Privacy Policy

1. Introduction

Welcome to Visume AI ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at visume.ai (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the Service.

2. Information We Collect

We collect information that you provide directly to us, as well as information generated through your use of the Service.

Information You Provide

• Account information such as your name, email address, and password when you register
• Resume content including work experience, education, skills, projects, and certifications
• Files you upload (PDF or DOCX resumes) for parsing and import
• Payment and billing information processed through our third-party payment provider (Stripe)
• Communications you send us, including support requests and feedback

Information Collected Automatically

• Usage data such as pages visited, features used, and timestamps
• Device and browser information including IP address, browser type, and operating system
• Analytics data collected via PostHog to understand how users interact with our platform

3. How We Use Your Information

We use the information we collect to provide, maintain, and improve the Service, including to:

• Create and manage your account
• Process resume content and generate structured resume data using AI
• Run AI-powered verification workflows against external data sources
• Process payments and manage subscription billing via Stripe
• Send transactional emails and service-related notifications
• Analyze usage patterns to improve features and user experience
• Detect, prevent, and address fraud, abuse, and security issues
• Comply with legal obligations

4. Data Sources & Verification

A core feature of Visume AI is verifying resume claims against publicly available external data. When you initiate a verification, our system may access:

• GitHub: Public repository data, commit history, and project metadata associated with your listed GitHub profile or repositories
• LinkedIn: Publicly accessible profile information such as work experience and education history
• Uploaded Files: Text extracted from PDF or DOCX files you upload is processed by our AI to populate resume fields and is not stored beyond the active session unless saved to your account

We only access publicly available data from these sources. We do not request OAuth access to your GitHub or LinkedIn accounts and do not store any credentials for these platforms.

5. Cookies & Tracking

We use cookies and similar tracking technologies to enhance your experience on the Service. These include:

• Essential cookies: Required for authentication sessions and core platform functionality
• Analytics cookies: Provided by PostHog to help us understand how the platform is used. Analytics data is routed through our own domain to minimize exposure to ad-blocking tools
• Preference cookies: To remember settings such as theme preferences

You can configure your browser to refuse cookies, though some features of the Service may not function properly as a result.

6. Third-Party Services

We share data with trusted third-party services that help us operate the platform:

• Clerk: Authentication and user identity management
• Stripe: Payment processing and subscription management. We do not store your full payment card details on our servers
• OpenAI: AI language model processing for resume parsing, formatting, and verification analysis. Data sent to OpenAI is governed by their API data usage policies
• Firecrawl: Web scraping service used during verification to retrieve publicly accessible profile data
• PostHog: Product analytics platform for tracking usage and product improvement
• MongoDB Atlas / Railway: Cloud infrastructure and database hosting for storing your account and resume data

Each third-party service operates under its own privacy policy and data handling practices. We encourage you to review their policies independently.

7. Data Storage & Security

Your data is stored on secure cloud infrastructure. We implement industry-standard technical and organizational measures to protect your information, including:

• Encryption of data in transit via HTTPS/TLS
• Encrypted storage at rest for sensitive data fields
• Access controls limiting data access to authorized personnel only
• Regular monitoring for unauthorized access or suspicious activity

While we take reasonable steps to protect your information, no security measures are completely impenetrable. We cannot guarantee the absolute security of your data.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, accounting, or compliance purposes.

Verification reports and associated analysis data are retained for the duration of your account and may be deleted by you at any time from your dashboard.

9. Your Rights

Depending on your location, you may have the following rights with respect to your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Portability: Request a machine-readable export of your data
• Objection: Object to certain types of processing, such as direct marketing
• Restriction: Request that we limit how we use your data

To exercise any of these rights, contact us at the email address listed in the Contact Information section below.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a minor, please contact us immediately.

11. International Data Transfers

Visume AI is operated from and our servers are located in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

By using the Service, you consent to such transfers. Where required by applicable law, we implement appropriate safeguards for international transfers of personal data.

12. Policy Updates

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you via email or a prominent notice on the platform. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: