Effective 13 July 2026

Privacy and data handling

This notice explains what NextResume handles when you use the service, where that data is processed, and the current limits of the launch-stage privacy controls.

Information you provide

Account, career, and job data

This can include your account email and profile details, uploaded or pasted resume content, employment and education history, job descriptions, gap answers, edits, generated documents, and credit-ledger activity.

How it is used

Operate the tailoring workflow

NextResume uses this data to authenticate your account, import and maintain your career record, match evidence to a role, generate reviewable resume drafts, export files, maintain credits, troubleshoot failures, protect the service, and respond to support requests.

Service providers

Providers used by NextResume

  • Cloudflare — website delivery and network services.
  • Railway — application hosting.
  • Supabase — authentication and data storage.
  • OpenRouter — AI model access and request routing.

These providers may process data to deliver the service under their own terms and policies. The provider list may change as the service evolves.

AI processing

Resume content can be sent to model providers

Relevant resume, job-description, and gap-answer content is sent to an AI service when a workflow requires extraction, matching, refinement, or generation. NextResume does not make a blanket zero-training or zero-retention claim for every third-party provider or downstream model.

Account sessions

Authentication state is stored in your browser

The Supabase client stores session tokens in browser local storage so that you can remain signed in and refresh an active session. Signing out clears the local session.

Current safeguards

Scoped access and private storage

The current implementation uses HTTPS, private storage buckets, user-scoped database policies, authenticated ownership checks, security response headers, and log-field redaction. No online service can guarantee absolute security.

Diagnostics

Operational logs are limited by default

Sensitive credential fields are redacted from application logs. Detailed AI request and response logging is disabled unless debug mode is deliberately enabled for controlled troubleshooting.

Retention and deletion

No automatic expiry is currently enforced

The launch system does not currently enforce an automatic expiry period for account, resume, job, session, or generated-artifact data. Self-service account deletion is also not currently available. To request deletion or ask what data is associated with your account, email customerservice@nextresume.co. NextResume will confirm the request and any data that must be retained for legal, security, or operational reasons.

Contact

Questions or privacy requests

Contact customerservice@nextresume.co. This notice is intended for an Australian-operated service and may be updated when the product, providers, or legal requirements change.