Privacy Policy

Elemeno Ltd is a company registered in England under company number 15541721. Elemeno Ltd operates the Service under The Resume Parser branding. In this policy, "Elemeno", "The Resume Parser", "we", "us", and "our" mean Elemeno Ltd.

This policy explains how we handle personal data when you visit our website, create an account, use our dashboard or API, contact us, pay for a plan, or submit resumes, CVs, job descriptions, and related content to the Service.

For privacy questions or data rights requests, contact us using the privacy contact details published on our website.

We act as a controller for personal data we use to run our business, including website visitor data, account data, billing records, support messages, security logs, marketing preferences, and product administration data.

We usually act as a processor for personal data contained in Customer Data that you submit to the API or dashboard for resume parsing, including resume files, CV text, job descriptions, parse results, request metadata, and related outputs.

Where we act as a processor, you are responsible for giving individuals the required privacy information, selecting a lawful basis, handling data subject rights, and ensuring your use of the Service complies with UK GDPR, the Data Protection Act 2018, and other applicable laws.

Account and contact data: name, email address, organisation, password or authentication details, team membership, preferences, and communications.

Billing data: plan, invoices, payment status, billing address, tax information, and limited payment metadata. Payment card details are handled by our payment processor and are not stored directly by us.

API and usage data: API key identifiers, request identifiers, timestamps, endpoint usage, credit consumption, error states, rate-limit events, device and browser information, IP address, audit logs, and security events.

Customer Data: resumes, CVs, job descriptions, uploaded files, extracted text, parsed JSON, candidate information, employment history, education history, skills, contact details, addresses, identifiers, and any other personal data included in content you submit.

Support and feedback data: messages, attachments, diagnostics, call notes, and other information you provide when contacting us.

Cookie and analytics data: information described in our Cookie Policy, including essential session data and any optional analytics or preference cookies you allow.

We use account, billing, support, and usage data to provide the Service, authenticate users, manage subscriptions, process payments, respond to requests, prevent abuse, secure the platform, troubleshoot issues, comply with law, and improve reliability.

We use Customer Data to parse resumes, extract structured data, return API responses, display request history, support deletion and export features, investigate failed parses, enforce usage limits, and provide customer support where authorised.

We do not sell personal data. We do not use Customer Data to train public AI models or build candidate profiles for unrelated customers unless you have expressly agreed in writing.

We process account, billing, and service data where necessary to perform a contract with you or your organisation.

We process security, fraud prevention, product improvement, and business administration data where necessary for our legitimate interests, provided those interests are not overridden by individual rights.

We process tax, accounting, sanctions, law enforcement, and regulatory records where necessary to comply with legal obligations.

We process optional marketing and non-essential cookies based on consent where consent is required. You can withdraw consent at any time.

Where we act as your processor for Customer Data, we process that data on your documented instructions and you are responsible for identifying the lawful basis for your processing.

Resumes and CVs may contain personally identifiable data such as names, email addresses, phone numbers, physical addresses, employment history, education history, dates of birth, and identifiers.

You should submit only the data needed for your use case and avoid including special category data, criminal offence data, children's data, financial information, government identifiers, health information, or immigration information unless you have a lawful basis and the submission is necessary.

You should not place personal data or API keys in URLs, query strings, public logs, public repositories, or client-side code.

We share personal data with service providers that help us operate the Service, such as hosting providers, database providers, storage providers, authentication providers, payment processors, email providers, analytics providers, monitoring tools, customer support tools, and professional advisers.

We may share personal data if required by law, court order, regulator request, tax authority request, or to protect rights, security, users, and the public.

If we are involved in a merger, acquisition, financing, restructuring, or sale of business assets, personal data may be disclosed or transferred subject to appropriate confidentiality and data protection safeguards.

Where we use subprocessors for Customer Data, we require appropriate contractual safeguards and remain responsible for their processing where required by UK GDPR.

Some providers may process personal data outside the UK. Where this happens, we use appropriate safeguards such as UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or another lawful transfer mechanism.

Enterprise customers may contact us about available hosting regions, data processing terms, and subprocessor information.

We keep personal data only for as long as needed for the purposes described in this policy, unless a longer period is required by law, contract, dispute resolution, security, audit, tax, or accounting obligations.

Our current documentation states that parse results and input files are retained for 7 days on free tiers and 30 days on paid tiers, API logs and error logs for 90 days, audit logs for 1 year, backups for 30 days, and active account data while the account remains active.

You may delete individual parses or request account deletion through the dashboard or support process. Some residual copies may remain temporarily in backups or logs until normal deletion cycles complete.

We use technical and organisational measures designed to protect personal data, including HTTPS/TLS, encryption at rest for stored files, access controls, API key protections, logging, monitoring, and vulnerability management.

No internet service can be guaranteed completely secure. You are responsible for securing your own systems, API keys, exports, integrations, and access permissions.

If we become aware of a personal data breach affecting data we process for you, we will notify you without undue delay where required by law or an applicable data processing agreement.

Depending on the circumstances, individuals in the UK may have rights to access, correct, erase, restrict, object to processing, request portability, withdraw consent, and complain to a supervisory authority.

Where we act as a controller, you can contact us to exercise your rights. We may need to verify your identity before responding.

Where we act as a processor for Customer Data, we will usually refer requests to the relevant customer or assist the customer according to our data processing agreement.

We may send service messages that are necessary for your account, billing, security, or use of the Service. You cannot opt out of essential service messages while using the Service.

We send marketing emails only where permitted by law. You can unsubscribe from marketing emails using the link in the email or by contacting us.

The Service is intended for business users and is not directed at children. You must not knowingly submit children's personal data unless you have the required authority, lawful basis, and safeguards.

We encourage you to contact us first so we can try to resolve privacy concerns.

You also have the right to complain to the Information Commissioner's Office, the UK data protection regulator. The ICO can be contacted at ico.org.uk or Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom.

We may update this policy as our Service, legal requirements, or processing activities change. If changes are material, we will take reasonable steps to notify active customers.