Signed-in access only
Real applications and saved resumes require an authenticated session. Demo data stays separate from account-backed data.
Loading…
Res.MeYour resume contains employment history, contact details, and career plans. Res.Me protects it with account isolation, specific encryption controls, limited AI processing, and user-managed data rights.
Inspired by security pages that name the exact control, then say what it means for the user.
Real applications and saved resumes require an authenticated session. Demo data stays separate from account-backed data.
The resume table is designed around one owner per row, and API routes write the authenticated user id before saving.
The Supabase service role is only used from server code for trusted operations like Stripe webhooks. It is never shipped to the browser.
When you paste a job URL, Res.Me reads public job pages and rejects internal, loopback, and cloud-metadata addresses.
Each card maps to a real boundary in the app: account access, storage, AI processing, payments, or data rights.
Real applications and saved resumes require an authenticated session. Demo data stays separate from account-backed data.
The resume table is designed around one owner per row, and API routes write the authenticated user id before saving.
The Supabase service role is only used from server code for trusted operations like Stripe webhooks. It is never shipped to the browser.
When you paste a job URL, Res.Me reads public job pages and rejects internal, loopback, and cloud-metadata addresses.
PDF generation runs through our document pipeline instead of handing resume content to a third-party conversion API.
Checkout happens through Stripe. Res.Me stores credit balances and payment status, not your raw card details.
Google or LinkedIn sign-in keeps your password outside Res.Me. You can revoke access from the identity provider.
Account settings include controls to remove saved profiles, resumes, generated documents, and feedback history.
A good security page should make the data path visible. Res.Me keeps the flow narrow: upload, tailor, review, control.
Your resume is parsed into a structured profile and stored under your account boundary.
Only the resume and job context needed for the requested run is sent through the tailoring pipeline.
Specialist agent notes are stored with the application so you can inspect why a change was made.
You can export, correct, or erase account data through settings or a GDPR data request.
Res.Me is not claiming zero-knowledge or end-to-end encryption. The server must read your resume to parse, tailor, and compile it.
We do not display SOC 2 or ISO badges until those audits exist. The page describes current product controls.
AI providers are used to process the run you request. Res.Me does not sell resume data or use it to train its own models.
Request access, export, correction, restriction, objection, or erasure. We respond to GDPR data requests within one month.