Privacy Policy

Last updated: 2026-07-08

This Privacy Policy explains how Penny Resume collects, uses, and shares your information when you use pennyresume.com and the Penny Resume Chrome extension.

1. Information we collect

Information you give us

  • Account: email address, and, if you sign in with Google, your Google account name and profile photo.
  • Profile: your name, contact details (phone, location, links), and the background text you paste during onboarding. You control what to include; the more you include, the better your resumes.
  • Payments: Stripe processes your payment. We store the Stripe charge ID and pack metadata (size, price, timestamp). We do not store your card number, CVV, or expiration date.
  • Job postings you submit: when you click "Generate" on a job page, the extension sends the visible page text (or the extracted job description) to our backend for tailoring.

Information collected automatically

  • Usage: generation timestamps, model chosen, tokens spent, and the URL of the job page.
  • Logs: minimal server logs (IP, user agent, request path) retained up to 30 days for abuse prevention and debugging.
  • Cookies: a single session cookie for authentication. We do not use third-party advertising cookies. We do not use analytics cookies without your consent.

2. How we use your information

  • To generate tailored resumes on your request.
  • To bill you and prevent abuse of paid features.
  • To send transactional email (verification codes, receipts, account notices).
  • To improve the Service — in aggregate, non-personally-identifiable form.

We do not train large language models on your data. When we send your profile and a job posting to our model provider (Anthropic), the request is subject to Anthropic's zero-retention API terms and is not used to improve their models.

3. Data retention

  • Generated resume PDFs: 30 days. After 30 days, the PDF file is permanently deleted from our storage. The generation record (timestamp, model, tokens) is kept longer for billing and abuse-prevention purposes.
  • Profile data: retained while your account is active and for up to 30 days after account deletion, then deleted.
  • Payment records: retained for 7 years to comply with tax and financial regulations.
  • Server logs: up to 30 days.

4. Sharing

We share the minimum data necessary with these processors:

  • Anthropic — LLM inference. Your profile and the job posting text you submit are sent per request. Subject to Anthropic's API terms with zero data retention.
  • Stripe — payment processing.
  • Vercel and Railway — hosting our frontend and backend respectively.
  • Neon (or successor) — database hosting.
  • Resend (or successor) — transactional email delivery.
  • Google — if you sign in with Google.

We do not sell your personal information. We do not share it with advertisers or data brokers.

5. Your rights

  • Access: download a copy of your profile and generation history from your dashboard.
  • Deletion: delete your account and all associated data from your dashboard. Deletion is permanent and takes effect within 30 days.
  • Correction: update your profile from the dashboard at any time.
  • Portability: your background text is stored and returnable in the same format you provided.

California residents have additional rights under the CCPA including the right to know, delete, and non-discrimination. EU/UK residents have rights under GDPR/UK GDPR. To exercise any of these rights beyond the self-service dashboard, email privacy@pennyresume.com.

6. Chrome extension specifics

  • The extension uses the activeTab permission — it can read the page you're currently on only when you click the extension icon. It does not read any page unless you press the button.
  • The extension does not read your browsing history, tabs you haven't clicked into, form data, passwords, or session cookies from other sites.
  • The extension does not track or log where you browse.
  • The storage permission is used only to remember your session token and last-used model/style choice.
  • The downloads permission is used only to save the generated PDF you asked for.

7. Children

The Service is not intended for children under 16. We do not knowingly collect data from children.

8. Security

We encrypt data in transit (HTTPS) and at rest (database and object storage). Session tokens are stored as hashes. Payments are processed by PCI-DSS-compliant Stripe. We do not store card numbers, CVVs, or expiration dates.

9. International transfers

Our infrastructure is in the United States. If you are located outside the US, your data will be transferred to and processed in the US.

10. Changes to this Policy

We will notify you of material changes by email at least seven (7) days before they take effect and post the updated policy at this URL.

11. Contact

Privacy questions or data subject requests: privacy@pennyresume.com.