticated session as sufficient verification.
  5. If we cannot fulfil the request (for example, because we do not hold any data about you, or because the law allows us to refuse), we will tell you why and what your recourse is.

9. Supervisory and regulatory authorities

9.1 European Economic Area

You have the right to lodge a complaint with the supervisory authority in your member state of residence, place of work, or the place of the alleged infringement. A directory is maintained by the European Data Protection Board at edpb.europa.eu/about-edpb/about-edpb/members_en.

9.2 United Kingdom

Information Commissioner’s Office (ICO), ico.org.uk.

9.3 Switzerland

Federal Data Protection and Information Commissioner (FDPIC), edoeb.admin.ch.

9.4 India

Data Protection Board of India (constituted under section 18 of the DPDP Act, 2023). Contact details will be published by the Government of India as the Board becomes operational.

9.5 California

California Privacy Protection Agency (CPPA), cppa.ca.gov. You may also contact the California Attorney General.

9.6 Brazil

Autoridade Nacional de Proteção de Dados (ANPD), gov.br/anpd.

10. International transfers

Our hosting and AI infrastructure operate primarily in the United States. Where required by law, transfers of personal data from the EEA, UK, or Switzerland to the United States or other third countries rely on the European Commission’s Standard Contractual Clauses or equivalent transfer mechanisms. Where applicable we conduct Transfer Impact Assessments. The list of sub-processors we use is at /subprocessors.

11. Recourse and complaints

If you are not satisfied with our response to your request, please first reply and tell us why; we will review the matter. If you remain dissatisfied, you have the right to complain to your local supervisory authority (see section 9) and to seek a judicial remedy. We will not retaliate against you for exercising your rights.

12. Contact

For all data-rights requests: support@resumestailor.com.