Privacy Policy

Wizume ("we", "us") operates wizume.ai from the United Kingdom. We are the data controller for personal data described in this policy unless we act as a processor for a business customer (see our DPA).

Privacy contact: privacy@wizume.ai

This policy applies to visitors and account holders worldwide. If you are in the UK, the UK GDPR and Data Protection Act 2018 apply. If you are in the EEA, the EU GDPR applies. If you are in the United States, we honour applicable state privacy laws (for example California's CCPA/CPRA) as described in section 11.

• Account data: email address, authentication identifiers, profile metadata, subscription status from Stripe.
• Resume and application content: names, employers, education, skills, cover letters, job descriptions you enter or upload.
• Payment data: billing country and transaction metadata via Stripe (we do not store full card numbers).
• Usage and diagnostics: feature interactions and error reports when you consent to analytics, or when necessary for security.
• Technical data: IP address, browser type, device signals, timestamps in server and security logs.
• Communications: support and billing correspondence.

• Contract (Art. 6(1)(b) UK/EU GDPR): provide accounts, save documents, run AI features you request, process subscriptions.
• Legitimate interests (Art. 6(1)(f)): security, abuse prevention, service improvement, and aggregated analytics where balanced against your rights. You may object where applicable.
• Consent (Art. 6(1)(a)): non-essential cookies, optional product analytics, and optional marketing tags. Withdraw consent via cookie settings or email.
• Legal obligation (Art. 6(1)(c)): tax, accounting, and regulatory records.

When you use AI features (resume import, tailoring, summaries, ATS scoring, cover letters), relevant resume or job-description text is sent to our AI subprocessors to generate output you review. We do not make solely automated decisions with legal or similarly significant effects about you. You remain responsible for reviewing AI output before use.

We use trusted providers who process data on our instructions:

• Supabase — database, authentication, file storage (EU regions where configured).
• Stripe — payments and tax calculation (Ireland / global infrastructure).
• OpenAI or compatible LLM provider — AI features when you request them.
• Resend — transactional email.
• PostHog — product analytics (EU hosting when enabled; only with consent).
• Sentry — error monitoring (when enabled).
• Cloudflare Turnstile — bot protection on sign-up and login when enabled.

We give at least 30 days' notice of material new subprocessors via email or in-app notice.

Where personal data is transferred outside the UK or EEA, we use appropriate safeguards such as UK International Data Transfer Agreements, EU Standard Contractual Clauses, or adequacy regulations, as required by UK GDPR and EU GDPR.

• Resume and cover letter content: until you delete it or close your account.
• Account and billing records: for the life of the account plus up to 7 years for tax.
• Consent records: for the consent period and a reasonable period after withdrawal.
• Security logs: typically up to 90 days unless needed for incident investigation.

Subject to conditions in law, you may request access, rectification, erasure, restriction, data portability, or object to processing. You may withdraw consent at any time where processing is consent-based. Contact privacy@wizume.ai. We respond within one month (extendable by two months for complex requests).

UK residents may complain to the Information Commissioner's Office (ICO). EEA residents may complain to their local supervisory authority.

The Service is not directed at children under 16 (or the higher age required in your country). We do not knowingly collect their data. Contact us to request deletion if you believe a child has provided data.

Where US state law applies (for example California), you may have rights to know what personal information we collect, request deletion or correction, and opt out of the "sale" or "sharing" of personal information for cross-context behavioural advertising. We do not sell personal information. We share data with service providers only to operate the Service. We do not discriminate against you for exercising privacy rights.

Submit requests to privacy@wizume.ai. We may verify your identity before responding.

See our Cookie Policy. Use "Manage cookies" in the site footer to change preferences.

We may update this policy. Material changes will be notified by email or in-app notice where required by law. The "Last updated" date at the top shows the current version.