Privacy Policy

The data controller responsible for processing your personal data is:

• Owner: Toni Sort
• Registered Address: Barcelona, Spain
• Privacy Contact: privacy@rezum.io

All information you add to Rezum.io remains under your control. The platform is designed so you can decide what stays private and what you want to share.

• Preferences & sensitive data: Key data points such as salary expectations, availability, or location preferences are private by default. You decide if and when to share them.
• Human access: Resume processing is automated.Rezum.io staff access personal data only when you explicitly request support or when strictly required for security.

We use advanced AI technologies to structure your experience and improve relevance across resume and matching flows, in a controlled environment.

• Secure processing: We use leading third-party language models through private API connections.
• Training protection: Your data is not used to train public AI models. Processing is limited to generating resume content, analyzing your profile, and supporting relevant opportunity matching inside the platform.
• Vector representations: We use semantic vectors (including pgvector-based similarity) as mathematical representations of your experience to improve matching precision.

We process your data on the following legal bases:

• Contract performance: To provide our core service, including resume structuring, project workflows, and profile management.
• Explicit consent: For AI-assisted analysis of your content and for non-transactional communications.
• Legitimate interest: To secure the infrastructure, prevent fraud, and diagnose technical issues.

To provide a high-availability and high-performance service, we rely on industry-standard infrastructure providers, including database, hosting, transactional email, and AI services.

When providers process data outside the European Economic Area (EEA), we require appropriate GDPR safeguards, including Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.

We keep your data only while your account remains active and as needed to provide the service.

• Immediate deletion: When you use the "Delete Account" feature, personal account data is permanently deleted from our primary database.
• Quota Persistence: To prevent quota abuse and ensure fair platform usage, we retain an irreversible, salted cryptographic hash of your email and its usage history after account deletion. This non-identifiable data is used solely to restore usage balances if you register again with the same base email.
• Backups: Data is removed from encrypted backups automatically within 30 days of your request.
• Technical logs: Security and maintenance logs are periodically purged, typically within 7 to 30 days.

Rezum.io does not monetize your attention. We use the minimum required technical cookies to keep sessions secure and active.

• Strictly necessary cookies: Used for secure authentication and core platform functionality.
• Product analytics: We use PostHog to understand product usage patterns and improve important flows (for example, resume creation and editing experience).
• Your choice: Analytics capture is disabled by default. We enable it only after explicit consent through the cookie banner. If you reject, the platform continues in a no-analytics mode.

Under GDPR, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data (right to be forgotten).
• Request portability of your data in a structured format.
• Object to or restrict specific processing activities.

To exercise any of these rights, or for any privacy question, contact privacy@rezum.io. We respond to valid requests within 30 days.