Privacy Policy
Last updated: 20 October 2025
This Privacy Policy explains how PG Gaming Limited ("ResumeCoach", "we", "us", "our") collects, uses, discloses and protects personal data when you use resumecoach.com and related services (the "Service"). We act as a data controller for processing described below, unless stated otherwise.
Company: PG Gaming Limited (Company No. 15971380)
Registered office: Regus Strand, Golden Cross House, 8 Duncannon Street, London, United Kingdom, WC2N 4JF
Contact: support@resumecoach.com (privacy requests), or via in-product request form
1. Scope and who this policy applies to
1.1 This Policy applies to visitors and registered users located in the EU, EEA and UK. We technically restrict access from other jurisdictions.
1.2 If you access from outside the EU/EEA/UK (e.g., via VPN), you are not permitted to use the Service.
1.3 Separate documents govern (i) the Terms of Use and (ii) our Cookie Policy (covering cookies/SDKs, analytics and advertising identifiers).
2. Categories of personal data we process
2.1 Account & identity data: name, email, country/region (derived from IP and billing), language, authentication identifiers.
2.2 Resume content & job data: CV/resume files and text, education/work history, skills, job descriptions, and prompts you submit; AI-generated outputs.
2.3 Transactional & token data: token purchases, balances, redemptions, invoices/receipts, VAT status, timestamps, amounts.
2.4 Support & communications: messages to support, feedback, survey responses, consents/withdrawals, complaint records.
2.5 Technical & usage data: IP address, approximate location (country/region), device and browser, log events, session IDs, API usage metrics, error reports, security telemetry (e.g., failed logins, fraud signals).
2.6 Cookies/SDK identifiers: as described in our Cookie Policy.
3. Sources of data
3.1 Data you provide directly (account creation, resume upload, prompts, support).
3.2 Data generated by your use of the Service (logs, tokens usage, outputs).
3.3 Data from payment/acquiring partners for settlement and fraud screening.
3.4 Public or third-party data you elect to connect (e.g., pasting a vacancy URL).
4. Purposes and lawful bases
We process personal data under the GDPR and UK GDPR using the following bases:
| Purpose | Data | Lawful basis |
|---|---|---|
| Create and manage your account; authenticate sessions | Account & identity, technical | Contract (Art. 6(1)(b)) |
| Provide AI-powered services (analysis, tailoring, cover letters); display outputs | Resume/job data, technical | Contract (Art. 6(1)(b)) |
| Token purchases, invoicing, VAT, refunds | Transactional & token | Contract (b); Legal obligation (Art. 6(1)(c)) for tax/AML |
| Fraud prevention, service security, geoblocking to EU/EEA/UK | Technical, usage, location | Legitimate interests (Art. 6(1)(f)) and legal obligation where applicable |
| Customer support and incident response | Account, support, logs | Contract (b); Legitimate interests (f) |
| Product analytics (privacy-respecting, aggregated) | Usage, cookies/SDK IDs | Consent (Art. 6(1)(a)) via Cookie banner (where required) or legitimate interests with strict safeguards |
| Marketing emails (tips, updates) | Email, usage (limited) | Consent (a) or soft opt-in where permitted; opt-out anytime |
| Legal claims and compliance requests | Relevant categories | Legitimate interests (f); Legal obligation (c) |
| Special category data included in your resume | Only what you submit | Explicit consent (Art. 9(2)(a)); do not submit if unnecessary |
5. AI processing and automated decisions
5.1 We use AI providers to process your text and generate outputs you request. We do not use automated decision-making that produces legal or similarly significant effects on you (Art. 22 GDPR/UK GDPR).
5.2 AI outputs can contain inaccuracies; you remain responsible for reviewing them before use.
6. Payments and acquirers
6.1 Token purchases are processed by our payment processor and acquirer(s). We receive transaction metadata and settlement reports but do not store full card numbers.
6.2 We retain invoicing and transaction records for tax/accounting and AML/Fraud purposes (see Retention below). Prices shown are VAT-inclusive where applicable.
7. Sharing of personal data
We share data only as necessary and with safeguards:
- Processors: cloud hosting & databases, email/SMS delivery, customer support tools, analytics, monitoring, and AI model providers (to render your requests);
- Professional advisers and auditors;
- Corporate transactions: in a merger, acquisition or asset sale (with notice where required);
- Authorities: where we are legally required to comply with law enforcement or regulatory requests, or to protect rights, safety, and security.
Processors act under a Data Processing Agreement, follow our instructions, implement security measures, and are not permitted to use your data for their own purposes.
8. International data transfers
8.1 If we transfer personal data outside the EU/EEA/UK, we ensure an appropriate transfer mechanism, such as:
- EU Standard Contractual Clauses (SCCs);
- UK International Data Transfer Addendum / IDTA;
- An adequacy decision where available.
8.2 We also apply supplementary safeguards (encryption in transit/at rest, access controls, minimization).
9. Retention and deletion (including post-deletion archiving)
9.1 We retain personal data only for as long as necessary for the purposes set out above. Our primary retention periods are:
| Data category | Standard retention |
|---|---|
| Account profile (active users) | While account is active |
| Resume/job content & AI outputs | Until you delete them or your account, or 24 months of inactivity (whichever earlier), then deleted or anonymized |
| Support tickets | 24 months after resolution |
| Security logs | 12 months (unless needed longer for investigation) |
| Financial records (invoices, payments, chargebacks) | 5 years from your last transaction (AML) and up to 6 years where required by UK tax law (whichever is longer) |
| Consents/withdrawals and complaint records | 6 years (compliance evidence) |
9.2 Account deletion flow ("right to be forgotten")
When you request Delete account, we immediately deactivate access and move your account to archived state. In this state we minimize data to what is strictly necessary for (i) legal retention (tax/AML), (ii) security and dispute handling.
Resume files, job descriptions, and AI outputs are deleted or irreversibly anonymized during archiving (unless they are embedded in logs we must keep solely for security evidence).
After expiry of the applicable retention periods above (e.g., 5 years AML / up to 6 years tax), your archived records are securely erased from active and backup systems, subject to technical backup cycles.
9.3 Account reactivation
If you re-activate your account during the archiving window (before legal retention expires), we may restore your profile, but content you deleted or that we anonymized will not be recoverable.
10. Your privacy rights
Under the GDPR/UK GDPR, you have the right to:
- Access your personal data and obtain a copy;
- Rectify inaccurate or incomplete data;
- Erase data ("right to be forgotten")—subject to legal retention obligations;
- Restrict processing in certain circumstances;
- Portability of data you provided to us, in a structured, commonly used, machine-readable format;
- Object to processing based on legitimate interests and to direct marketing;
- Withdraw consent at any time where processing is based on consent (this does not affect pre-withdrawal lawfulness).
To exercise rights, contact support@resumecoach.com. We may request verification of identity. You also have the right to lodge a complaint with your local EU Data Protection Authority or the UK Information Commissioner's Office (ICO).
11. Security
11.1 We implement technical and organizational measures appropriate to the risk, including encryption in transit and at rest, access controls, audit logs, least-privilege access, vulnerability management, and incident response procedures.
11.2 No system is 100% secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant authorities as required by law.
12. Children's data
The Service is intended for users 16+. We do not knowingly collect personal data from children under 16. If you believe a child has provided us data, contact us and we will take appropriate steps to delete it.
13. Cookies and similar technologies
We use cookies and similar technologies for essential functionality, security, analytics, and to remember preferences. Details (types, purposes, lifetimes, third parties) and your choices are provided in our separate Cookie Policy and cookie banner, where you can manage consent at any time.
14. Geographic restrictions and geolocation
We process approximate location (country/region derived from IP or payment metadata) to enforce availability only to users in the EU/EEA/UK and to comply with sanctions and export-control screening. Users attempting to access from other locations may be blocked.
15. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be announced via the Service or email. The "Last updated" date indicates the effective date. Continued use of the Service after an update signifies acceptance of the revised Policy.
16. Contact
Questions, requests, or complaints about privacy can be sent to:
Email: support@resumecoach.com
Postal: PG Gaming Limited (Privacy), Regus Strand, Golden Cross House, 8 Duncannon Street, London, WC2N 4JF, United Kingdom.