Last Updated: 09 December 2025
Xinnovation (“Company,” “we,” “us,” or “our”) operates the Xresume service (the “Service”). This Privacy Policy explains how we collect, use, disclose, and otherwise process personal data, and what rights and choices individuals have with respect to their personal data.
Please read this Privacy Policy carefully. By accessing or using Xresume, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with our privacy practices, please do not use Xresume.
We collect personal data in various ways, including when you voluntarily provide it to us, when third parties provide it to us, and when it is automatically collected through your use of Xresume.
Account Registration: When you sign up for Xresume, we collect your name, email address, password, company name, job title, phone number, and other account profile information you choose to provide.
Billing Information: When you make a purchase through Paddle, we collect billing address, phone number, and payment method information. Note: Credit card information is collected and processed by Paddle (our Merchant of Record), not by Xinnovation. Paddle is PCI DSS compliant and handles all payment processing securely.
User Content: Any resumes, candidate information, notes, comments, documents, or other content you upload, create, or store within Xresume (“User Content”).
Communication: When you contact us via email, chat, support forms, or other communication channels, we collect the content of your communications, including any personal data you choose to share.
Survey and Feedback: If you participate in surveys, feedback forms, or customer research, we collect your responses and any personal data you provide.
Device Information: We automatically collect information about the devices you use to access Xresume, including device type, operating system, device identifiers, mobile network information, and browser type.
Usage Information: We collect information about how you interact with Xresume, including features used, actions taken, time and duration of activities, links clicked, searches performed, and pages viewed.
Location Information: We may collect approximate location data based on IP address. We do not collect precise GPS location data unless you expressly consent.
Cookies and Tracking Technologies: We use cookies, pixels, and similar tracking technologies to recognize you, remember your preferences, understand usage patterns, and improve Xresume. You can control cookie preferences through your browser settings.
Log Data: Our servers automatically record information about your access to Xresume, including IP address, access times, pages visited, and referral sources.
Integration Partners: If you integrate Xresume with third-party services (such as email providers, calendar services, or HR platforms), we may receive information from those services with your consent.
Social Media: If you log in to Xresume using social media credentials (e.g., Google, LinkedIn), we collect the information provided by those social media platforms based on your privacy settings.
Third-Party Data Sources: We may obtain personal data about you from third-party data providers, public databases, or other legitimate sources to enhance our service and prevent fraud.
Under GDPR and other data protection laws, we process your personal data based on the following legal bases:
Performance of Contract: We process your personal data to provide Xresume, fulfill your orders, and deliver the services you’ve requested.
Legitimate Interests: We process your personal data for legitimate business purposes, including:
Improving Xresume’s functionality, security, and performance
Analyzing usage patterns to enhance user experience
Preventing fraud, abuse, and security threats
Conducting research and analytics
Marketing and promotional activities (where permitted by law)
Consent: Where required by law, we obtain your explicit consent before processing certain personal data (e.g., for marketing communications, non-essential cookies).
Legal Obligation: We process personal data when required by law, such as tax compliance, legal proceedings, or regulatory requirements.
Vital Interests: We may process personal data to protect the vital interests of individuals or the public.
We use the personal data we collect for the following purposes:
Service Provision: Providing, maintaining, improving, and personalizing Xresume; creating and managing your account; processing transactions and sending transaction-related communications.
Customer Support: Responding to your inquiries, providing technical support, troubleshooting issues, and resolving disputes.
Communication: Sending service-related announcements, updates, security alerts, and administrative messages; communicating about changes to Xresume or this Privacy Policy.
Marketing: Sending marketing emails, promotional materials, and product updates (only to users who have opted in or where permitted by law); conducting surveys and gathering feedback; personalizing content based on your interests.
Analytics and Improvement: Analyzing usage patterns, conducting research, and generating statistics to improve Xresume’s features, functionality, performance, and security.
Security and Fraud Prevention: Monitoring for unauthorized access, fraud, abuse, and security threats; investigating violations of our Terms and Conditions; implementing security measures; and complying with legal obligations.
Legal Compliance: Complying with applicable laws, regulations, legal processes, and governmental requests; protecting our legal rights and the rights of others.
We do not sell your personal data to third parties. However, we may share your personal data in the following circumstances:
We share personal data with third-party service providers who process data on our behalf, including:
Paddle: Our Merchant of Record for payment processing, invoicing, and tax compliance
Email Service Providers: For sending communications on our behalf
Cloud Infrastructure Providers: For hosting and storing data
Analytics Providers: For understanding usage and improving Xresume
Customer Support Tools: For managing support tickets and communications
Security Providers: For fraud detection, threat prevention, and cybersecurity services
All service providers are contractually obligated to use your personal data only as necessary to provide services to us and must comply with applicable data protection laws.
We may disclose personal data when required by law, court order, government request, or to protect our legal rights, including:
Responding to lawful requests from public authorities
Complying with tax, legal, or regulatory obligations
Protecting against fraud, security threats, or criminal activity
Enforcing our Terms and Conditions and other agreements
If Xinnovation is involved in a merger, acquisition, bankruptcy, dissolution, restructuring, or similar transaction, your personal data may be transferred as part of that transaction. We will provide notice before your personal data becomes subject to a different privacy policy.
We may share your personal data with third parties when you explicitly consent to such sharing (e.g., integrating with third-party services, participating in research).
We may share aggregated, anonymized data that does not identify you personally with third parties for marketing, analytics, research, and other purposes.
We retain your personal data for as long as necessary to provide Xresume, fulfill the purposes outlined in this Privacy Policy, and comply with legal obligations.
Account Data: If you maintain an active account, we retain your account information while your account is active and for a reasonable period after account closure to comply with legal and business obligations.
User Content: Any resumes, candidate information, or other content you upload is retained as long as you maintain your account or as long as necessary to provide the Service.
Transaction Records: We retain transaction and payment records for the period required by law (typically 3-7 years for tax and accounting purposes).
Marketing Data: If you unsubscribe from marketing communications, we retain minimal information (email address) to honor your unsubscribe request.
Log Data and Analytics: We retain server logs and analytics data for 90 days for security and performance monitoring purposes, then delete or anonymize it.
You can request deletion of your account and associated data by contacting us at the address below. However, some data may be retained due to legal obligations or legitimate business needs.
Depending on your location, you may have the following rights regarding your personal data:
If you are located in the European Union, European Economic Area, or United Kingdom, you have the following rights:
Right of Access: You have the right to request confirmation of whether we process your personal data and to obtain a copy of your personal data in a structured, commonly used, and machine-readable format.
Right to Rectification: You have the right to request correction of inaccurate, incomplete, or outdated personal data.
Right to Erasure (“Right to Be Forgotten”): You have the right to request deletion of your personal data, subject to certain exceptions (e.g., legal obligations, fraud prevention).
Right to Restrict Processing: You have the right to request restriction of processing of your personal data under certain circumstances.
Right to Data Portability: You have the right to receive your personal data in a portable format and transmit it to another service provider.
Right to Object: You have the right to object to processing of your personal data for marketing purposes or based on legitimate interests.
Right to Withdraw Consent: If processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
Rights Related to Automated Decision-Making: You have rights regarding automated decision-making and profiling that significantly affects you.
If you are a California resident, you have the following rights:
Right to Know: The right to request what personal information Xinnovation collects, uses, shares, and sells.
Right to Delete: The right to request deletion of personal information collected from you, subject to certain exceptions.
Right to Correct: The right to request correction of inaccurate personal information.
Right to Opt-Out: The right to opt out of the sale or sharing of your personal information (note: Xinnovation does not sell personal information).
Right to Limit: The right to limit use of your sensitive personal information.
Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights.
If you are located in other jurisdictions with privacy laws (e.g., India’s DISHA, Brazil’s LGPD, Canada’s PIPEDA), you may have similar rights. Please contact us to understand your specific rights.
To exercise any of your privacy rights, please contact us at:
Email: [email protected]
Mailing Address: Please include “Privacy Request” in the subject line
When you submit a request, we will verify your identity to protect your privacy and security. We will respond to your request within 30 days (or as required by applicable law). If we cannot fulfill your request, we will explain the reason.
You also have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.
We implement comprehensive technical, organizational, and physical safeguards to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption: We use industry-standard encryption (TLS/SSL) to protect personal data in transit between your device and our servers. Sensitive data is encrypted at rest.
Access Controls: We implement role-based access controls, multi-factor authentication, and employee training to restrict access to personal data to authorized personnel only.
Regular Security Audits: We conduct regular security assessments, penetration testing, and audits to identify and remediate vulnerabilities.
Secure Development: We follow secure coding practices and conduct security testing before deploying code to production.
Incident Response: We maintain an incident response plan to detect, respond to, and remediate security incidents. In the event of a data breach, we will notify affected individuals and authorities as required by law.
Payment Security: Payment information is processed exclusively through Paddle, which is PCI DSS compliant. Xinnovation does not store, process, or transmit credit card data.
However, no security measure is 100% secure. We cannot guarantee absolute security of your personal data. You are responsible for maintaining the confidentiality of your account credentials.
Your personal data may be transferred to, stored in, and processed in countries outside your country of residence, including the United States and other countries where Xinnovation operates.
These countries may not have the same data protection laws as your country of origin. By using Xresume, you consent to the transfer of your personal data to countries outside your country of residence.
For GDPR Compliance: Where required by law, we implement appropriate safeguards for international data transfers, including:
Standard contractual clauses approved by the European Commission
Binding corporate rules
Your explicit consent to international transfer
Xresume may contain links to third-party websites, applications, and services that are not operated by Xinnovation. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices.
If you integrate Xresume with third-party services, that third party’s privacy policy and terms of service will apply to your data shared with them. We recommend reviewing the privacy policies of any third-party services before connecting them to Xresume.
Xresume is not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children under 13.
If we become aware that we have collected personal data from a child under 13 without parental consent, we will delete such data promptly. If you believe we have collected personal data from a child under 13, please contact us immediately.
California Residents: Under California Civil Code Section 1798.83, California residents have the right to request information about the types of personal information Xinnovation shares with third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].
We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you by email or by posting a revised version on our website with an updated “Last Updated” date.
Your continued use of Xresume following notification of changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Email: [email protected]
Website: xresume.ai
Company: Xinnovation
Service: Xresume
For EU Residents: If you are in the European Union and wish to contact our Data Protection Officer or need additional information about GDPR compliance, please include “GDPR” in your subject line.