Legal

Privacy Policy

Last updated: 14 June 2026  ·  Effective date: 4 May 2026

rsme.ai (“we”, “us”, “our”) is operated by paragraph, based in Sydney, NSW, Australia. This policy explains how we collect, use, store, and disclose your personal information. We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), and where applicable, the EU and UK General Data Protection Regulation (GDPR).

1. What we collect

When you use rsme.ai, we collect:

  • Account information via Google Sign-In: name, email address, profile photo, and Google account ID
  • Resume content you enter — work experience, descriptions, job titles, bullet points, and any other details you choose to add
  • Job descriptions you paste or import for tailoring (note: these may contain third-party personal information such as recruiter names or company contacts; you are responsible for ensuring you have the right to share this information with us)
  • Voice audio — if you use the optional voice transcription feature, your spoken audio is streamed in real time from your browser to Google’s speech recognition servers via the browser’s built-in Web Speech API. We do not receive or store the audio itself; only the resulting text transcript is returned to us and saved as part of your resume content. Use of this feature is entirely optional.
  • Usage data — features you use, session timestamps, and token consumption per session
  • Technical data — IP address, browser type, device information, and authentication tokens stored as cookies or in local storage to keep you signed in
  • Analytics data — aggregated, anonymised usage data collected via Vercel Analytics

We do not collect payment information directly. Billing is handled by Stripe, which has its own privacy policy.

2. How we use it

Your data is used to:

  • Operate and personalise the rsme.ai service
  • Generate AI-tailored resume bullets using Anthropic's Claude API
  • Store your resume library so you can access it across devices
  • Track monthly token usage to enforce plan limits
  • Authenticate you and secure your account
  • Improve the product through aggregated, anonymised analytics
  • Communicate with you about service updates, security issues, or account matters

Legal basis (GDPR users): We process your data on the basis of (a) the contract between us when you use the service, (b) your consent for optional features like analytics, and (c) our legitimate interests in operating and improving the service.

We do not sell your data. We do not use your resume content to train AI models. Anthropic does not train on data submitted via their commercial API, per their terms of service.

3. Third-party services and overseas disclosure

rsme.ai uses the following third-party processors. By using our service, you consent to your data being transferred to and processed in the countries listed:

  • Firebase / Google Cloud (United States and other regions) — authentication, database (Firestore), and hosting
  • Anthropic (United States) — AI language model API for bullet generation. Data sent to the API is processed for the duration of the request and is not retained by Anthropic beyond standard operational logs (currently 30 days, per Anthropic’s policies)
  • Vercel (United States) — hosting and serverless functions
  • Stripe (United States) — payment processing
  • Google Web Speech API (United States) — browser-based speech recognition used for the optional voice transcription feature. When you activate voice input, audio is streamed directly from your browser to Google’s servers for processing; we do not receive or retain the audio. Google’s use of this data is governed by Google’s Privacy Policy. This feature is only available in supported browsers (Chrome and Edge) and is never activated without your explicit action.

Each service has its own privacy policy. We take reasonable steps to ensure these providers handle your data in line with the APPs and GDPR, including by relying on Standard Contractual Clauses where required.

4. Cookies and local storage

We use essential cookies and browser local storage to keep you signed in and to remember your preferences. We do not use advertising or tracking cookies. You can clear these at any time via your browser settings, though doing so will sign you out.

5. Data retention

  • Active accounts: We retain your account and resume library for as long as your account is active.
  • Account deletion: You can delete your account and associated data at any time via the contact page. We will action deletion requests within 30 days.
  • Backups: Deleted data may persist in encrypted backups for up to 90 days before being permanently removed.
  • Logs: Security and operational logs may be retained for up to 12 months for fraud prevention and debugging.
  • Legal obligations: We may retain certain data longer where required by law.

6. Security

Data is stored in Firebase Firestore with row-level security rules — only the authenticated account owner can read or write their own data. All data is transmitted over HTTPS. We follow industry-standard practices to protect your information, but no system is completely secure. If we become aware of a data breach that is likely to result in serious harm, we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

7. Your rights

Depending on your location, you have the right to:

  • Access the personal information we hold about you
  • Correct any information that is inaccurate or incomplete
  • Delete your account and personal information
  • Export your data in a portable format
  • Withdraw consent for optional processing (such as analytics)
  • Object to certain types of processing
  • Lodge a complaint with a supervisory authority — the OAIC (oaic.gov.au) for Australian users, or your local data protection authority in the EU/UK

To exercise these rights, contact us at the details below. We will respond within 30 days.

8. Children

rsme.ai is not directed at children under 16 and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or via an in-app notice before the changes take effect. The “last updated” date at the top reflects the most recent revision.

10. Contact

Questions, requests, or complaints about this policy can be sent to:

If you are not satisfied with our response, you can lodge a complaint with the OAIC at oaic.gov.au.

TermsContact← Home