Résuméd CV Creator is a service for creating résumés, cover letters, and saving job ads.
This Privacy Policy explains how Kreativ Webbdesign, operator of Résuméd CV Creator, collects, uses, discloses, retains, and protects personal data when you use resumed.nu, app.resumed.nu, and related authenticated environments.
1. Personal Data We Collect
We collect personal data needed to provide, secure, maintain, and improve Résuméd CV Creator. The personal data collected depends on how the Website and Service are used.
Personal data provided directly
- Account and contact information, such as name, email address, login details, account settings, subscription status, and payment-related information.
- Content stored in the Service, such as profile details, résumés, cover letters, uploaded files, and saved job ads.
- Communications with us, such as support requests, feedback, and related correspondence.
Personal data collected automatically
- Technical, usage, security, and cookie-related data, such as device and browser information, IP address, logs, preferences, consent choices, and interactions with the Website or Service.
Personal data received from service providers
- Payment, subscription, authentication, hosting, email delivery, database, security, and operational information from service providers used to run the Website and Service.
Personal data received from service providers
- Payment and subscription status from Stripe, where needed to manage paid plans, invoices, subscription access, and account status.
- Authentication, security, hosting, email delivery, database, and technical information from service providers used to operate, secure, and maintain the Website and Service.
2. How We Use Personal Data
We use personal data for the following purposes:
- to provide, maintain, and operate the Website and Service;
- to create and administer user accounts;
- to authenticate users and protect account access;
- to provide résumé creation, cover letter creation, previews, exports, storage, syncing, and saved job ad functionality;
- to manage subscriptions, plan access, billing, invoices, and payments;
- to send transactional communications, including login links, verification messages, account notices, billing notices, security notifications, and support responses;
- to provide support, investigate errors, resolve issues, and respond to requests;
- to prevent and investigate fraud, abuse, unauthorized access, security incidents, and violations of applicable terms;
- to debug, maintain, and improve the Website and Service;
- to use optional analytics and tracking data where consent has been given;
- to comply with legal obligations, including bookkeeping, tax, accounting, consumer law, security, and lawful requests from authorities; and
- to enforce agreements and protect our rights, users, systems, and business.
3. Legal Bases for Processing
We rely on the following legal bases when processing personal data:
- Contract, when processing is necessary to provide the Service, administer accounts, manage subscriptions, provide exports, store user content, sync data, and deliver core functionality.
- Legal obligation, when processing is necessary to comply with bookkeeping, tax, accounting, consumer law, security, or other legal requirements.
- Legitimate interests, when processing is necessary to maintain and improve the Website and Service, provide support, prevent abuse, secure systems, investigate issues, enforce agreements, or protect legal claims.
- Consent, when processing is based on optional analytics, tracking, or marketing communications that require consent.
4. How We Disclose Personal Data
We disclose personal data only where needed to operate, secure, maintain, support, or legally protect the Website and Service.
- Stripe is used for payments, subscriptions, invoices, and related billing operations.
- Supabase is used for database services, login, authentication, and security-related functionality.
- Northflank is used to host and operate the application.
- Loopia is used to host the public Website.
- Brevo is used for email delivery, including transactional messages and support-related communication.
Personal data is also disclosed to professional advisers, such as accountants, auditors, insurers, or legal advisers, where needed. Personal data is disclosed to public authorities, courts, regulators, or other recipients where required by law, regulation, court order, or lawful request.
Personal data can also be disclosed as part of a business transfer, reorganization, sale, merger, or similar transaction, subject to applicable confidentiality and legal requirements.
We do not sell personal data to advertisers.
5. Cookies and Similar Technologies
The Website and Service use cookies, local storage, session storage, IndexedDB, and similar technologies.
On the Website, necessary cookies and similar technologies are used for basic functionality, security, consent handling, and reliable operation. Optional analytics and tracking technologies are used only where consent has been given.
In the logged-in Service, necessary and functional cookies and similar technologies are required for authentication, security, account access, preferences, local draft preservation, syncing behavior, and core Service functionality. These technologies are part of the Service and are not optional.
Optional analytics and tracking consent can be changed or withdrawn through the cookie notice, in the Service under Settings > Integrity, and through the cookie settings link in the Website footer.
6. Rights and Choices
Depending on applicable law, individuals have rights regarding their personal data. These rights can include:
- access to personal data;
- correction of inaccurate or incomplete personal data;
- deletion of personal data in certain circumstances;
- restriction of processing in certain circumstances;
- objection to processing based on legitimate interests in certain circumstances;
- data portability where applicable;
- withdrawal of consent where processing is based on consent; and
- the right to lodge a complaint with Integritetsskyddsmyndigheten (IMY) or another competent supervisory authority.
These rights are not absolute. Requests can be limited by applicable law, contractual obligations, security requirements, bookkeeping requirements, tax rules, or the need to establish, exercise, or defend legal claims.
7. International Data Transfers
Some service providers process personal data outside Sweden or the EU/EEA. Where personal data is transferred to a country that does not provide an adequate level of protection under applicable law, appropriate safeguards are used, such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.
8. Retention, Account Deletion, and Security
We retain personal data only for as long as reasonably necessary to provide the Service, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, protect the Website and Service, and maintain security.
Account data, profile data, résumés, cover letters, saved job ads, uploaded files, and stored document content are generally retained while the account remains active.
Account deletion
Paid subscriptions are managed through Stripe. To delete a paid account, the subscription must first be cancelled in Stripe.
After cancellation, deletion can be requested from within the Service. The account is then held for 30 days before deletion. Logging in during that period cancels the deletion request and reactivates the account.
If the account is not reactivated, the account and associated Service data are deleted, including profile data, résumés, cover letters, saved job ads, uploaded files, and stored document content.
Limited records are retained for longer where required by law or needed for billing, invoices, tax, bookkeeping, security, fraud prevention, dispute handling, or the establishment, exercise, or defense of legal claims.
We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, disclosure, alteration, and destruction. No method of transmission over the internet or electronic storage is completely secure, and absolute security cannot be guaranteed.
9. Children
The Website and Service are not directed toward children. A person who is not legally able to enter into a payment transaction should not purchase a paid plan.
If personal data has been provided in a way that violates applicable law, the matter will be reviewed when notified.
10. Changes to This Privacy Policy
We update this Privacy Policy when needed to reflect legal, technical, operational, or business changes.
The latest version is published on the Website with the updated date. Material changes can also be communicated through the Service or by email.
11. Contact Information
The entity responsible for this Privacy Policy is:
Kreativ Webbdesign
Organisation number: 810817-0492
Operator of Résuméd CV Creator
Questions, complaints, or requests regarding personal data can be sent to hello@resumed.nu.