Privacy Policy

At Diabolical Labs ("we," "our," or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use Reso.

1. Information We Collect

We collect information you give us directly and information generated automatically when you use Reso.

Personal Information

When you create an account or use the service, we collect:

• Account details: Your name, email address, password (stored in a secure, unreadable format), job title, industry, and any profile notes you add.
• Sign-in information: If you sign in with Google, we receive your Google account ID. We also store your email verification status and password reset records (in a secure, unreadable format).
• Preferences: Your language choice (US or UK English) and display theme (light or dark mode).

Your CVs, Jobs, and Analysis Data

• CV library: When you upload a CV (PDF, DOCX, DOC, or TXT; up to 2 MB), we extract and store the text content. You can save multiple CVs with custom names and set a default.
• Job applications: Role title, company, location, application status (e.g., Applied, Interviewing), notes, bookmarks, and any links you add.
• Analyses: The job description text you provide, the analysis results (match scores, strengths, gaps, recommendations, and tailored CVs), job details (seniority level, skills mentioned, salary range), and any notes or documents you attach.
• Interviews: Session dates, formats (e.g., video call, technical), round labels, your notes, AI-generated summaries, and outcomes.
• Personalized suggestions: We build a brief summary of your career profile so our AI can give you more relevant advice over time. This summary is created from information you have already provided and is stored alongside your account.

Payments and Usage

• Credits (Pulses): Your credit balance, how credits were added (free or purchased), how many you have used, payment records (processed by a third-party payment provider), and related details.
• AI usage logs: Records of AI operations (such as how many were run and how long they took), used to monitor costs and improve performance. These logs do not contain your CV or job description text.
• Feedback: Any messages, categories, or screenshots you submit through the feedback form.

Technical Data

• Cookies: We use secure session cookies to keep you signed in.
• Local storage: Your language and theme preferences are saved in your browser.
• Device information: IP address, browser type, and access times, used for security and to detect misuse.

We do not keep your original uploaded files after extracting the text. The original file is discarded once processing is complete.

2. How We Use Your Information

We use your information to:

• Provide our services: Manage your account, run CV analyses, track your job applications, generate interview prep, display insights, and manage your credits.
• Personalize your experience: Use your career profile summary to give the AI better context, so your results are more relevant to your background.
• Process payments: Track your credit usage and handle purchases.
• Communicate with you: Send verification emails, password resets, support replies, and important service updates.
• Improve Reso: Analyze anonymized usage patterns, AI performance, and feedback to make the service better.
• Keep things secure: Detect misuse, limit excessive requests, and maintain security logs.
• Meet legal obligations: Keep certain records as required by law or regulation.

3. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

• Service providers: Our AI provider (OpenAI) processes your CV and job description text to generate analyses. Our email provider (Resend) sends transactional emails. Our hosting provider (Railway) stores your data. Our payment processor handles purchases. All providers are contractually required to protect your data and use it only for the services they provide to us.
• Legal requirements: If required by law, regulation, or to protect our rights, safety, or property.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

All international data transfers use appropriate safeguards (such as Standard Contractual Clauses) to protect your information.

4. Data Retention and Deletion

• While your account is active: We keep your data for as long as your account is open or as needed to provide the service. Your analysis history, job data, and credits are kept unless you delete them.
• When you delete your account: You can delete your account from Settings. This deactivates your account, removes your personal details (name, email, and other identifying information), and anonymizes your historical records. You can also export your data as a downloadable archive before deleting.
• Anonymized data: We may keep anonymized, non-identifiable summaries for service improvement purposes.

You can request data export or deletion at any time by contacting support@dianaismail.me.

5. Data Security

We use a range of technical and organizational measures to protect your data, including:

• Passwords stored using industry-standard one-way encryption.
• Security tokens stored in a secure, unreadable format.
• Secure, encrypted session cookies.
• Rate limiting, input validation, and file size restrictions.
• Security headers to protect against common web attacks.
• Encrypted connections (HTTPS) between your browser and our servers, and encrypted database connections.
• User-submitted text is cleaned before being sent to the AI, to prevent misuse of the analysis system.

No system is 100% secure. While we take strong precautions, we cannot guarantee absolute protection against all breaches.

6. Your Rights and Choices

Depending on where you live (for example, under GDPR in Europe or PDPA in Singapore), you may have the right to:

• Access, correct, or update your personal data.
• Restrict or object to how we process your data.
• Request deletion of your data or receive a copy in a portable format.
• Withdraw your consent at any time.

To exercise any of these rights, contact our Data Protection Officer (DPO):

• Email: dpo@dianaismail.me
• Attention: Data Protection Officer, Diabolical Labs

We will respond to verified requests within the timeframes required by law (typically 30 days under GDPR and PDPA).

7. Children's Privacy

Reso is not intended for users under 16 (or the minimum age required in your country). We do not knowingly collect data from children.

8. International Data Transfers

Your data may be processed in the United States or other countries through providers such as OpenAI and Railway. We ensure all international transfers comply with GDPR, PDPA, and other applicable laws using appropriate safeguards.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted here with a revised "Last Updated" date. If we make significant changes, we may also notify you by email or within the app. Your continued use of Reso after changes are posted means you accept the updated policy.

10. Contact Us

For questions, data requests, or complaints, contact us at support@dianaismail.me.