17734255 Canada Corp, operating as Deborah Vineyard, is the data controller for personal information collected through resumeshield.online ("the Service"). We are incorporated under the laws of Canada.
This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the General Data Protection Regulation (GDPR) for users in the European Economic Area.
Questions or data requests: admin@deborahvineyard.com
| Data | When collected | Why |
|---|---|---|
| Email address | Account registration | Account identification, login, transactional emails, password reset |
| Full name | Account registration | Personalisation, contact header on generated PDFs |
| Password (hashed) | Account registration | Authentication. Stored as bcrypt hash — we cannot see your password |
| Company & specialty | Optional, account settings | AI personalisation for tool outputs |
| Resume content | When you use resume tools | Processing by AI models to generate optimised outputs |
| Job descriptions | When you use ATS or builder tools | Processing by AI models to tailor resume and cover letter content |
| Career history, skills, goals | When you use career or interview tools | Processing by AI models for tool outputs |
| Contact details for PDFs | Optionally, in PDF generation tools | Printed in the header of generated PDF documents only |
| LinkedIn profile URL | When you use Smart Import (Role tier+) | Passed to LinkdAPI to retrieve your public LinkedIn profile data |
| Data | Source | Why |
|---|---|---|
| AI-generated content | Tool outputs | Stored so you can access your generation history and download PDFs |
| ATS scores | Resume scoring tools | Displayed to you; stored with your generation history |
| Generation count & timestamps | Each tool use | Enforcing tier limits and usage quotas |
| Payment records | Stripe webhook on successful payment | Subscription management and tier assignment. We store tier, amount, and session ID — not your card details |
| Talent Marketplace profile | Built from your resume generations when you opt in | Used for anonymous employer discovery (see Section 4) |
| LinkedIn import usage count | Smart Import tool | Enforcing monthly quota per tier |
When you use the Service, our infrastructure automatically logs standard server-side request data including IP address, browser type, and request timestamps. This data is held by our hosting provider (Railway) and is used for security monitoring and debugging. We do not run analytics trackers or third-party advertising pixels on the Service.
We use the personal information we collect for the following purposes:
We will not use your personal information for purposes incompatible with those listed above without obtaining your additional consent.
The Talent Marketplace involves additional data processing beyond standard account and tool use. This section specifically addresses how that data is handled.
When you enable Talent Marketplace visibility, an anonymized profile is constructed from your most recent resume generation by an AI model. This process strips all personally identifiable information and produces a profile containing only: skill categories, experience level indicators, achievement metrics (as percentages or ranges, not absolute figures), industry keywords, and certification categories.
Employers searching the Talent Marketplace see only the anonymized profile. They cannot see your name, email, employer names, institution names, location, or any other identifying information unless you explicitly accept an inquiry from them.
If you accept an employer inquiry, your name and email address are disclosed to that employer at the moment of acceptance. This disclosure is logged with a timestamp. You cannot undo a disclosure once made. You should treat acceptance as equivalent to sending a contact email to that employer.
Your block list (companies you do not want to discover your profile) is stored in your account preferences. We apply blocks to the best of our ability based on the company names you provide. We cannot guarantee that employers operating under variations of a blocked name, through staffing agencies, or via shared accounts will be blocked.
Disabling Talent Marketplace visibility immediately removes your anonymized profile from employer search. Accepted inquiries and the associated identity disclosures that occurred before you disabled visibility are not retroactively removed — those communications occurred directly between you and the employer.
Your Talent Marketplace profile is deleted when you delete your account (see Section 6).
We share personal data with the following third-party processors as necessary to operate the Service. All processors are contractually bound to use your data only for the specified purpose:
| Processor | Purpose | Data shared | Location |
|---|---|---|---|
| Anthropic | AI language model (resume & cover letter generation) | Resume content, job descriptions, career history passed as prompt inputs | USA |
| OpenAI | AI language model (interview prep, career strategy, job intel tools) | Career history, job descriptions, interview context passed as prompt inputs | USA |
| xAI (Grok) | Social media signal processing for Smart Enhance | Job title and industry keywords; no personal information | USA |
| Firecrawl | Web scraping for Smart Enhance and Smart Import job intelligence | Job posting URLs, company names; no personal information | USA |
| LinkdAPI | LinkedIn profile import (Role tier+) | Your LinkedIn profile URL; returns public LinkedIn profile data | Varies |
| Stripe | Payment processing | Email address, subscription tier; Stripe handles all card data directly | USA |
| Resend | Transactional email delivery | Email address and email content (password reset, notifications) | USA |
| Railway | Cloud infrastructure and database hosting | All account and generation data stored in Railway-managed PostgreSQL | Singapore (asia-southeast1 region) |
We do not sell, rent, or trade your personal information to any third party for marketing purposes.
We may disclose personal information if required by law, court order, or lawful request by government authorities, or if we reasonably believe disclosure is necessary to protect the rights, property, or safety of our users or the public.
| Data type | Retention period |
|---|---|
| Account information (email, name, password hash) | Until account deletion, then deleted within 30 days |
| AI-generated content (resumes, cover letters, tool outputs) | Until account deletion, then deleted within 30 days |
| Payment records | 7 years from the date of transaction, as required by Canadian tax law (Income Tax Act) |
| Stripe event log (idempotency records) | 90 days, then automatically purged |
| Talent Marketplace profile | While visibility is enabled or account is active; deleted within 30 days of account deletion |
| LinkedIn import usage counts | Rolling 13-month window for quota tracking; deleted with account |
| Server request logs | Managed by Railway; typically 30 days |
When you delete your account, we will process the deletion within 30 days. Payment records are retained for the legally required period even after account deletion. Anonymized, aggregated usage statistics that cannot be linked to any individual may be retained indefinitely.
We implement technical and organizational measures to protect your personal information, including:
No method of electronic transmission or storage is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security. If you become aware of any security vulnerability in the Service, please report it to admin@deborahvineyard.com.
In the event of a data breach that poses a real risk of significant harm to individuals, we will notify affected users and the Office of the Privacy Commissioner of Canada as required by PIPEDA.
As a Canadian resident (and as applicable to all users), you have the following rights regarding your personal information:
To exercise any of these rights, contact us at admin@deborahvineyard.com. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.
Resume Shield is operated from Canada and serves users globally, including users in the European Economic Area (EEA), United Kingdom, and other jurisdictions with data protection laws.
Your personal information may be transferred to and processed in countries outside your home country, including Canada, the United States, and Singapore (where our infrastructure provider Railway hosts its asia-southeast1 region). These countries may not have data protection laws equivalent to those in your jurisdiction. By using the Service, you consent to these transfers.
If you are located in the EEA or UK, the following additional information applies:
Resume Shield uses browser localStorage (not cookies) for the following purposes on resumeshield.online:
We do not use third-party tracking cookies, advertising pixels, or analytics services that set cookies on this domain. The Service does not use Google Analytics, Facebook Pixel, or similar tracking technologies.
You can clear localStorage at any time through your browser's developer tools or by logging out of the Service.
The Service is not directed at children under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at admin@deborahvineyard.com and we will delete the information promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the features of the Service. When we make material changes, we will notify you by email at the address on your account at least 14 days before the changes take effect.
The "Last updated" date at the top of this document reflects the most recent revision. If you continue using the Service after the effective date of a revised policy, you accept the revised terms. If you do not agree to a material change, you should stop using the Service and request account deletion before the effective date.
For any privacy-related inquiries, data access requests, correction requests, or deletion requests:
We will acknowledge your request within 5 business days and respond fully within 30 days. For complex requests, we may extend this period by an additional 30 days with notice.
If you are not satisfied with our response, you may contact: