Privacy Policy

Rezooh is operated by Agile Invest Pty Ltd, an Australian private company (“Rezooh”, “we”, “us”). This policy explains what personal information we collect, why we collect it, who we share it with, and the choices you have. It is designed to align with the Australian Privacy Act 1988 (including the Australian Privacy Principles) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Data controller

For the purposes of the GDPR, Agile Invest Pty Ltd is the data controller of personal information you submit to Rezooh. Contact for privacy enquiries: privacy@rezooh.com.

2. Information we collect

• Account information — name, email address, authentication identifiers (e.g. Google account id if you sign in with Google), and account preferences.
• Resume and application content — resumes you upload, work history, education, skills, generated drafts, cover letters, applications you log, interview prep notes, and any other content you create in the Service.
• Payment data — handled by Stripe. Rezooh does not store your full card number; we receive only a Stripe customer/subscription id and limited metadata (last four digits, brand, billing country) needed for receipts and dispute handling.
• Usage and device data — pages viewed, features used, approximate location derived from IP, browser and device type, and timestamps. Used to operate the product and prevent abuse.
• Communications — emails you send to support and our replies, plus product emails (transactional and, where you have opted in, marketing).
• Error and diagnostic data — exception traces captured to diagnose bugs and security issues.

3. How we use your information

• To provide and operate the Service, including generating drafts and tailoring resumes.
• To process payments, manage subscriptions, and issue refunds.
• To communicate with you about your account, security, and product changes.
• To prevent fraud, abuse, and violations of our Terms.
• To improve the Service through aggregated analytics and bug investigation.
• To comply with legal obligations (tax, accounting, lawful requests).

4. Legal basis for processing (GDPR)

Where the GDPR applies, we rely on the following bases:

• Performance of a contract — to deliver the Service you signed up for (account, paid features, support).
• Legitimate interests — to keep the Service secure, prevent abuse, debug errors, and understand usage in aggregate.
• Consent — for optional marketing emails and any non-essential cookies, where required.
• Legal obligation — to retain transactional records for tax and accounting.

5. AI processing of your content

When you ask Rezooh to generate or tailor content, the relevant parts of your resume, job description, and instructions are sent to our AI provider (Anthropic) to produce the output. We do not authorize the AI provider to train their general-purpose models on your content. We may retain the request and response in our own database so that you can revisit it inside the Service.

6. Third-party processors

We share the minimum data necessary with the following processors to operate the Service:

• Vercel — application hosting, edge delivery, and file storage (US/global).
• Neon — managed Postgres database where your account, resumes, and application data are stored.
• Stripe — payment processing and subscription billing.
• Anthropic — large language model API used to generate drafts and suggestions.
• Resend — transactional email delivery.
• Sentry — error and performance monitoring.
• PostHog — product analytics (events, feature usage).
• Inngest — background job orchestration for long-running tasks such as data exports.
• Google (Sign in with Google) — authentication, if you choose Google to sign in.

Each processor is bound by a data processing agreement (or equivalent contractual safeguards). Where these processors are located outside Australia or the EEA, transfers are made on the basis of Standard Contractual Clauses or equivalent mechanisms.

7. Cookies and analytics

We use a small number of cookies and similar technologies:

• Essential cookies — sign-in session, CSRF protection, and security. The Service does not work without these.
• Analytics — PostHog uses cookies / local storage to attribute events to a session. We do not sell this data and use it only to improve the product.

A dedicated cookie consent banner is coming. In the meantime, you can clear cookies from your browser settings at any time. For the full list of cookies and similar technologies, see our Cookie Policy.

8. Data retention

• Account data — retained while your account is active and for a reasonable period after deletion to handle billing disputes and legal requests.
• Billing records — retained for at least 7 years to comply with Australian tax and accounting obligations.
• Error and diagnostic logs — retained for up to 90 days.

9. Your rights

Subject to applicable law (including the Australian Privacy Principles and the GDPR), you may:

• Access and export your data — download an archive of your account from Settings → Data & Privacy.
• Correct inaccurate personal information from your profile and settings.
• Delete your account and associated data from Settings → Data & Privacy.
• Object to or restrict certain processing, where the GDPR applies.
• Withdraw consent for marketing emails by clicking the unsubscribe link in any email.
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or your local EU/UK supervisory authority.

10. Security

We use TLS for data in transit and managed encryption at rest with our hosting and database providers. Access to production systems is limited to authorised personnel. No system is perfectly secure; please report suspected vulnerabilities to security@rezooh.com.

11. Children

Rezooh is not directed at children under 16. If you believe a child has provided us personal information, contact us and we will delete it.

12. Changes to this policy

We will update this page when our practices change. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated by email or in-app notice.

13. Contact

Privacy questions, access/deletion requests, and DPA enquiries: privacy@rezooh.com.

Agile Invest Pty Ltd · Sydney, Australia