Privacy policy
Last updated: 2026-05-28
What we collect
- Account email, via Clerk, when you sign up.
- The resume PDF you upload.
- The parsed JSON we extract from that PDF.
- An audit log of writes against your account.
How we store it
- Resume PDFs live in AWS S3 (ap-south-1) with server-side encryption (SSE-S3) at rest.
- Parsed JSON, score breakdowns, and account metadata live in AWS RDS Postgres (ap-south-1), encrypted at rest.
- Presigned upload URLs expire five minutes after we issue them.
Who can access it
- You, via your authenticated session.
- ScorAxis engineers, only with logged break-glass access for incident response.
- We do not sell your data and we do not share it with third-party marketers.
- Sentry (errors) and LangSmith (LLM traces) receive non-PII telemetry only — we never forward your resume content to them.
Retention
- Resume PDFs and scores: retained while your account is active.
- Audit log entries: retained permanently as a security record.
- When you delete your account, your data enters a 30-day soft-delete window before being hard-deleted.
Your rights
Whether you fall under India's DPDP Act or the EU's GDPR, you can export or delete your data at any time. Email us at aakashdas276@gmail.com and we'll respond within 30 days.
Cookies
We use Clerk's session cookies to keep you signed in. When the PostHog analytics key is set in production, anonymized product analytics cookies are also dropped — never with your email or resume content attached.