Privacy policy
Last updated: June 2, 2026
1. Introduction
Welcome to CircleResume. This Privacy Policy ("Policy") explains how Florentin-Cristian Dumitrache, trading as Dumitrache Florentin-Cristian Persoană Fizică Autorizată (PFA), registered in Romania under CUI 46679040, Trade Register no. F40/3777/2022, with registered address at 188 Iuliu Maniu Boulevard, 061124, Bucharest, Romania ("CircleResume", "we", "us", or "our"), collects, uses, shares, and protects personal data when you access or use the CircleResume platform at circleresume.com and all related websites, applications, features, and services (collectively, the "Platform").
For the purposes of the EU General Data Protection Regulation (GDPR) and equivalent laws, CircleResume is the data controller responsible for your personal data. Our full company registration and contact details are available on our Company details page.
Personal data means any information that relates to an identified or identifiable natural person. This includes, but is not limited to, names, email addresses, IP addresses, and any content you create on the Platform.
This Policy applies to all users worldwide and should be read together with our Terms and Conditions and our Cookie Policy.
By creating an account or using the Platform, you acknowledge that you have read and understood this Policy. If you do not agree with any part of this Policy, please discontinue use of the Platform immediately.
2. Personal data we collect
We collect personal data from three sources: directly from you, automatically when you use the Platform, and from third-party services you choose to connect. If you use the Platform without an Account (guest mode), some information may be held only on your device, as described in subsection (d) below.
a) Data you provide directly
| Category | Data fields | Purpose |
|---|---|---|
| Account registration | Full name, email address, password (hashed — we never store your password in plain text) | Create and manage your account, authenticate you, and communicate important service updates |
| Resume content | First name, last name, job title, email, phone number, address, city, country, profile summary, employment history (job titles, company names, cities, dates, descriptions), education (degrees, schools, cities, dates, descriptions), skills, languages, hobbies, links, and custom sections | Generate, display, and export your resume documents |
| Cover letter content | Full name, job title, address, email, phone number, country, employer company name, hiring manager name, letter body (rich text) | Generate, display, and export your cover letter documents |
| Onboarding answers | The optional questions we may ask when you set up your account: what you want to use CircleResume for (your goals), your country, your current job title, your industry, and how you heard about us (referral source), plus any free-text detail you add to an "Other" option. You can skip onboarding or leave any question blank. | Stored on your account in our database for as long as your account exists. We use answers you choose to provide to tailor onboarding and to understand, in aggregate, who uses CircleResume — for example which countries users are in and how they found us. We use this only for our own internal product analytics and quality improvements. We do not sell, rent, or share onboarding answers with advertisers, data brokers, or any other third party. If you consent to analytics cookies, non-identifying categories you provide may also be sent to our analytics provider (see Section 9). Deleted when your account is removed. See Sections 3, 4, and 15. |
| Profile photos | Image files you upload as profile avatars (up to 10 per account) | Display your photo on your resume documents |
| Feedback & support | Feedback type, subject, description, severity, and optional screenshots | Investigate and resolve reported issues, improve our service |
| Preferences | Editor tutorial dismissal status, template choices, accent colours, typography settings | Personalise your experience and remember your editor configuration |
| AI rewrite requests | The specific resume or cover letter section text you submit for AI rewriting (up to 1,000 plain-text characters per request); the context type (resume or cover letter) | Transmitted to OpenAI to generate a suggested rewrite. The input text is not stored separately by us. If you choose to apply the result, the rewritten text replaces the original in your document and is stored as ordinary User Content. |
| Account deletion feedback | Selected reason category and optional free-text comment when you delete your account | Improve the Platform based on voluntary exit feedback. Stored separately from your User Content and retained after your account is purged (see Section 11). |
You choose what personal data to include in your resumes and cover letters. We process this data solely to provide the document creation service you have requested. We do not read, analyse, or use the content of your documents for any purpose other than delivering the service. When you voluntarily use the AI rewrite feature, the selected text section is transmitted to OpenAI solely to generate a suggested rewrite; see Section 5 and the AI rewrite notice below for details.
Special category and sensitive data. A resume or cover letter may reveal information that is treated as a special category of data under the GDPR (Article 9) — such as data revealing health, religious or philosophical beliefs, trade union membership, ethnic origin, or sexual orientation — or as sensitive personal information under other laws. We do not request or require such data. If you choose to include it, you do so on your own initiative, and you consent to us processing it as part of, and only for the purpose of, producing your documents. We recommend including such information only where it is relevant to your application and you are comfortable doing so.
b) Data collected automatically
When you access the Platform, we may automatically collect:
- IP address — recorded in your authentication session and used for rate limiting to protect the Platform from abuse.
- User agent string — browser type, version, and operating system, recorded in your session.
- Page views and navigation — anonymous, aggregated analytics data collected by Vercel Web Analytics (only if you consent via our cookie banner). No personally identifiable information is captured. Where you have consented, these analytics events may also include the non-identifying onboarding categories you selected (such as your country, industry, goals, and referral source) so we can see, in aggregate, how the product is used. This is for our internal analytics only — we do not attach your name, email, or any other identifier, and we do not sell or share this data with third parties for their own purposes.
- Error and diagnostic data — if an error occurs, our error tracking service (Sentry) may capture your user ID, email, name, IP address, request URL, browser information, and the error details to help us diagnose and fix issues. Additionally, Sentry may record a session replay of your screen at the time of the error (capturing DOM elements, clicks, and navigation — but not passwords or payment fields, which are masked). Session replays are only captured for error sessions and are used exclusively to reproduce and resolve bugs.
c) Data received from third parties
If you choose to sign in with Google, we receive the following data from Google:
- Your name
- Your email address
- Your profile picture URL
- Email verification status
We use this data solely to create and authenticate your account. We do not access your Google contacts, calendar, files, or any other Google services.
d) Guest mode (local browser storage)
If you create or edit a resume without registering, your draft content (which may include personal data you enter) is stored only in your browser using browser storage on your device (such as local storage and related storage APIs). It is not stored on CircleResume's servers until you create an Account and complete a flow that transfers or imports your draft. The in-product notice includes wording such as: "Guest mode — your draft is saved automatically on this browser."
Limitations on our responsibility and your risk of local data loss in guest mode are set out in our Terms and Conditions (Guest mode section).
3. How we use your personal data
We use your personal data for the following purposes:
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Account creation and authentication | Name, email, password hash, Google profile data | Performance of a contract (Art. 6(1)(b) GDPR) |
| Providing the resume and cover letter builder | All resume and cover letter content you enter | Performance of a contract (Art. 6(1)(b) GDPR) |
| PDF generation and export | Resume/cover letter content, profile photos | Performance of a contract (Art. 6(1)(b) GDPR) |
| Processing payments and subscriptions | User ID (shared with Polar as an external customer identifier) | Performance of a contract (Art. 6(1)(b) GDPR) |
| Sending transactional emails (verification, password reset) | Name, email address | Performance of a contract (Art. 6(1)(b) GDPR) |
| Error monitoring and diagnostics | User ID, email, name, IP, request URL, browser info, error details | Legitimate interest (Art. 6(1)(f) GDPR) — maintaining service reliability |
| Analytics (anonymous, aggregated) | Page views, visitor counts, and the non-identifying onboarding categories you selected (country, industry, goals, referral source) — no PII | Consent (Art. 6(1)(a) GDPR) — only activated with your permission |
| Internal product insights (onboarding data) | Aggregated onboarding categories you optionally provide (country, industry, goals, referral source) — stored in our database on your user account and viewed by us only in summary form | Legitimate interest (Art. 6(1)(f) GDPR) — understanding how CircleResume is used and improving quality; we do not sell this data or share it with third parties (see Section 4) |
| Rate limiting and platform security | IP address, user ID | Legitimate interest (Art. 6(1)(f) GDPR) — preventing abuse |
| Feedback and issue reports | User ID, feedback content, screenshots | Legitimate interest (Art. 6(1)(f) GDPR) — improving the service |
| AI content rewriting (Pro feature) | Selected resume / cover letter section text (up to 1,000 characters), user ID (for quota tracking) | Performance of a contract (Art. 6(1)(b) GDPR) — delivering a Pro feature you explicitly activate; transmission to OpenAI is governed by your consent per our Terms, Section 7(b) |
| Access and data portability requests | Profile, resumes, cover letters, preferences, feedback, avatar metadata, PDF export job metadata, subscription summary | Legal obligation (Art. 6(1)(c) GDPR) — responding to your rights under Articles 15 and 20 GDPR |
4. We do not sell your personal data
CircleResume does not sell, rent, trade, or otherwise provide your personal data to third parties for monetary or other valuable consideration.
We do not share your personal data for cross-context behavioural advertising, profiling, or targeted marketing. We do not use data brokers, and we do not allow third parties to collect personal data from our Platform for their own purposes.
This applies regardless of your location. For California residents: under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), this constitutes our notice that we do not "sell" or "share" personal information as those terms are defined under California law.
5. Third-party service providers
We share personal data with the following third-party service providers who act as data processors on our behalf (or, in the case of payment providers, as independent controllers). We only share the minimum data necessary to provide our service.
| Provider | Purpose | Data shared | Location | Privacy policy |
|---|---|---|---|---|
| Neon | PostgreSQL database hosting | All account data, resume/cover letter content, session data, preferences | USA | Link |
| Cloudflare (R2) | Object storage for files | Profile photos, generated PDF documents, feedback screenshots | USA / Global | Link |
| Polar | Payment processing and subscription management | User ID (as external customer identifier). Polar independently collects payment card details and billing information directly from you during checkout — we never receive or store your card numbers. | Sweden | Link |
| Resend | Transactional emails | Name, email address (for email verification and password reset emails only) | USA | Link |
| Sentry | Error tracking and diagnostics | User ID, email, name, IP address, browser/device info, request URLs, error stack traces, session replays (for error sessions only) | USA | Link |
| Vercel | Application hosting and anonymous analytics | Anonymous page view data (no personally identifiable information). Analytics are only active with your consent. | USA | Link |
| OAuth sign-in and font delivery | OAuth: we receive your name, email, and profile picture from Google when you sign in. Fonts: font family names are requested from Google Fonts for PDF rendering. | USA | Link | |
| Upstash | Rate limiting (Redis) | IP address (for public endpoints), user ID (for authenticated endpoints). Stored temporarily for rate limiting windows only. | Configurable | Link |
| Inngest | Background job orchestration (PDF generation) | Job metadata, user ID, resume/cover letter content (temporarily, during PDF generation). Functions execute on our own infrastructure. | USA | Link |
| OpenAI | AI-powered content rewriting (Pro feature only) | The specific resume or cover letter section text you submit for rewriting (up to 1,000 plain-text characters per request), plus a context label ("resume" or "cover-letter"). We donotsend your name, email, account ID, or any other identifying information. OpenAI may retain API inputs/outputs for up to 30 days for safety monitoring, after which they are deleted. Per OpenAI's API Data Usage Policy, API data is notused to train OpenAI's models. | USA | Link |
We do not share your personal data with any parties other than those listed above, except where required by law (see Section 19).
6. Payment processing
Payments are processed by Polar (Polar Software Inc.), which acts as an independent data controller for payment data. When you make a purchase:
- You are redirected to Polar's secure checkout page where you enter your payment details directly with Polar.
- We never receive, process, or store your credit card numbers, bank account details, or any full payment instrument data.
- We send Polar your user ID so they can associate the subscription with your CircleResume account.
- A Polar customer account is automatically created when you sign up for CircleResume.
For information on how Polar handles your payment data, please review Polar's Privacy Policy.
10. International data transfers
CircleResume is operated from Romania (European Union). However, several of our third-party service providers are located outside the European Economic Area (EEA), primarily in the United States. This means your personal data may be transferred to and processed in countries outside the EEA.
When your personal data is transferred outside the EEA, we ensure it is protected through one or more of the following legally recognised transfer mechanisms:
- EU-US Data Privacy Framework (DPF):Several of our US-based providers are self-certified under the EU-US Data Privacy Framework with the US Department of Commerce, which has been recognised by the European Commission as providing adequate protection (Adequacy Decision of 10 July 2023). You can verify a provider's certification at dataprivacyframework.gov.
- Standard Contractual Clauses (SCCs): Where a provider is not covered by the DPF or an adequacy decision, we rely on Standard Contractual Clauses approved by the European Commission (Decision 2021/914) or equivalent safeguards offered by the provider (for example in their data processing terms or DPA). These mechanisms impose contractual obligations on the recipient to protect your data to a standard equivalent to that within the EEA.
- Adequacy decisions: For providers in countries that the European Commission has determined offer an adequate level of data protection (e.g., Sweden, where Polar is based), no additional safeguards are required.
Below is a summary of the transfer mechanisms we rely on for each provider, based on their published privacy documentation and contractual terms as of the date of this Policy:
| Provider | Location | Transfer mechanism |
|---|---|---|
| Neon | USA | DPF self-certification and/or SCCs (per provider terms) |
| Cloudflare | USA / Global | DPF self-certification and/or SCCs (per provider terms) |
| Polar | Sweden (EU) | Within the EEA — no additional safeguards required. Polar acts as an independent data controller for payment data. |
| Resend | USA | SCCs (per provider terms) |
| Sentry | USA | DPF self-certification and/or SCCs (per provider terms) |
| Vercel | USA | DPF self-certification and/or SCCs (per provider terms) |
| USA | DPF self-certification and/or SCCs (per Google terms) | |
| Upstash | Configurable | SCCs (per provider terms) |
| Inngest | USA | SCCs (per provider terms) |
| OpenAI | USA | DPF self-certification and/or SCCs (per OpenAI's Data Processing Addendum and API terms). |
11. Data retention
We retain your personal data only for as long as necessary to provide our services and fulfil the purposes described in this Policy. Specific retention periods are:
| Data | Retention period | Notes |
|---|---|---|
| Account data, resumes, cover letters, preferences | Until you delete your account | Access is revoked immediately when you confirm deletion. Data is permanently removed through an automated background process, typically within minutes and no later than 24 hours. |
| Profile photos and avatars | Until you delete your account | Deleted from storage (R2) during the account deletion background process |
| Exported PDF files | 7 days | Automatically deleted by a daily cleanup process after the share link expires. Also deleted during account deletion. |
| Session data | 7 days | Sessions expire automatically. All sessions are deleted immediately when you confirm account deletion. |
| Feedback screenshots | Until you delete your account | Deleted from storage (R2) during account deletion, together with your feedback entries. |
| Account deletion feedback | 12 months | Optional exit survey (reason and comment) stored separately from your User Content. Retained for internal analytics after your account is purged, then deleted. |
| Error tracking data (Sentry) | 90 days | Retained by Sentry per their data retention settings. Automatically purged after the configured period. |
| Rate limiting data | Minutes | Stored only for the duration of the rate limiting window (typically 1 minute) and then automatically expires. |
| AI rewrite quota counter | 24 hours (resets at midnight UTC) | A daily usage counter (user ID + count) is stored in Redis (Upstash) to enforce the daily usage limit of 50 rewrites. It expires automatically at midnight UTC. The input text sent to OpenAI is not stored separately by us — if you apply the result, the rewritten text is saved as part of your document (User Content). OpenAI may retain API inputs for up to 30 days per their policy. |
| Cookie consent preference | 12 months | Stored as a cookie on your device. You can reset it at any time via "Cookie settings" in the footer. |
If we are legally required to retain certain data for a longer period (e.g., for tax or accounting purposes), we will retain only the minimum data necessary for the specific legal obligation.
12. Data security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption in transit: All data is transmitted over HTTPS/TLS.
- Password hashing: Passwords are securely hashed before storage — we never store passwords in plain text.
- Secure session cookies: Authentication cookies use the
Secureflag and are transmitted only over HTTPS. - Signed share links: PDF share links are protected with HMAC-SHA256 cryptographic signatures.
- Rate limiting: API endpoints are protected against abuse through request rate limiting.
- Access controls: Administrative access is restricted to authorized personnel only.
While we take all reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. If you believe your account has been compromised, please contact us immediately at contact@circleresume.com.
Data breach notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant data protection authority (ANSPDCP in Romania) within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR.
- Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms, as required by Article 34 of the GDPR.
- Document the breach, its effects, and the remedial actions taken.
We will also comply with any additional breach notification obligations under applicable local laws, including the CCPA/CPRA (California) and UK GDPR.
13. Your privacy rights
Depending on your location, you may have the following rights regarding your personal data. We honour these rights regardless of where you live, to the extent we are able.
If you are in the United Kingdom, you may exercise your UK GDPR rights by contacting us directly at legal@circleresume.com. You may also lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk. We do not currently appoint a separate UK representative.
| Right | Description | Applicable laws |
|---|---|---|
| Right of access | Request a copy of the personal data we hold about you and information about how we process it. | GDPR, UK GDPR, CCPA/CPRA |
| Right to rectification | Request correction of inaccurate or incomplete personal data. You can also update most data directly in your account settings. | GDPR, UK GDPR |
| Right to erasure (deletion) | Request deletion of your personal data. You can delete your account directly from your account settings. Your access is revoked immediately; permanent removal of resumes, cover letters, avatars, exported PDFs, and feedback screenshots is completed through an automated background process, typically within minutes and no later than 24 hours. | GDPR, UK GDPR, CCPA/CPRA |
| Right to data portability | Request your personal data in a structured, commonly used, and machine-readable format, or request that we transfer it to another controller. | GDPR, UK GDPR |
| Right to restrict processing | Request that we limit how we process your personal data in certain circumstances (e.g., while we verify accuracy). | GDPR, UK GDPR |
| Right to object | Object to processing based on our legitimate interests. We will cease processing unless we have compelling legitimate grounds. | GDPR, UK GDPR |
| Right to withdraw consent | Withdraw consent at any time where processing is based on your consent (e.g., analytics). Withdrawal does not affect the lawfulness of prior processing. | GDPR, UK GDPR, CCPA/CPRA |
| Right to opt out of sale/sharing | We do not sell or share your personal data. No opt-out action is required, but you may contact us to confirm. | CCPA/CPRA |
| Right to non-discrimination | We will not discriminate against you for exercising any of your privacy rights (e.g., by denying service, charging different prices, or providing inferior service). | CCPA/CPRA |
| Right to lodge a complaint | You have the right to lodge a complaint with a data protection authority. In Romania, this is the ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal). In the EU/EEA, you may find your local authority. If you are located elsewhere, you may contact your local data protection authority. | GDPR, UK GDPR |
How to exercise your rights
You can exercise your rights by:
- Self-service: Edit or delete your data directly in your account settings, including deleting your entire account. Account deletion closes your access immediately; full data erasure completes shortly thereafter via a background process. You can also download a JSON export of your personal data from account settings — see Personal data export below for details.
- Email: Send a request to contact@circleresume.com with your name, email address, and a description of the right you wish to exercise.
We will respond to your request within 30 days. If we need additional time (up to 60 additional days for complex requests), we will inform you within the initial 30-day period. We may need to verify your identity before fulfilling your request.
Personal data export
From your account settings (Privacy & Data), you can download a machine-readable JSON file containing the personal data we hold about you. This self-service export helps you exercise your right of access and your right to data portability under the GDPR and equivalent laws.
Included in the export:
- Account profile (name, email, email verification status, profile image URL, account creation and update dates)
- Resumes and cover letters (full document content)
- Editor preferences and tutorial settings
- Feedback you have submitted
- Avatar metadata (URLs and ordering — not the image files)
- PDF export job metadata (timestamps, document type, share link status — not the PDF files themselves)
- Subscription summary from Polar (status, product, billing period dates — not payment card details)
- Connected sign-in providers (e.g., Google — provider name and linked account ID only)
Not included in the export:
- Passwords (stored only as secure hashes — never exported or disclosed)
- Session tokens and authentication credentials
- Payment card numbers and full billing details (managed independently by Polar)
- Avatar image files and generated PDF files (metadata and URLs are included; binary files are stored separately)
Exports are limited to one download per hour per account to prevent abuse. The file is delivered as a .json download in your browser. For invoices, payment methods, and full billing records, use the billing portal in your account settings or contact Polar directly.
If the self-service export does not meet your needs, or you need data in a different format, contact us at contact@circleresume.com.
14. Children's privacy
The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal data from children or minors under 18 years of age.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@circleresume.com. We will promptly investigate and delete the data if confirmed. If we learn that we have collected personal data from a person under 18, we will delete that data without undue delay. This is consistent with our obligations under the GDPR (EU), UK GDPR, and other applicable laws. In the United States, the Children's Online Privacy Protection Act (COPPA) applies to children under 13; our Platform is not directed to children under 18 and we do not knowingly collect data from minors.
15. De-identified and aggregate data
We may create de-identified (anonymised) or aggregated data from personal data by removing information that makes the data personally identifiable. Such data is no longer considered personal data under applicable laws.
We may use de-identified data for internal analytics, improving our services, and other lawful business purposes. We commit to maintaining and using such information in de-identified form and will not attempt to re-identify it.
For example, we may look at aggregated onboarding trends — such as which countries users select, how they heard about us, and what goals they choose — to improve CircleResume and understand whether the product is meeting user needs. This is strictly for our own internal use. We do not sell, rent, or share this information with advertisers, data brokers, or any other third party, and we do not use it to build individual advertising profiles about you (see Section 4).
16. Automated decision-making, profiling, and AI features
CircleResume does not use automated decision-making or profiling that produces legal or similarly significant effects on you.
We do not analyse your personal data to create profiles, make predictions about your behaviour, or make automated decisions that affect your access to our services. All decisions regarding your account (such as subscription management) are based on objective criteria (e.g., payment status) and are not the result of automated profiling. This disclosure is made in accordance with Article 22 of the GDPR and equivalent provisions under UK GDPR.
Note on AI rewriting features. The AI rewrite feature available to Pro subscribers is a user-initiated, assistive tool. It does not make any automated decisions about you, your account, or your access to the Platform. It simply generates a suggested rewrite of document text that you have voluntarily selected and submitted. You retain full control over whether to accept, modify, or discard any AI-generated suggestion. No profiling or automated decision-making within the meaning of Article 22 GDPR occurs in connection with this feature.
The third-party AI model provided by OpenAI processes only the text you explicitly submit via the rewrite button. It does not have access to your account information, identity, subscription status, or any other personal data beyond the text of the section being rewritten.
17. Business transfers
If CircleResume is involved in a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your personal data may be transferred as part of that transaction. In such event, we will notify you via email and/or a prominent notice on the Platform before your personal data is transferred and becomes subject to a different privacy policy. The acquiring entity will be required to honour the commitments made in this Policy or obtain your separate consent for any materially different processing.
18. Third-party links
The Platform may contain links to third-party websites, services, or resources that are not owned or controlled by CircleResume (e.g., Polar checkout, Google sign-in). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party service you access through or in connection with the Platform. This Policy applies solely to data collected by CircleResume.
19. Disclosure required by law
We may disclose your personal data if required to do so by law, or if we believe in good faith that such action is necessary to: (a) comply with a legal obligation, court order, or governmental request; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing in connection with the Platform; (d) protect the personal safety of users of the Platform or the public. Where legally permitted, we will make reasonable efforts to notify you before disclosing your data.
20. Do-Not-Track signals
Some browsers include a "Do Not Track" (DNT) feature that sends a signal to websites requesting that your browsing activity not be tracked. Because there is no universally accepted standard for how to respond to DNT signals, we do not currently respond to them. However, our analytics are already consent-based: we do not load analytics technologies unless you explicitly consent via our cookie banner. This means that your privacy preferences are respected regardless of your browser's DNT setting.
21. Additional disclosures for U.S. residents
a) California
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:
- Categories of personal information collected: Identifiers (name, email, IP address), internet activity (page views, browser type), professional information (employment history, education — only as entered by you in your resume), and inferences (none — we do not create profiles or inferences about you).
- Sale of personal information: We do not sell your personal information. We have not sold personal information in the preceding 12 months.
- Sharing for cross-context behavioural advertising: We do not share your personal information for cross-context behavioural advertising.
- Sensitive personal information: We do not intentionally collect sensitive personal information as defined by the CCPA/CPRA. Your resumes may contain information you choose to include; we do not use such information for purposes other than providing the document creation service.
- Shine the Light (Cal. Civ. Code § 1798.83): We do not share personal information with third parties for their direct marketing purposes.
b) Other U.S. states
Several other U.S. states have comprehensive consumer privacy laws, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and Texas (TDPSA), with more taking effect over time. If you are a resident of such a state, you have rights comparable to those described in Section 13 — including the rights to access, correct, and delete your personal data, and to opt out of its sale or of targeted advertising.
As stated in Section 4, we do not sell your personal data, do not share it for targeted or cross-context behavioural advertising, and do not use it for profiling that produces legal or similarly significant effects (see Section 16). You may exercise any of your rights, regardless of your state, using the methods described in Section 13. We do not discriminate against you for exercising these rights. Where your state grants a right to appeal a decision on your request, you may do so by replying to our decision or contacting us at legal@circleresume.com.
22. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. The updated version will be indicated by the "Last updated" date at the top of this page.
If we make material changes that significantly affect how we process your personal data, we will notify you by reasonable means (such as a notice on the Platform or an email to the address associated with your account) before the changes take effect. We encourage you to review this Policy periodically.
23. Contact us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Operator (data controller): Florentin-Cristian Dumitrache, trading as Dumitrache Florentin-Cristian Persoană Fizică Autorizată (PFA)
Address: 188 Iuliu Maniu Boulevard, 061124, Bucharest, Romania
Trade Register: Trade Register of Bucharest (Registrul Comerțului București), registration no. F40/3777/2022
CUI (Tax ID): 46679040
Privacy & data protection inquiries: legal@circleresume.com
General inquiries: contact@circleresume.com
Full company registration details are also available on our Company details page. We aim to resolve all privacy-related inquiries within 30 days of receipt.
7. Social logins
The Platform offers the ability to register and sign in using your Google account. If you choose to do this:
We are not responsible for Google's use of your data. We recommend reviewing Google's Privacy Policy and managing your permissions via your Google Account settings.