Privacy Policy

Last updated: June 2026

This Privacy Policy explains how Resumika (resumika.ai) collects, uses and protects your personal information when you use our Service. Resumika is operated by Vocxa(vocxa.com), which acts as the data controller for the Service. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), United Kingdom, and Switzerland.

1. Data Controller

The data controller responsible for your personal data is:

  • Company: Vocxa (operating as Resumika)
  • Entities: Vocxa (Pvt) Ltd (Sri Lanka) and vocxa, Inc. (Delaware, USA)
  • Contact: [email protected]
  • Website: vocxa.com

2. Information We Collect

  • Account data: your email address and authentication metadata.
  • Resume content: information you enter or upload (name, experience, education, skills, etc.).
  • Payment data: subscription and billing information processed through our payment provider.
  • Usage data: device, browser, IP address, and interaction data to improve the Service.
  • Cookies: essential and analytics cookies as described in our Cookie Policy.

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service to you, including creating and managing your account, generating resumes, and processing subscriptions.
  • Consent: When you create an account and accept our Terms & Conditions, you consent to the processing of your personal data as described in this policy. You may withdraw consent at any time by deleting your account.
  • Legitimate Interests: For fraud prevention, security, service improvement, and analytics, where these interests do not override your fundamental rights.
  • Legal Obligations: When required to comply with applicable laws, regulations, or legal processes.

4. How We Use Information

  • To provide and personalise the resume builder and AI features.
  • To send you sign-in codes and magic links.
  • To process subscriptions and prevent fraud.
  • To improve and secure the Service.
  • To communicate important updates about the Service or changes to our policies.
  • To respond to your support requests.

5. Sharing & Third Parties

We do not sell your personal information. We share data only with:

  • Payment providers: to process subscription payments securely.
  • Email providers: to send authentication codes and service communications.
  • Cloud infrastructure: to host and operate the Service.
  • Analytics providers: to understand Service usage and improve user experience.

All third-party providers are bound by data processing agreements and appropriate safeguards.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA, including the United States and Sri Lanka, where our servers and team are located. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all third-party providers
  • Technical and organizational security measures

7. Your Rights (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restrict Processing: Request limitation of how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format or request transfer to another controller.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at [email protected] or use the data management features in your account settings. We will respond to your request within 30 days.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account:

  • Your resumes and personal data are deleted within 30 days.
  • Some data may be retained longer if required by law (e.g., financial records for tax purposes).
  • Anonymized usage data may be retained for analytics purposes.

9. Security

We use industry-standard measures to protect your data, including:

  • Encryption in transit (TLS/SSL) and at rest
  • Passwordless authentication to reduce security risks
  • Regular security audits and updates
  • Access controls limiting who can access your data

10. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware of such data, we will delete it promptly.

11. Complaints

If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection supervisory authority. For EEA residents, you can find your supervisory authority at edpb.europa.eu.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified through the Service or via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact

For privacy requests or questions about this policy, please contact: