ZapResume AI
How It Works Features Pricing FAQ About Contact Web App
Get started on WhatsApp
Legal

Privacy Policy

Last updated: 13 March 2026 · GDPR Compliant · Berlin, Germany

ZapResume AI ("we", "us", "our") is committed to protecting your personal data and complying with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). This Privacy Policy explains what data we collect, how we use it, and what rights you have.

1. Who We Are

ZapResume AI is operated by Sai Sanjay Golla, based in Berlin, Germany. For any privacy-related enquiries, contact: support@zaptalent.de.

2. What Data We Collect

2.1 WhatsApp Bot Users

  • Phone number: Provided automatically via WhatsApp / Meta.
  • Resume file: The PDF or DOCX document you send to the bot for processing.
  • Name, email, phone, and location: Optional fields you provide during the bot flow. These appear in your cover letter header.
  • Job link or job description text: The posting you provide for analysis.
  • Session state: Your current step, invalid input count, and whether you have been welcomed — stored in our database.
  • Usage data: The number of analyses you have performed (rate limiting).

2.2 Web App Users

  • Account data: Username, email address, and hashed password (or Google OAuth token).
  • Resume files: Uploaded PDF or DOCX files stored in our file system.
  • Job descriptions: Text or links you provide in the web app.
  • Analysis results: ATS scores and suggestions stored in our database.
  • Generated documents: Optimised resumes and cover letters stored temporarily.

2.3 Contact Form

  • Name, email address, subject, and message body submitted via our contact form.

3. Why We Collect Your Data

  • To provide the service: Process your resume, extract job requirements, calculate ATS scores, generate resume improvements, and create tailored cover letters.
  • To manage your session: Track your progress through the WhatsApp bot flow and prevent duplicate processing.
  • To enforce rate limits: Ensure fair usage of the free tier.
  • To respond to enquiries: Reply to contact form submissions.
  • To improve the service: Aggregate, anonymised usage patterns (no personal data) to improve the product.

Legal basis: Processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR) and for the performance of the service you have requested (Art. 6(1)(b) GDPR).

4. Data Processors

We use the following third-party services to deliver our product. All processors are under data processing agreements where required by law:

  • OpenAI, Inc. — Used for resume analysis, bullet rewriting, and cover letter generation. Resume and job description text is sent to OpenAI's API for processing. See OpenAI Privacy Policy.
  • Meta / WhatsApp Cloud API — The WhatsApp messaging platform and API. See WhatsApp Privacy Policy.
  • Hosting and database provider — Our servers and PostgreSQL database are hosted on Replit (USA). Data is processed in the US with appropriate safeguards.

5. Data Retention

  • WhatsApp sessions: Session state is retained until you send "restart" or until inactive for 7 days, after which it is deleted automatically.
  • Uploaded resume files: Stored temporarily for the duration of your session and up to 30 days after for web app users. Deleted on request.
  • Generated documents: Stored for 30 days for web app users.
  • Account data: Retained for as long as you hold an active account. Deleted within 30 days of a verified deletion request.
  • Contact form messages: Retained only as long as needed to respond to your enquiry.

6. Your GDPR Rights

As a data subject under the GDPR, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Ask us to correct inaccurate data.
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Right to restriction (Art. 18): Ask us to restrict processing of your data.
  • Right to object (Art. 21): Object to our processing of your data.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to lodge a complaint: You may contact the relevant supervisory authority in your EU member state. In Germany: Bundesbeauftragter für den Datenschutz (BfDI).

To exercise any right, email: support@zaptalent.de. We will respond within 30 days.

Self-service data deletion

You can delete all your data immediately without contacting us:

  • WhatsApp users: Send the message delete my data to the bot at any time. Your session, resume content, analysis history, and billing records will be permanently erased within seconds.
  • Web app users: Go to your Dashboard and click Delete Account at the bottom of the page. This immediately and permanently deletes your account, all uploaded resumes, all analyses, and all cover letters.

7. Cookies and Tracking

The ZapResume AI landing website uses only essential session cookies required for the web app to function (login session). We do not use advertising cookies, tracking pixels, or third-party analytics services.

8. Children's Data

Our service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with data, contact us immediately at support@zaptalent.de.

9. Changes to This Policy

We may update this policy from time to time. Changes will be published on this page with an updated date. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For all privacy-related requests: support@zaptalent.de
For general enquiries: info@zaptalent.de

Terms of Service → Impressum →