Last updated: April 2026
1. Overview
RoleOn ("we", "us", "our") provides a service that helps users generate tailored resumes and cover letters.
We are committed to protecting your personal data and handling it responsibly in accordance with applicable data protection laws, including GDPR.
2. Data We Collect
We collect and process the following types of data:
Account Information
- Email address (via Clerk authentication)
User Content
- Resume data
- Job descriptions
- Generated outputs (tailored resumes, cover letters)
Technical Data
- IP address
- Device and browser information
- Usage data (e.g., pages visited, features used, interaction events)
- Basic logs for security and debugging
3. How We Use Your Data
We use your data to:
- Provide and operate the service
- Generate tailored resumes and cover letters
- Store and manage your documents
- Send requested emails (e.g., generated results)
- Improve system reliability and performance
- Ensure security and prevent abuse
- Analyze usage to improve product functionality and user experience
4. Data Storage and Control
- Your data is stored securely in our database (via Supabase).
- Access is restricted using row-level security (RLS).
- You have full control over your data:
- You can delete individual items at any time
- You can use "Delete all my data" to permanently remove everything
5. AI Processing
To generate tailored resumes and cover letters, your input data (such as resume content and job descriptions) is sent to OpenAI for processing.
We only share the minimum data necessary to generate results. This data is processed in accordance with OpenAI's policies and applicable data protection laws.
We do not use your data to train our own models.
Analytics
We use PostHog to understand how users interact with the service, such as which features are used and how the application performs.
This helps us improve the product and identify issues. We do not use analytics data for advertising or cross-site tracking.
6. Third-Party Services
We use trusted third-party service providers to operate and deliver our service. These providers process data on our behalf only as necessary.
These include:
- Stripe - payment processing and subscriptions
- Supabase - database and secure storage
- Clerk - authentication and account management
- OpenAI - AI processing
- Resend - email delivery
- Vercel - frontend hosting
- Render - backend hosting
- PostHog – product analytics and usage tracking
These providers may process personal data according to their own privacy policies and applicable laws.
7. Payments
If you purchase a subscription or paid feature, payments are processed securely by Stripe.
We do not store full payment details such as credit card numbers. Payment data is handled directly by Stripe.
8. Email Communications
If you choose to send generated results via email, we use Resend to deliver these messages.
Your email address and selected content are processed solely for this purpose.
9. Data Retention
We retain your data until:
- You delete it manually, or
- You request full deletion
Once deleted, your data is permanently removed from our systems (subject to limited backup retention).
10. Your Rights (GDPR)
If you are located in the European Union, you have the right to:
- Access your data
- Correct inaccurate data
- Delete your data
- Restrict processing
- Object to processing
- Request data portability
To exercise these rights, contact us at:
We typically respond within 7 days.
11. Security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or misuse.
12. Changes
We may update this Privacy Policy from time to time. Updates will be posted on this page.
13. Contact
For privacy-related questions or requests: