Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

When you interact with our Services, you may voluntarily provide:

• Contact Information: Full name, email address, phone number (optional), and other contact preferences
• Professional Information: Work history, job titles, employment dates, companies, career summaries, and industry details
• Educational Information: Degrees, institutions, graduation dates, certifications, licenses, and academic achievements
• Career Details: Skills, competencies, technical proficiencies, languages, awards, publications, and professional achievements
• Resume Content: Existing resumes, cover letters, portfolio links, projects, case studies, and supporting documents you submit for processing
• Communications: Messages, inquiries, feedback, support requests, testimonials, and any correspondence with our team
• Preferences: Job search preferences, target roles, industry preferences, salary expectations, and customization requests

1.2 Payment and Transaction Information

When you make a purchase, we collect transaction details including order information, service selections, pricing, and payment method type. Payment processing is handled exclusively by Stripe, our PCI-DSS compliant payment processor. We do not directly collect, store, or process credit card numbers, bank account information, or full payment card details on our servers. Stripe provides us with transaction confirmations and limited payment information necessary to fulfill your order and comply with tax obligations.

1.3 Automatically Collected Information

When you access our website or Services, we automatically collect certain technical information:

• Device and Browser Information: Device type, operating system, browser type, version, and device identifiers
• Network Information: IP address, connection type, internet service provider, and approximate geographic location derived from IP
• Browsing Activity: Pages visited, time spent on pages, referring and exit pages, clickstream data, and search queries
• Interaction Data: Links clicked, buttons selected, forms filled, scrolling behavior, and engagement patterns
• Access Logs: Date and time of access, request type, response status, and user actions within the Services

We collect this data through cookies, web beacons, pixels, and similar tracking technologies. This information helps us understand how you interact with our Services, diagnose technical issues, and optimize performance.

1.4 Information From Third-Party Sources

We may receive information about you from third-party service providers, including payment processors (Stripe), cloud infrastructure providers, email service providers, analytics platforms, and marketing partners. We use this information in accordance with their terms and this Policy to improve our Services and provide better support.

2. How We Use Your Information

We process your information for the following purposes:

• Service Delivery: To create, design, optimize, and deliver your custom resume and related professional documents
• Quality Assurance: To perform ATS (Applicant Tracking System) optimization, OCR verification, embedded transcript technology implementation, and quality assurance testing
• Order Management: To process payments, manage your account, track order status, and handle refunds or disputes
• Communication: To respond to inquiries, send service updates, delivery notifications, revision requests, and customer support
• Service Improvement: To analyze usage patterns, gather feedback, and improve our website, Services, workflows, and user experience
• Marketing and Outreach: To send promotional communications, service announcements, and marketing materials where you have consented or where permitted by law
• Legal and Compliance: To comply with laws, regulations, tax obligations, and to establish, exercise, or defend legal claims
• Security and Fraud Prevention: To detect, prevent, and investigate fraud, security breaches, unauthorized access, and other illegal activities
• Analytics and Research: To understand demographics, preferences, and trends to inform product development and business decisions
• Portfolio and Case Studies: With your consent, to use anonymized versions of your work (with all personally identifiable information removed) for marketing, portfolio demonstration, and case studies

2.1 Sensitive Information

Your resume and professional information may contain sensitive details such as employment history, educational background, or demographic information. We treat all such information with appropriate care and only use it as necessary to provide and improve our Services.

3. Legal Bases for Processing

If you are located in a jurisdiction that requires an articulated legal basis for processing personal information (including the European Economic Area, United Kingdom, California, or similar privacy-forward jurisdictions), we rely on the following legal bases:

• Contract Performance: Processing is necessary to perform our contract with you—to provide the Services you've requested
• Consent: You have affirmatively consented to specific processing, including marketing communications or optional features
• Legitimate Interests: We have a legitimate business interest to improve our Services, prevent fraud, and maintain security, balanced against your privacy rights
• Legal Obligation: Processing is required to comply with applicable laws, tax requirements, regulatory obligations, or legal process
• Public Task: Processing is necessary to perform a task in the public interest

You have the right to withdraw consent at any time, which will not affect the lawfulness of processing before the withdrawal.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties for their independent marketing purposes. However, we may share information in the following circumstances:

4.1 Service Providers and Data Processors

We share information with trusted third-party service providers who process data on our behalf under confidentiality agreements and appropriate data processing terms. These include:

• Payment Processing: Stripe Inc. (and its affiliates) for secure payment processing, PCI-DSS compliant
• Cloud Infrastructure: Cloud providers for secure file storage, backup, and infrastructure services
• Email and Communication: Email service providers to send transactional and marketing communications
• Analytics and Tracking: Analytics platforms to measure website performance, user behavior, and service improvements
• Customer Support: Support tools and ticketing systems to manage customer inquiries

All service providers are contractually obligated to use your information only as necessary to provide services to us and must maintain the confidentiality and security of your information.

4.2 Legal Requirements and Protection

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with court orders, subpoenas, warrants, or other legal process
• Enforce our Terms of Service and other agreements
• Protect our rights, privacy, safety, or property
• Protect the rights, privacy, safety, or property of our users or the public
• Detect, prevent, or address technical or security issues
• Prevent fraud or illegal activity

4.3 Business Transfers

If WasDoc is involved in a merger, acquisition, reorganization, bankruptcy, asset sale, or other business transaction, your personal information may be transferred as part of that transaction. We will provide notice of any such change and any choices you may have regarding your information in accordance with applicable law.

4.4 Aggregated and De-identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes.

5. Cookies, Tracking Technologies, and Similar Technologies

5.1 Use of Cookies

We use cookies (small text files stored on your browser) and similar tracking technologies such as web beacons, pixels, and local storage to:

• Remember your preferences and settings
• Understand how you use our Services
• Measure the effectiveness of marketing campaigns
• Prevent fraud and enhance security
• Provide personalized content and recommendations
• Analyze traffic patterns and user behavior

5.2 Cookie Types

• Essential Cookies: Necessary for website functionality and cannot be disabled
• Preference Cookies: Remember your choices and customizations
• Analytics Cookies: Help us understand usage and improve our Services
• Marketing Cookies: Track your interests for targeted advertising (where permitted)

5.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is sent. However, disabling cookies may impair website functionality and limit your ability to use certain features. You may also opt out of specific tracking through your browser's "Do Not Track" settings, though we cannot guarantee all third parties honor this signal.

5.4 Third-Party Analytics

We use analytics tools to understand how visitors interact with our website. These tools may place cookies on your device and collect information about your browsing activity. You can opt out of analytics tracking through the service provider's settings.

6. Data Retention and Deletion

6.1 Retention Periods

We retain personal information for as long as necessary to provide the Services, fulfill the purposes outlined in this Policy, and meet legal or contractual obligations. Specific retention periods include:

• Resume Files and Project Content: Retained for up to 2 years following service completion, then securely deleted unless you request extended retention or we are required to retain by law
• Account Information: Retained while your account is active and for a reasonable period afterward for record-keeping and legal compliance
• Transaction Records: Retained per tax and accounting requirements, typically 3-7 years depending on jurisdiction
• Support Communications: Retained for the duration of the support relationship plus a reasonable period for reference
• Analytics Data: Generally retained for 12-24 months
• Marketing Communications: Retained until you opt out or request deletion

6.2 Deletion and Anonymization

Upon retention period expiry or at your request, we securely delete or anonymize your information in a manner that prevents re-identification. If deletion is not possible due to legal obligations, we will securely store and isolate your information from further processing.

7. Data Security

7.1 Security Measures

We implement industry-standard administrative, technical, and physical safeguards to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: SSL/TLS encryption for data in transit and encryption at rest for stored data
• Access Controls: Restricted access to personal information on a need-to-know basis with authentication and authorization controls
• Monitoring: Continuous monitoring and logging of access to detect suspicious activity
• Security Reviews: Regular security assessments, penetration testing, and vulnerability scanning
• Data Minimization: We collect only the information necessary to provide our Services
• Secure Development: Secure coding practices and vulnerability management in our development lifecycle
• Employee Training: Privacy and security training for employees with access to personal information

7.2 Limitations

No method of transmission over the internet or electronic storage is completely secure. While we implement robust security measures, we cannot guarantee absolute security. You assume some risk in using our Services. We encourage you to use strong passwords and to not share your account credentials.

7.3 Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected individuals in accordance with applicable law. Notification will be made without unreasonable delay and will include information about the breach, steps we are taking to address it, and how you can protect yourself.

8. Your Privacy Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. We are committed to honoring all applicable privacy rights.

8.1 Rights Available to All Users

• Access: You can request access to the personal information we hold about you
• Correction: You can request that we correct inaccurate or incomplete information
• Opt-Out of Marketing: You can opt out of promotional emails and marketing communications at any time by clicking the unsubscribe link or contacting us
• Portfolio Removal: You can request that we remove your work from our portfolio or case studies

8.2 GDPR Rights (European Residents)

If you are a resident of the European Economic Area or United Kingdom, you have the following rights:

• Right to Access: Obtain a copy of your personal information and details about how we process it
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to Be Forgotten"): Request deletion of your information, subject to legal retention obligations
• Right to Restrict Processing: Request that we limit processing of your information
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller
• Right to Object: Object to processing for marketing, profiling, or legitimate interest purposes
• Right to Lodge a Complaint: File a complaint with your local data protection authority

8.3 California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have the following rights:

• Right to Know: Request what personal information we collect, use, and share
• Right to Delete: Request deletion of personal information collected from you, subject to exceptions
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Use: Limit our use of sensitive personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

8.4 Other U.S. State Privacy Rights

Similar privacy rights are available to residents of other U.S. states including Virginia, Colorado, Connecticut, Utah, and others that have enacted privacy legislation. These rights generally include access, deletion, correction, and opt-out rights. We will honor your requests in accordance with applicable law.

8.5 How to Submit Requests

To exercise your privacy rights, please submit a written request to us at [email protected] with:

• Your full name and email address
• A clear description of your request and the rights you wish to exercise
• Sufficient information to identify your account or transaction

We will verify your identity before processing your request. Verification may include confirming your email address, account information, or other details. You may also authorize an agent to submit requests on your behalf.

We will respond to verified requests within the timeframe required by applicable law (typically 30-45 days) at no cost. If we cannot fulfill your request, we will explain the reasons.

9. International Data Transfers

Your information may be processed and stored in countries other than your country of residence, which may have data protection laws different from your home country. When we transfer information internationally, we implement appropriate safeguards such as:

• Standard contractual clauses approved by the European Commission
• Your explicit consent to the transfer
• Recipient adequacy decisions
• Appropriate security and confidentiality measures

By using our Services, you consent to the transfer of your information to countries outside your country of residence, including the United States, which may not have the same level of data protection.

10. Third-Party Links and Services

Our website and Services may contain links to third-party websites, applications, and services that are not operated by WasDoc. This Policy applies only to information we collect directly. We are not responsible for the privacy practices of third-party sites or services, even if they are linked from our website.

We encourage you to review the privacy policies of any third-party services before providing your personal information. Your use of third-party sites is subject to their terms and policies, not ours.

11. Children's Privacy

Our Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will promptly delete such information and terminate the child's account or participation.

If you believe a child has provided us with information, please contact us immediately at [email protected].

12. Do Not Track Signals

Some browsers include a "Do Not Track" feature. Currently, there is no industry standard for how websites should respond to Do Not Track signals. While we honor Do Not Track signals where technically feasible, we cannot guarantee all third-party partners will respect this setting. You can typically modify your browser settings to control cookies and tracking.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Policy on our website with an updated "Last updated" date at the top.

Material changes that significantly affect how we handle your information will be communicated to you via email or prominent notice on our website. Your continued use of our Services following the posting of changes constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Policy periodically to stay informed about how we protect your privacy.