Privacy Policy for PatchMyResume
Last Updated: October 20, 2025
This Privacy Policy for PatchMyResume (the "Service") explains how we collect, use, and protect your information. We are committed to transparency and ensuring the security of the data you entrust to us, especially your resume details and API keys.
1. Data Collection and Usage
We collect information strictly necessary to provide the resume tailoring service.
A. Information You Provide and Store
| Data Type | Purpose of Collection | Retention |
|---|
| User Account Data | To authenticate and maintain a secure user session via NextAuth and Appwrite. | Retained for the duration of your account. |
| User Resume Data | To generate, store, and modify your structured resume content for the tailoring process. | Stored securely in the Appwrite DB until you delete it. |
| Google Gemini API Key | To access the Gemini AI service and perform tailoring requests on your behalf (see Security below). | Stored hashed in the Appwrite DB. |
B. Data Not Collected or Stored
The Service is designed to minimize data retention. The following sensitive data is never stored on our servers:
- Job Description: Used as input for a single, immediate AI tailoring request. It is processed in temporary state memory for the AI request and then discarded.
- AI Suggestions: Temporary suggestions generated by the AI are discarded after you make your selection or navigate away.
- Final PDF Resume: The PDF is generated client-side (in your browser) and downloaded directly to your local device. We do not store a copy of your final resume.
2. How Your Data is Handled and Secured
We prioritize the security and privacy of sensitive information.
A. API Key Protection
- Your Gemini API key is immediately hashed using cryptographic functions before being stored in the Appwrite DB.
- The key is only used server-side to make direct, authenticated calls to the Gemini API, ensuring it never leaves the server-side logic in an unencrypted state.
- You control the usage and costs associated with your API key, as it is solely provided by and belongs to you.
B. AI Processing and Data Flow
The AI tailoring process is a direct interaction: Your Resume Data and the Job Description are securely transmitted to the Google Gemini API to fulfill the request you initiated, and the results are presented directly back to you. The request data is not retained after the transaction is complete.
3. Data Sharing and Disclosure
We do not sell or rent your personal or resume data to third parties.
Your data is shared only under the following strictly necessary circumstances:
- AI Service (Google Gemini): Sharing your Resume Data and Job Description is necessary to fulfill the tailoring service you explicitly request.
- Service Providers (Appwrite): Used for secure storage of your account and structured resume data.
- Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to comply with legal processes or protect the rights and safety of the Service or its users.
4. Your Rights and Choices
- Access and Modification: You can access and update your resume data and API key information at any time through your user dashboard.
- Data Deletion: You can delete your account and all associated data, including your stored Resume Data and Hashed API Key, by following the deletion process within the application settings.
5. Contact Information
If you have any questions about this Privacy Policy, please contact the project maintainers through the provided channels on the main project repository.
