TheResumeParser
Sign Up

PII Handling

How we handle personally identifiable information

The Resume Parser processes resumes containing PII. Here's how we protect it and how you should manage it.

What PII We Process

Typical resume PII includes:

  • Full names
  • Email addresses
  • Phone numbers
  • Physical addresses
  • Dates of birth
  • Social security numbers (if present)
  • Education history
  • Employment history

Storage Security

In Transit

  • TLS 1.3 encryption
  • No PII in URLs or logs
  • Secure API key transmission

At Rest

  • AES-256 encryption
  • Encrypted database fields
  • Secure file storage (Cloudflare R2)
  • Access logging

Access Controls

Who Accesses PII

You: Full access via API and dashboard Our Systems: Automated processing only Our Staff: No access to production data Third Parties: Never shared

API Key Permissions

Each API key has full access to account data. Create separate keys per application for better control.

PII Minimization

Recommendations

  1. Only collect and parse PII you need
  2. Delete old parse results promptly
  3. Export and store data securely
  4. Implement proper access controls
  5. Encrypt data at rest in your systems

Your Responsibility

  • Store parse results securely
  • Implement proper access controls
  • Comply with relevant regulations
  • Delete data when no longer needed
  • Encrypt data at rest

Compliance Support

GDPR Article 32

We implement:

  • Encryption of personal data
  • Confidentiality measures
  • Availability assurance
  • Regular security testing

CCPA Requirements

  • Clear data collection notice
  • Right to deletion
  • No sale of personal information
  • Opt-out mechanisms

Data Processing Agreement

Enterprise customers can sign a Data Processing Agreement (DPA) covering:

  • Processing purposes
  • Data security measures
  • Subprocessor list
  • Data transfer mechanisms
  • Audit rights

Contact sales for DPA.

Breach Notification

In case of a data breach:

  1. Detection: Immediate investigation
  2. Containment: Isolate affected systems
  3. Assessment: Determine scope and impact
  4. Notification: Users notified within 72 hours
  5. Remediation: Fix and prevent recurrence
  6. Reporting: Regulatory notification as required

Best Practices

For Developers

// Don't log PII
console.log('Parsed resume:', {
  requestId: result.request_id,
  skillCount: result.skills.length
  // Don't include personal_info
})

// Delete after processing
await processResume(result)
await deleteParseRequest(result.request_id)

For Organizations

  • Train staff on PII handling
  • Implement data retention policies
  • Regular security audits
  • Access control reviews
  • Incident response plans

Questions?

Contact privacy@theresumeparser.com for:

  • Privacy policy questions
  • Data processing inquiries
  • Compliance requirements
  • Security concerns