Back to Home

Privacy Policy

Introduction

Welcome to RoastMyCV ("we," "us," or "our"), accessible at roastmycv.in. Your privacy is critically important to us. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have — whether you use our service as a guest or as a signed-in user.

1. What data we collect

a) Guest users (no sign-in)

  • Resume Text: The resume content you paste or upload is sent to our AI engine for processing. For guest users, this text is processed on the fly and is not stored on our servers after your session ends.
  • Payment Information: Handled entirely by our secure payment provider, Razorpay. We never see or store your card details, bank account numbers, or UPI PINs.
  • Country/Region: We use a third-party IP geolocation service (ipapi.co) to detect your approximate country so we can display the correct currency (INR or USD). Only the country code is used; we do not store your IP address.

b) Signed-in users (Google Sign-In via Firebase)

When you choose to sign in with your Google account, we additionally collect and store:

  • Google Profile Information: Your display name, email address, and profile photo URL as provided by Google during authentication.
  • Firebase User ID: A unique identifier assigned by Firebase Authentication to manage your account.
  • Resume Roast History: If you are signed in, your roast results — including ATS score, verdict, missing keywords, the AI roast text, your target role/company, experience level, the rewritten resume, and generated cover letter — are saved to our database (Google Cloud Firestore) under your account so you can access your history across sessions.

Signing in is entirely optional. The core roast feature works fully without an account.

2. How we use your data

  • To generate your AI resume roast, professional resume rewrite, and tailored cover letter.
  • To process secure payments for our premium services via Razorpay.
  • To save and display your roast history if you are signed in.
  • To detect your country for currency localisation.
  • To analyze anonymised platform usage and improve the service experience.
  • To monitor site performance, stability, and user experience via analytics tools.

3. Data retention

  • Guest users: Resume text is processed in real time and is not stored after the response is delivered. We do not maintain a database of guest resumes.
  • Signed-in users: Your roast history is retained in Firestore for as long as your account is active, so you can review past results at any time. You may delete individual entries from your history at any time, or request full account and data deletion (see "Your Rights" below).
  • Payment records: Transaction records are retained by Razorpay per their own data retention policies.

4. Third-party services

We rely on the following trusted third-party services to deliver and improve our platform. Each has its own privacy policy governing how it handles data:

  • Google Gemini API: For AI-powered resume analysis, rewriting, and cover letter generation. Resume text is sent to Google's API for processing.
  • Firebase Authentication (Google): For secure sign-in via your Google account. Managed by Google; see Firebase Privacy Policy.
  • Google Cloud Firestore: For storing signed-in users' roast history. Data is hosted on Google Cloud infrastructure.
  • Razorpay: For secure payment processing. See Razorpay Privacy Policy.
  • Vercel: For website hosting, serverless functions, and basic web analytics.
  • Vercel Speed Insights: For monitoring real-user page performance metrics (anonymised).
  • Microsoft Clarity: For session recordings, heatmaps, and behavioural analytics to help us understand how users interact with our site and identify usability issues. Clarity may collect device info, browser type, and interaction data. See Microsoft Clarity Privacy.
  • ipapi.co: For IP-based country detection to display correct currency. Only the country code is used.
  • Upstash: For rate limiting to keep the service stable and prevent abuse.

5. Cookies & local storage

  • Firebase Auth tokens: Stored in your browser to maintain your sign-in session.
  • Country code cache: Your detected country code is saved in localStorage to avoid repeated geolocation lookups.
  • Guest roast history: If you are not signed in, your roast results may be stored temporarily in your browser's localStorage for convenience.
  • Microsoft Clarity cookies: Used by Clarity to track anonymous session and user behaviour for analytics purposes.
  • Vercel Analytics cookies: Minimal, anonymised cookies for web analytics.

We do not use advertising or cross-site tracking cookies.

6. International data transfers

Some of our third-party service providers (Google/Firebase, Vercel, Microsoft Clarity) may process or store data on servers located outside of India. By using our service, you acknowledge that your data may be transferred to, and processed in, countries other than your own. These providers maintain industry-standard security and privacy practices.

7. Data security

We implement reasonable technical and organisational measures to protect your personal data, including encrypted connections (HTTPS/TLS), Firebase Security Rules to restrict database access to authenticated users, and secure API key management. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Delete individual roast entries from your history via the dashboard.
  • Request full account deletion — including all stored roast history and profile data — by emailing us at the address below.
  • Withdraw consent to data processing at any time by signing out and requesting deletion.
  • Lodge a complaint with a supervisory authority if you believe your data rights have been violated.

Our data practices are designed to comply with the General Data Protection Regulation (GDPR) for EU/EEA users and India's Digital Personal Data Protection Act, 2023 (DPDP Act).

9. Children's privacy

Our service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a minor has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the bottom of this page indicates when the policy was last revised. We encourage you to review this page periodically.

11. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: kaushikpranav265@gmail.com.

Last updated: May 2026