Back home

Safety & Trust

Our commitments, your controls, and how to report a problem.

Last updated · May 3, 2026

How we protect your resume

  • In-memory parsing. Files are decoded in RAM. Nothing written to disk, nothing sent to backups.
  • Discarded immediately. The file buffer and extracted text are dropped the moment the response is built.
  • File-signature validation. We check magic bytes (PDF, DOCX) before parsing to block malformed or disguised payloads.
  • Size and rate limits. 5 MB max upload. Per-IP rate limits stop scraping and abuse.
  • Encrypted in transit. All API traffic is HTTPS only.
  • Secrets in vaults. SMTP, database, and LLM credentials live in environment secrets — never in code or logs.

What we will never do

  • Sell, rent, or share your data with advertisers.
  • Train AI models on your resume content.
  • Auto-apply to jobs on your behalf or impersonate you to recruiters.
  • Add tracking pixels or third-party ad cookies.
  • Email you outside the explicit notification you signed up for.

Account and email safety

  • ResumePulse has no logins or passwords. There is nothing for an attacker to phish.
  • Confirmation emails come from a single sender domain. Treat any email asking you to "verify your password" or send credentials as a phishing attempt.
  • If you receive a suspicious email claiming to be us, forward the full headers to abuse@resumepulse.ai.

Sharing safely

Share links contain a random 10-character slug. They are unlisted but not encrypted — treat them like "anyone with the link can view." Don't share publicly if your result contains information you want kept private. You can ask us to revoke a shared link anytime.

Reporting abuse

Found a shared link being used to harass, defame, or impersonate someone? Email abuse@resumepulse.ai with the URL. We aim to respond within 48 hours and revoke confirmed-abusive content.

Vulnerability disclosure

We welcome security researchers. If you find a vulnerability, emailsecurity@resumepulse.ai with reproduction steps. Please:

  • Give us a reasonable window to fix before public disclosure.
  • Avoid actions that degrade service for others (no DoS, no mass enumeration).
  • Do not access, modify, or exfiltrate user data beyond proof of concept.

We don't currently run a paid bounty, but we will publicly credit you (with permission) and respond promptly.

Content boundaries

ResumePulse processes resumes only. Do not submit child sexual abuse material, content designed to defraud, malicious code, or content prohibited under the laws of India or your local jurisdiction. We may remove and report such content to authorities as legally required.

Service status and outages

We don't guarantee uptime, but we monitor the API and respond to outages. If the service is down, refresh after a minute or two before assuming a problem with your file.

Contact