rezm.ai

Legal

Privacy Policy

Last updated: April 28, 2026

rezm.ai ("rezm.ai", "we", "us") builds tools that help professionals create a secure online resume profile and apply to jobs more efficiently. This policy explains what personal data we collect, why we collect it, how it is stored and shared, and the rights you have over it. It applies to:

  • The rezm.ai website and dashboard at rezm.ai and *.rezm.ai subdomains.
  • The rezm.ai — Smart Apply browser extension distributed through the Chrome Web Store.
  • Our public APIs used by the extension and any official integrations.

In short

  • We collect only the data we need to run the product you signed up for.
  • We do not sell your personal data, ever.
  • We do not show ads and do not share your data with advertisers.
  • We use product analytics (PostHog) to understand how rezm.ai is used. These cookies only load after you click Accept in the consent banner; we never share this data with advertisers and do not track you across the web.
  • You can export or delete your data at any time from the dashboard or by emailing privacy@rezm.ai.

1. Data we collect

1.1 Account information

When you create an account we collect your email address and a hashed password (or, if you sign in via a social provider, the basic profile fields that provider returns: name, email, avatar URL). We also store your chosen subdomain and account preferences.

1.2 Profile content you provide

To build your resume profile and fill applications, you provide information such as your full name, contact details (email, phone, mailing address), professional history (job titles, employers, dates, descriptions), education, skills, links to your LinkedIn or portfolio, work-authorization status, and any optional EEO (Equal Employment Opportunity) self-identification fields. You control which fields to add and which to make public.

1.3 Resume files and uploads

PDFs, images (avatar, project covers), and any other files you upload are stored in our managed object storage and served only to you, to people you share with, and — when you click Smart Apply — to the application page you are filling.

1.4 Job application activity

When you use Smart Apply (in the dashboard or the browser extension), we collect:

  • The URL and title of the job posting page you are applying on.
  • The job description text scraped from that page, used by our AI to generate a tailored resume variant and draft answers to long-form questions.
  • Records of which jobs you saved, applied to, or asked us to track — including the AI-generated resume variant and answer drafts.

1.5 Authentication tokens (extension)

The Smart Apply extension stores a short-lived rezm.ai bearer token in chrome.storage.localon your device after you sign in. The token, your email, and the token's expiration timestamp are the only values stored locally by the extension. Clicking "Disconnect" in the extension popup deletes them.

1.6 Visitor analytics on your public profile

When someone visits your public profile at yourname.rezm.ai, we record an aggregate, cookie-free page view: the timestamp, country (derived from IP and immediately discarded), referrer, and rough device class. We do not place tracking cookies, do not fingerprint visitors, and do not share this data with third parties. Visitor IP addresses are hashed before storage and used only for de-duplicating views and rate-limiting.

1.7 Communications you send through the platform

If you have a paid plan that includes platform email or a platform phone number, messages sent to those endpoints are stored so we can deliver them to you. We do not read this content for marketing or training purposes.

1.8 Technical and security logs

Our servers retain short-lived request logs (IP address, user agent, timestamp, request path, response code) for security, abuse prevention, and debugging. These logs are deleted on a rolling basis (typically within 30 days).

1.9 Payment information

Subscription payments are processed by Stripe. We never see or store your full card number. We do receive metadata necessary to operate your subscription: the last 4 digits, card brand, billing country, and the Stripe customer/subscription IDs.

2. How we use your data

  • Provide the product. Render your profile, fill out applications, generate AI-tailored resumes, send messages through your platform email or phone number, export PDFs.
  • Account management. Authenticate you, send transactional emails (password resets, billing receipts, security alerts), and respond to support requests.
  • AI features. Send the relevant subset of your profile and the job description to our AI provider so it can generate a tailored resume variant or draft answers. We do not allow our AI providers to train models on your data — see Section 5.
  • Improve the product. Aggregate metrics about feature usage so we know what to build next. When you accept cookies, this includes PostHog product analytics events keyed to an anonymous distinct ID (and, if you are signed in, to your account ID). We do not use your resume content for product analytics.
  • Security and abuse prevention. Detect fraud, rate limit, and investigate policy violations.
  • Legal compliance. Comply with applicable laws, respond to lawful requests, and enforce our Terms.

We do not use your data to determine creditworthiness, for lending decisions, or for advertising.

3. Smart Apply extension — what it does and does not do

The Smart Apply extension is a Manifest V3 Chrome extension. Its single purpose is to help you fill out job applications using your rezm.ai profile.

  • The content script is registered to run on all sites because job applications live on thousands of different domains and ATS providers; we cannot enumerate them in advance.
  • On a given page the extension performs no workuntil you explicitly click Auto-Fill, Smart Tailor & Fill, AI Answer Remaining Questions, or Track This Job in the popup — or open a URL we generated containing the rezm_auto_apply parameter.
  • When you click one of those actions, the extension reads the URL and visible text of the active tab and sends it to https://*.rezm.ai/* over HTTPS to fetch profile fields, generate a tailored resume, or draft answers.
  • The extension does not read or transmit data from tabs you are not actively interacting with. It does not log keystrokes, mouse movements, or page content unrelated to job applications.
  • The extension does not run remote code: all of its JavaScript is included in the published package; nothing is loaded via eval, dynamic import() of remote URLs, or external <script> tags.

4. When we share data

We share personal data only in the following limited situations:

  • With you. Your public profile is visible to anyone who visits its URL. You decide which sections are public.
  • With the application page you are filling.When you click Auto-Fill or Smart Tailor & Fill, the extension writes profile fields into the form on the page in front of you. You always review the page and click the site's own Submit button — submission is never automated.
  • Service providers (sub-processors). We use vetted vendors who process data on our behalf under contractual confidentiality and security obligations. Current sub-processors include:
    • Supabase — managed Postgres database and authentication.
    • Vercel — application hosting.
    • Anthropic and OpenAI — AI inference for resume tailoring and answer drafting. Data is sent through their API endpoints under terms that prohibit training on our customers' data.
    • Stripe — subscription billing and payment processing.
    • Resend — transactional email delivery.
    • Twilio — phone and SMS routing for paid platform numbers.
    • Cloudflare — DNS, CDN, and DDoS protection.
    • PostHog — product analytics. Only receives data after you accept cookies.
  • Legal requests. We will disclose data when required by valid legal process, or when we believe in good faith that disclosure is necessary to protect rights, safety, or property.
  • Business transfers. If rezm.ai is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. You will be notified before your data becomes subject to a different privacy policy.

We do not sell personal data and do not share personal data for cross-context behavioral advertising (as those terms are defined under the CCPA/CPRA).

5. AI processing

When you use AI features (Smart Tailor & Fill, AI Answer Remaining Questions, AI Resume Review), we send the relevant subset of your profile and the job description to our AI providers. We use their API products under terms that:

  • Forbid the provider from training models on inputs or outputs.
  • Limit retention of inputs and outputs for abuse monitoring only (typically 30 days or less).
  • Process data in regions covered by appropriate transfer mechanisms.

6. Where data is stored and how it is protected

Data is stored in the United States and the European Union depending on the service. All traffic between you and rezm.ai is encrypted in transit with TLS 1.2 or higher. Data at rest is encrypted using the standard encryption provided by our cloud providers. Access to production data is restricted to a small number of staff and is logged.

7. Data retention

  • Account and profile data: retained while your account is active, and for up to 30 days after deletion to allow recovery, then permanently deleted.
  • Resume variants and job application records: retained while your account is active. You can delete individual items at any time.
  • Server access logs: rolling deletion within 30 days.
  • Billing records: retained for the period required by tax and accounting law (typically 7 years).
  • Extension local storage: deleted whenever you click "Disconnect" in the popup or uninstall the extension.

8. Your rights

Depending on where you live, you may have rights under laws such as GDPR (EU/UK), CCPA/CPRA (California), and similar state and national privacy laws, including the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data.
  • Receive a copy of your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent (where processing is based on consent).
  • Lodge a complaint with your local data protection authority.

You can exercise most of these rights directly from the dashboard (Settings → Account → Export / Delete). You may also email privacy@rezm.ai and we will respond within 30 days.

9. Cookies and similar technologies

rezm.ai uses two categories of cookies and local storage:

  • Strictly necessary. Authentication cookies that keep you signed in, your theme preference, and the cookie-consent choice itself. These load without consent because the product cannot function without them.
  • Product analytics (PostHog). When you click Accept in our cookie banner, we load PostHog, which sets first-party cookies and uses local storage to assign you an anonymous distinct ID, capture pageviews and clicks, and — once you sign in — associate that ID with your account so we can debug issues and improve the product. If you click Reject, or close the banner without choosing, PostHog is not loaded and no analytics cookies are set. You can change your choice at any time by clearing rezm.ai site data in your browser; the banner will reappear on your next visit.

We do not use third-party advertising cookies and do not allow our analytics provider to share your data with advertisers.

10. Children

rezm.ai is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. International transfers

If you access rezm.ai from outside the country where our servers are located, your data will be transferred to, processed, and stored in that country. For transfers from the EEA, UK, and Switzerland we rely on Standard Contractual Clauses or other approved mechanisms.

12. Changes to this policy

We will update this policy when our practices change. The "Last updated" date at the top reflects the most recent revision. For material changes we will notify you by email or through an in-product notice before the change takes effect.

13. Contact us

Questions, requests, or complaints? Email privacy@rezm.ai. We aim to respond within five business days.