This policy explains what FirstRound collects and how it is used. We've kept the Service deliberately lean: no advertising, no analytics trackers, no data sales.
What we collect
- Without an account: the résumé text you submit is processed in memory to generate your report and is not stored on our servers. The report lives only in your browser (session storage) for that visit and is gone when you close the tab.
- With an account (when accounts are enabled): your email address (to sign you in) and the reports you choose to run, which include the résumé text you submitted and the contact details (such as name and email) extracted from it, saved to our database so you can see your history. Access controls ensure only you can read your reports.
- Payments (when enabled): handled by Stripe. To process a payment we share your email address and an account identifier with Stripe, which creates a customer record; in return we receive a confirmation and your plan/entitlement. We never see or store your full card number.
Cookies & tracking
We use no advertising or analytics cookies and no third-party trackers. Browsing anonymously sets no cookies. When you sign in, a single authentication cookie keeps your session active. That sign-in cookie is strictly necessary to provide the Service and is therefore exempt from consent, so we show no cookie banner. Our fonts are self-hosted, so loading a page does not call out to third-party font servers.
Who processes your data
We rely on a small set of service providers ("subprocessors"):
- Vercel: Website hosting & serverless functions. (privacy policy)
- Supabase: Authentication & database (only when accounts are enabled). (privacy policy)
- Stripe: Payment processing (only when payments are enabled). (privacy policy)
These providers process data in the United States, so if you are outside the US your personal data is transferred there. Where required, we rely on appropriate safeguards (such as the Standard Contractual Clauses) offered by these providers for international transfers.
Legal bases (EU/UK)
If you are in the EU or UK, we process your data to perform our contract with you (running the audit you request and saving your reports), on the basis of our legitimate interest in operating and securing the Service, and, where applicable, to comply with legal obligations. A résumé can contain sensitive information; we use it only to generate your report and do not use it to infer protected characteristics about you.
Retention & deletion
Anonymous submissions are not retained on our servers. Your résumé is processed transiently on our hosting provider (Vercel) to generate the report and is not stored afterward. For account holders, reports are kept until you delete them or close your account; on deletion they are removed from our live database promptly and purged from encrypted backups within 30 days. You can delete any saved report, or your whole account, from your History page, or email pranavongole@gmail.com to have us do it.
Your rights
Depending on where you live (e.g. GDPR/UK GDPR, CCPA/CPRA), you may have rights to access, correct, export, or delete your personal data, to object to or restrict certain processing, and not to be discriminated against for exercising them. To exercise any right, contact pranavongole@gmail.com; we may need to verify your identity, and we'll respond within the time the law allows. If we decline a request, you may appeal by replying to our response. We do not sell or share your personal information for advertising.
Security & breach notification
Data is encrypted in transit, and account data is protected by per-user access controls. We keep limited operational logs (e.g. error events) that may contain account identifiers, retained by our hosting provider for a short period; these do not include your résumé text. No method of transmission or storage is 100% secure, so we can't guarantee absolute security. If a breach does affect your personal data, we will notify you and any regulator as required by law.
Children
The Service is not intended for anyone under 18, and we don't knowingly collect their data.
Changes & contact
We may update this policy; the "last updated" date reflects the latest version. Questions or requests: pranavongole@gmail.com. See also our Terms and Disclaimer.