Data Processing
Last Updated: October 17, 2025
This page provides detailed information about the third-party data processors we work with to deliver our AI-powered resume analysis service. We carefully select processors that meet high standards for data protection, security, and compliance.
Important Notice
This list may be updated from time to time as we add, remove, or change service providers. We will update this page and notify users of material changes. All processors are bound by data processing agreements and must comply with applicable data protection laws, including GDPR.
Overview
To provide our Service, we engage third-party processors who process personal data on our behalf under our instructions. We are the data controller, and these entities act as data processors or sub-processors. Each processor has been carefully evaluated for:
- Technical and organizational security measures
- Compliance with GDPR and other data protection regulations
- Use of Standard Contractual Clauses (SCCs) for international transfers
- Transparent privacy policies and data handling practices
Our Data Processors
Below is a complete list of third-party processors, their roles, the types of data they process, and the safeguards in place.
1. OpenRouter / OpenAI
AI-Powered Resume Analysis
We use OpenAI's GPT models via OpenRouter to analyze resume content, identify skills, evaluate ATS compatibility, and generate personalized feedback. Resume data is transmitted securely and processed according to OpenAI's enterprise data processing terms.
Data Processed:
- Resume content (text extracted from uploaded documents)
- Job description text (if provided)
- Analysis prompts and instructions
Location:
United States
Safeguards:
Standard Contractual Clauses (SCCs), encryption in transit and at rest, enterprise-grade security measures. Data is not used for model training without explicit consent.
2. Paddle
Payment Processing
Paddle is our payment service provider and Merchant of Record. They handle all payment processing, subscription management, and invoicing. We do not store credit card details on our servers; Paddle processes and securely stores payment information.
Data Processed:
- Payment card information (processed directly by Paddle, not stored by us)
- Billing name and address
- Email address
- Transaction metadata (order ID, amount, timestamp)
Location:
United Kingdom / United States
Safeguards:
PCI DSS Level 1 compliant, Standard Contractual Clauses (SCCs), GDPR-compliant data processing agreement. Paddle acts as a Merchant of Record.
3. Cloudflare R2
Secure File Storage
We use Cloudflare R2 object storage to securely store uploaded resume and cover letter files. Files are encrypted, access-controlled, and automatically deleted after the retention period (30 days by default). R2 is configured to store data within the EU for GDPR compliance.
Data Processed:
- Uploaded resume files (PDF, DOCX)
- Uploaded cover letter files
- File metadata (filename, size, upload timestamp)
Location:
European Union (configurable data residency)
Safeguards:
Data encrypted at rest (AES-256) and in transit (TLS 1.3), EU data residency options, GDPR-compliant data processing agreement, access controls and authentication.
4. Redis (Upstash)
Temporary Caching and Session Management
We use Redis for temporary caching of analysis results and session management to improve service performance and user experience. Cache entries automatically expire and are not used for long-term storage. No sensitive personal information is stored in cache beyond request identifiers and temporary analysis metadata.
Data Processed:
- Request identifiers (RID)
- Analysis results cache (temporary)
- Session tokens and metadata
Location:
European Union / United States (configurable)
Safeguards:
Data encrypted in transit (TLS), automatic expiration of cache entries (24-72 hours), access controls, GDPR-compliant infrastructure.
International Data Transfers
Some of our processors are located outside the European Economic Area (EEA) or may transfer data to servers in different jurisdictions. Where personal data is transferred internationally, we ensure appropriate safeguards are in place:
1Standard Contractual Clauses (SCCs)
We use European Commission-approved Standard Contractual Clauses with all processors that transfer data outside the EEA. These clauses provide legally binding guarantees for data protection.
2Adequacy Decisions
Where possible, we work with processors in countries that have received an adequacy decision from the European Commission, confirming that they provide an adequate level of data protection.
3Technical and Organizational Measures
All processors implement robust technical measures including encryption, access controls, and security monitoring to protect data during international transfers.
Your Rights
You have the right to know how your data is processed and by whom. If you have questions or concerns about any of our data processors, or if you wish to exercise your data protection rights (access, rectification, erasure, etc.), please contact us at:
Email: privacy@resumereview.cv
For a complete overview of your rights and how to exercise them, please see our Privacy Policy.
Updates to This Page
We may update this list of data processors as we add new services, change providers, or discontinue services. Material changes will be reflected on this page with an updated "Last Updated" date. We will also notify users via email or website notice when significant changes occur.
We recommend reviewing this page periodically to stay informed about our data processing practices.
Questions?
If you have any questions about our data processors or data processing practices, please don't hesitate to contact our privacy team: