Legal

Privacy Policy

Last updated: April 9, 2026

TL;DR

We process your candidates' resumes using AI, then delete everything. ZIP files are deleted after ranking completes. Results auto-delete after 24 hours. We don't build candidate databases. Your candidates' data is sent to OpenAI for scoring. You -- the employer -- are responsible for complying with local employment and privacy laws in your jurisdiction.

1. Who We Are

ResumeRank is a resume screening service operated by Polsia Inc., a Delaware corporation. We help hiring managers rank batches of resumes against a job description using AI. Contact us at support@resumerank.co.

2. What We Collect

We collect only what is necessary to operate the service:

  • Your email address -- to deliver ranked results to you
  • Job description text -- used as the AI scoring rubric
  • Resume PDFs (uploaded in a ZIP file) -- text is extracted for AI scoring
  • Payment information -- handled entirely by Stripe; we never see your card number

We do not require account creation. We do not collect demographic data or build candidate profiles.

3. How We Process Your Data

When you submit a ranking job:

  • We extract plain text from each PDF -- text only, no images or metadata
  • That text and your job description are sent to OpenAI's API to generate a relevance score and brief summary per candidate
  • Results are stored temporarily so you can view and export them
  • No human at ResumeRank reads your resumes

Important: Resume text is transmitted to OpenAI, a third-party AI provider. By using ResumeRank, you acknowledge this data transfer. OpenAI does not use API inputs to train their models by default. See Section 5 for sub-processor details.

4. Data Retention

We delete your data aggressively:

  • ZIP files and PDFs -- deleted from our servers immediately after the ranking job completes (or fails)
  • Extracted text and AI results -- automatically deleted 24 hours after the job completes
  • Email address -- retained only to associate results with your session; not added to any mailing list

We do not retain data between sessions. Once the 24-hour window closes, data cannot be recovered. Export your results before the deadline.

Employer note: Some jurisdictions (including California) require employers to retain records of automated hiring decisions for up to 4 years. ResumeRank deletes results after 24 hours. You are responsible for downloading and retaining your results before deletion if your jurisdiction requires it. See Section 8.

5. Sub-Processors

We use the following third parties to operate the service:

  • AI scoring: OpenAI -- Receives resume text and job description to generate scores. Subject to OpenAI's privacy policy. OpenAI does not use API inputs to train their models by default.
  • Payment processing: Stripe -- We never see or store your payment card details. Subject to Stripe's privacy policy.
  • Hosting provider: Render -- Your data transits and is temporarily stored on their US-based infrastructure.
  • Database provider: Neon -- Encrypted at rest; used for temporary job storage during the 24-hour window.

We do not use advertising networks, data brokers, or individual-tracking analytics platforms.

6. Cookies and Tracking

We do not use tracking cookies or cross-site tracking pixels. We use a single localStorage value to associate your browser session with a ranking job ID -- this is purely functional and contains no personal information. We may log aggregate, non-identifying metrics (total jobs processed, error rates) for operational purposes.

7. Data Security

All data is transmitted over HTTPS/TLS. Data at rest in our database is encrypted. We apply the principle of least privilege. Despite reasonable precautions, no system is perfectly secure. We recommend not uploading resumes containing sensitive government-issued identification numbers or financial account details.

8. Your Compliance Responsibilities (Important)

ResumeRank is a tool, not a compliance solution. By using ResumeRank, you represent and warrant that:

  • You have the legal right to process the resumes you upload (e.g., candidates submitted them in response to a job posting)
  • Your use of ResumeRank complies with applicable employment, privacy, and anti-discrimination laws in your jurisdiction
  • If your jurisdiction requires candidate notification of automated decision-making (e.g., NYC Local Law 144, California Civil Rights Regulations effective Oct 2025), you will provide that notice to candidates independently
  • If your jurisdiction requires retention of automated hiring records (e.g., California's 4-year requirement), you will download and retain your results before the 24-hour deletion window closes
  • If you hire candidates who are EU residents, you acknowledge that additional GDPR obligations may apply to your organization as a data controller, including candidate rights to access, object, and explanation of automated decisions

Note: ResumeRank does not make hiring decisions -- it surfaces ranked text matches. Final decisions rest solely with you. You remain the data controller for your candidates' information.

9. California Residents (CCPA/CPRA)

ResumeRank's customers are businesses, not individual consumers. However, the resumes you upload contain personal information of California-resident job applicants. As a business using ResumeRank to process that data:

  • You are the data controller responsible for CCPA/CPRA compliance with your applicants
  • You must provide applicants with a notice of data collection at or before the time of collection
  • Applicants have the right to access, correct, or delete their personal information
  • You must disclose that AI-assisted screening tools are used in your hiring process

ResumeRank processes candidate data only on your behalf as a service provider under CCPA. We do not sell or share candidate personal information with third parties for advertising or non-service purposes.

10. International Users and GDPR

ResumeRank is operated from the United States. If you use ResumeRank to process resumes of EU/EEA residents, you should be aware that:

  • Candidate data is transferred to and processed in the United States
  • OpenAI and Render are US-based sub-processors
  • Under GDPR Article 22, candidates have the right not to be subject to solely automated decisions that significantly affect them -- as the employer and data controller, you must ensure candidates have the ability to request human review
  • You may need a legal basis under GDPR Article 6 for processing candidate data

ResumeRank is not designed as a GDPR-compliant solution for EU-based employers. If you are subject to GDPR, consult your legal counsel before using this service for EU candidate data.

11. Children's Privacy

ResumeRank is a professional hiring tool not directed at children under 13. We do not knowingly collect data from children.

12. Changes to This Policy

If we make material changes to how we handle your data, we will update the 'Last updated' date at the top of this page. Continued use of the service after changes constitutes acceptance.

13. Contact

Questions? Email support@resumerank.co. We respond within 2 business days.