Our Technology Blog Pricing FAQ Support

TalentTuner Security and Privacy Practices

Effective Date: July 16, 2025

1. Introduction

At TalentTuner, we understand that your resume contains personal and professional information that requires protection. This document outlines our security and privacy practices designed to safeguard your data while using our resume optimization platform.

As an unincorporated platform operated by an individual owner based in Toronto, Canada, we've implemented security measures proportionate to our size while maintaining professional standards for data protection.

This document supplements our Privacy Policy and Terms of Service to provide greater transparency about how we protect your information.

2. Data Storage and Infrastructure

2.1 Infrastructure Overview

TalentTuner's technical architecture consists of:

  • Frontend: HTML, JavaScript, and CSS served via secure connections
  • Backend: Python Flask API hosted on Railway.app
  • Database: Firebase Firestore for structured data storage
  • File Storage: Firebase Storage for resume file uploads
  • Authentication: Firebase Authentication for secure user account management
  • Payment Processing: Stripe for subscription management

2.2 Data Storage Locations

Your data is primarily stored in the following locations:

  • User account information: Firebase Authentication and Firestore (US-based Google Cloud servers)
  • Resume files: Firebase Storage (US-based Google Cloud servers)
  • Analysis results: Firebase Firestore (US-based Google Cloud servers)
  • Payment information: Stripe servers (not stored directly on TalentTuner infrastructure)

2.3 Data Isolation

We maintain separation of concerns in our data architecture: - User authentication data is kept separate from resume content - Payment processing is handled entirely by Stripe, minimizing our exposure to financial data - Different user accounts have logically isolated data within Firestore

3. Data Security Measures

3.1 Encryption

TalentTuner implements encryption to protect your data:

  • Data in transit: All communication with TalentTuner is secured using TLS (HTTPS)
  • Data at rest: Firebase Storage and Firestore provide encryption at rest for stored data
  • Authentication: Firebase Authentication handles credential encryption and secure token management

3.2 Access Controls

We implement strict access controls to protect your information:

  • User authentication: Email/password or Google authentication via Firebase Authentication
  • Database security rules: Firestore security rules ensure users can only access their own data
  • Admin access: Limited to the platform owner with multi-factor authentication
  • Third-party access: Limited to necessary service providers (Firebase, OpenAI, Stripe)

3.3 Secure Development Practices

Our development process incorporates:

  • Regular code reviews for security issues
  • Input validation to prevent injection attacks
  • Protection against common web vulnerabilities (XSS, CSRF)
  • Secure handling of API keys and credentials using environment variables
  • Regular updates to dependencies to address security vulnerabilities

4. Personal Data Protection

4.1 Data Minimization

TalentTuner follows data minimization principles:

  • We collect only information necessary to provide our services
  • Resume parsing extracts relevant information without storing unnecessary personal details
  • Analytics data is limited to what's needed for service improvement
  • We avoid collecting sensitive categories of personal data

4.2 Resume Content Handling

Your resume content receives special handling:

  • Full resume text is processed for analysis but only relevant extracted data is stored long-term
  • Resume files are stored in secure Firebase Storage
  • AI processing via OpenAI is conducted with appropriate safeguards
  • We implement technical measures to prevent unauthorized access to resume content

4.3 Retention and Deletion

Our retention practices include:

  • Resume data is retained as long as your account is active
  • You can request deletion of specific analyses at any time
  • Account deletion results in removal of your personal data
  • Anonymized analytics data may be retained for longer periods
  • Backup data is managed with appropriate security controls

5. AI Processing Safeguards

TalentTuner uses AI technologies including OpenAI's API for resume analysis. We implement specific safeguards for this processing:

5.1 Data Transmission to AI Services

  • Resume data is transmitted to OpenAI via secure, encrypted connections
  • We send only the information necessary for analysis
  • Personally identifiable information is minimized in AI processing requests

5.2 AI Output Protection

  • AI-generated recommendations and analysis results are stored securely in our database
  • Access to these insights is restricted to the user who submitted the resume
  • We do not use your specific resume content to train our own AI models

5.3 Third-Party AI Terms Compliance

  • Our use of OpenAI complies with their data usage policies
  • We regularly review changes to their terms of service to ensure ongoing compliance
  • We select AI service providers with appropriate security and privacy standards

6. Incident Response

6.1 Security Incident Handling

In the event of a security incident:

  • We have procedures to identify, contain, and remediate security breaches
  • We will notify affected users in accordance with applicable laws
  • We will work to restore secure operations as quickly as possible
  • We will conduct post-incident analysis to prevent similar issues

6.2 Notification Procedures

If a security incident occurs that affects your personal data:

  • We will notify you via your registered email address
  • The notification will include details about the nature of the breach, data affected, and steps taken
  • We will provide guidance on any actions you should take
  • We will comply with applicable breach notification regulations

7. Compliance Approach

7.1 Regulatory Framework

TalentTuner is designed to operate in alignment with:

  • Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)
  • California Consumer Privacy Act (CCPA) for California users
  • General principles of the EU General Data Protection Regulation (GDPR)

7.2 Privacy by Design

Our development approach incorporates privacy by design principles:

  • Privacy considerations are integrated into product development from the outset
  • Default settings favor privacy protection
  • Privacy is embedded into the design, not added as an afterthought
  • We strive for transparency in our data practices

7.3 Third-Party Service Provider Management

For the service providers we use:

  • We select providers with strong security and privacy practices
  • We review their compliance with relevant regulations
  • We implement appropriate data processing agreements where applicable
  • We regularly review their privacy practices for changes

8. User Controls and Rights

8.1 Access to Your Data

TalentTuner provides you with access to your personal information:

  • You can view your account details in your profile settings
  • Your resume analyses are accessible through your dashboard
  • You can download your reports (Premium feature)

8.2 Data Correction and Deletion

We provide mechanisms for you to control your data:

  • You can update your account information through your profile settings
  • You can delete individual resume analyses from your dashboard
  • You can request complete account deletion by contacting [email protected]

8.3 Privacy Preferences

You can manage certain privacy-related preferences:

  • Email notification settings can be adjusted in your account
  • You can use browser controls to manage cookies and local storage
  • You can opt out of certain analytics tracking through your browser settings

9. Education and Transparency

9.1 Security Best Practices

We encourage users to follow security best practices:

  • Use strong, unique passwords for your TalentTuner account
  • Enable two-factor authentication when available
  • Be cautious about accessing your account on public or shared computers
  • Log out when finished using the service on shared devices
  • Report suspicious activity to [email protected]

9.2 Privacy Documentation

We maintain transparent documentation about our privacy practices:

  • Our Privacy Policy details our data collection and usage
  • Our Cookies Policy explains tracking technologies
  • This Security and Privacy Practices document provides additional technical details
  • Our CCPA Notice addresses California-specific privacy rights

10. Continuous Improvement

TalentTuner is committed to ongoing improvement of our security and privacy practices:

  • We regularly review and update our security measures
  • We monitor for emerging threats and vulnerabilities
  • We adjust our practices based on evolving regulatory requirements
  • We incorporate user feedback to enhance our privacy controls

11. Contact Information

For questions or concerns about our security and privacy practices:

Email: [email protected]
Subject Line: "Security Inquiry" or "Privacy Inquiry"

For urgent security matters, please indicate "URGENT" in your subject line.

By using TalentTuner, you acknowledge that you have read and understood our approach to security and privacy as outlined in this document.

Last updated: July 16, 2025