Privacy Policy

Your privacy and data security are our top priorities

Last updated: November 11, 2025

At Resumi, operated by TANJAKSOFT SOLUTIONS (003791654-D), we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and the General Data Protection Regulation (GDPR) where applicable.

By using Resumi, you consent to the data practices described in this policy.

1. Information We Collect

Personal Information

  • Email address (for account creation and communication)
  • Full name (for personalization and resume building)
  • Payment information (processed securely by Stripe - we do not store card details)
  • OAuth data (Google profile information if you sign in with Google)

Resume Content

  • All information you enter in your resume (work experience, education, skills, etc.)
  • Profile photo (if uploaded)
  • Custom sections and content

Usage Information

  • IP address and device information
  • Browser type and version
  • Pages visited and features used
  • AI credits usage and generation history
  • Login timestamps and activity logs

2. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide resume building, AI content generation, and template access
  • Account Management: To create and manage your account, authenticate login, and track subscription status
  • Payment Processing: To process payments for 7-Day Pass and Lifetime subscriptions via Stripe
  • AI Processing: To send your prompts to OpenAI API for content generation (your data is processed but not stored by OpenAI for training)
  • Communication: To send transactional emails (purchase confirmations, account updates, support responses)
  • Analytics: To improve our service, understand user behavior, and optimize features
  • Security: To prevent fraud, detect abuse, and protect our service

3. Data Storage and Security

Where We Store Your Data

  • Resume data: Stored in secure PostgreSQL database hosted on Vercel
  • Profile images: Stored in AWS S3 with encryption at rest
  • Server location: Data centers in Singapore and United States

Security Measures

  • All data transmitted via HTTPS/TLS encryption
  • Passwords hashed using bcrypt (never stored in plain text)
  • Regular security audits and updates
  • Access controls and authentication via NextAuth.js
  • Database backups performed daily

4. Third-Party Services

We share limited data with the following trusted third-party services:

  • Stripe: Payment processing (email, name, payment method)
  • OpenAI: AI content generation (prompts only, not stored for training)
  • Google OAuth: Authentication (profile info, email)
  • AWS S3: Image storage (profile photos)
  • Vercel: Hosting and database services

We do NOT sell, rent, or trade your personal data to any third parties for marketing purposes.

5. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Session management, authentication (required)
  • Functional Cookies: Remember your preferences (language, template choice)
  • Analytics: Understand usage patterns (anonymous data)

You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

6. Your Privacy Rights

Under PDPA and GDPR, you have the following rights:

  • Access: Request a copy of all data we hold about you
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your account and data ("right to be forgotten")
  • Portability: Export your resume data in common formats (PDF, JSON)
  • Objection: Object to certain data processing activities
  • Withdraw Consent: Withdraw your consent for data processing at any time

To exercise these rights, contact us at support@resumi.my. We will respond within 30 days.

7. Data Retention

  • Active Accounts: Data retained as long as your account is active
  • Deleted Accounts: Personal data deleted within 30 days of account deletion for voluntary cancellations
  • Terminated for Violation: Accounts terminated for fraud, commercial misuse, or Terms violations: data export disabled immediately, data deleted within 90 days, evidence of violation retained for legal/dispute purposes
  • Payment Records: Retained for 7 years for tax and accounting purposes (as required by Malaysian law)
  • Abuse/Fraud Logs: Usage logs, IP addresses, and activity records for accounts flagged for abuse may be retained indefinitely for security and fraud prevention
  • Guest Data: Resume data in browser (localStorage) cleared when you sign up or manually delete

Data export rights (Section 6) do not apply to accounts terminated for fraud, commercial misuse, or severe violations of our Terms of Service.

7A. Commercial Use Prohibition and Data Processing

Our service is intended for personal, individual use only. If you use Resumi to provide services to third parties (e.g., resume writing for clients) without authorization:

  • You are acting as a data processor on behalf of your clients, and you are solely responsible for compliance with data protection laws (PDPA, GDPR) regarding your clients' personal information
  • TANJAKSOFT SOLUTIONS disclaims all liability for your processing of third-party personal data through our platform
  • You must obtain appropriate consents from your clients to process their data and inform them that their data is being processed through a third-party platform
  • You indemnify TANJAKSOFT SOLUTIONS for any data protection violations, claims, or penalties arising from your unauthorized commercial use
  • We reserve the right to delete all data associated with accounts engaged in unauthorized commercial use, without providing data export options

For authorized Business or Enterprise use, separate Data Processing Agreements (DPA) and Business Associate Agreements (BAA) are required. Contact support@resumi.my for commercial licensing.

8. Children's Privacy

Resumi is not intended for users under 18 years old. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately at support@resumi.my.

9. International Data Transfers

Your data may be transferred to and processed in countries outside Malaysia (Singapore, United States) where our service providers operate. We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses (SCCs) approved by relevant data protection authorities
  • Security measures compliant with PDPA (Malaysia) and GDPR (where applicable)
  • Data Processing Agreements with all third-party service providers

GDPR Notice for European Union Residents

While Resumi is primarily targeted at Malaysian users, if you are accessing our service from the European Economic Area (EEA), United Kingdom, or Switzerland, please be aware:

  • TANJAKSOFT SOLUTIONS does not have a designated EU representative as our business is based in Malaysia and primarily serves Malaysian residents
  • Your data may be transferred to and processed in countries that may not provide the same level of data protection as the EU
  • By using our service from the EU, you expressly consent to such data transfers and acknowledge the associated risks
  • We recommend EU residents use alternative services with full GDPR compliance infrastructure if this is a concern

Legal Basis for Processing (EU users): We process your data based on (a) contractual necessity to provide our services, (b) your explicit consent, and (c) our legitimate business interests in service improvement and fraud prevention.

10. Data Breach Notification

In the event of a data breach that may compromise your personal information, we will:

  • Notify affected users via email within 72 hours of discovering the breach
  • Inform relevant Malaysian data protection authorities as required by PDPA
  • Provide details about what data was compromised and steps we are taking to address it

However, TANJAKSOFT SOLUTIONS shall not be liable for any damages arising from data breaches caused by factors beyond our reasonable control, including third-party service provider breaches, sophisticated cyber attacks, or unauthorized access despite our security measures.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our service. Your continued use after changes indicates acceptance of the updated policy.

Contact Our Data Protection Officer

For any privacy-related questions, data access requests, or concerns:

Email: support@resumi.my

Subject: "Privacy Request" or "Data Protection"

Response Time: Within 30 days

Business Name: TANJAKSOFT SOLUTIONS

Registration: 003791654-D

Location: Malaysia

Limitation of Liability: While we implement industry-standard security measures and comply with applicable data protection laws, TANJAKSOFT SOLUTIONS maximum liability for any privacy-related claims shall not exceed the amount paid by you in the 12 months prior to the claim. For FREE users, maximum liability is RM 50. We are not liable for indirect, consequential, or punitive damages arising from privacy incidents.

Privacy Policy - Resumi | Resumi