Privacy Policy
Last Updated: February 15, 2026
Effective Date: February 15, 2026
True Match AI ("we," "our," or "us") operates the True Match AI platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.
1. INFORMATION WE COLLECT
1.1 Information You Provide
Account Information:
- Email address
- Password (hashed with bcrypt)
- Full name
- Date of birth
- Location (city, state, country, pincode)
- Google OAuth profile (if using Google Sign-In)
Resume and Job Description Data:
- Resume files (PDF or text)
- Job description files (PDF or text)
- Extracted text from uploaded documents
- Resume content, work experience, skills, education, certifications, projects, achievements
Generated Content:
- Resume analyses and insights
- JD-Resume match scores and reports
- ATS compliance assessments
- Cover letters
- Professional summaries
- Resume alignments
- Skill gap analyses
- Best resume finder results
Payment Information:
- Transaction IDs
- Payment amounts
- Payment methods (UPI or PayPal)
- Credit purchase history
Communication Data:
- Contact form messages
- Support requests
- Feedback
Security Information:
- Password recovery questions and answers (encrypted)
- Password reset tokens
- Authentication tokens (JWT)
1.2 Automatically Collected Information
Usage Data:
- Feature usage
- Timestamps
- Credit usage history
- File upload/download activity
Technical Data:
- IP address
- Browser type and version
- Device information
- Operating system
- Access times and dates
- Referral URLs
Session Data:
- Authentication tokens
- Session timestamps
- Login/logout activity
2. HOW WE USE YOUR INFORMATION
We use collected information to:
Service Delivery:
- Provide resume analysis, matching, and optimization
- Generate cover letters, professional summaries, and aligned resumes
- Process payments and manage credits
- Store and retrieve your documents and analyses
Account Management:
- Create and manage accounts
- Authenticate users
- Process password resets
- Send service-related communications
Improvement and Analytics:
- Improve the Service
- Analyze usage patterns
- Troubleshoot issues
- Develop new features
Security and Compliance:
- Prevent fraud and abuse
- Enforce Terms of Service
- Comply with legal obligations
- Protect rights and safety
Communication:
- Respond to inquiries
- Send notifications
- Provide customer support
- Send administrative messages
3. DATA STORAGE AND SECURITY
3.1 Data Storage
Your data is stored in:
- Supabase (PostgreSQL) for structured data
- Qdrant vector database for resume embeddings and search
- Hugging Face Spaces for AI processing
3.2 Security Measures
We implement:
- Password hashing (bcrypt)
- JWT-based authentication with time-based expiration
- Encrypted connections (HTTPS/TLS)
- Access controls and authentication
- Regular security reviews
- Secure API endpoints
Note: No system is 100% secure. We cannot guarantee absolute security.
3.3 Data Retention
- Active accounts: Data retained while your account is active
- Deleted accounts: Data deleted per Section 7, with some data retained in backup tables for compliance/audit
- Payment records: Retained as required by law
- Contact messages: Retained until deletion is requested
4. THIRD-PARTY SERVICES AND DATA SHARING
4.1 Third-Party Service Providers
We use:
Supabase (Database):
- Stores user data, files, analyses, and payment information
- Privacy Policy: https://supabase.com/privacy
Google (OAuth Authentication):
- Google Sign-In authentication
- Privacy Policy: https://policies.google.com/privacy
PayPal (Payment Processing):
- Processes credit purchases
- Privacy Policy: https://www.paypal.com/us/webapps/mpp/ua/privacy-full
UPI Payment Providers:
- Processes UPI payments (India)
- Subject to provider privacy policies
Hugging Face (AI Processing):
- Private LLM endpoints for resume analysis and generation
- Privacy Policy: https://huggingface.co/privacy
Qdrant (Vector Database):
- Stores resume embeddings for search functionality
- Privacy Policy: https://qdrant.tech/privacy-policy
Telegram (Notifications):
- Sends admin notifications for contact messages and payments
- Privacy Policy: https://telegram.org/privacy
4.2 Data Sharing
We do not sell your personal information. We may share data:
- With service providers (as above)
- To comply with legal obligations
- To protect rights, property, or safety
- In connection with a business transfer (merger, acquisition, etc.)
- With your consent
4.3 International Data Transfers
Your data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place.
5. YOUR RIGHTS AND CHOICES
5.1 Access and Portability
- Access your personal data
- Request a copy of your data
- Export your data in a portable format
5.2 Correction and Updates
- Update account information
- Correct inaccurate data
- Modify uploaded files
5.3 Deletion
- Delete your account
- Delete specific files or analyses
- Request deletion of personal data
To delete your account:
- Use the account deletion feature, or
- Contact us through our Contact Us page
Note: Some data may be retained in backup tables for compliance/audit, or as required by law.
5.4 Data Processing Controls
- Withdraw consent (where applicable)
- Object to processing
- Request restriction of processing
5.5 Credit and Payment Information
- View credit balance and history
- Access payment history
- Request payment-related information
6. COOKIES AND TRACKING TECHNOLOGIES
We use:
- Authentication tokens (JWT) stored server-side
- Session management for login state
- Technical cookies for functionality
We do not use:
- Advertising cookies
- Third-party tracking cookies
- Analytics cookies (unless explicitly stated)
You can control cookies through your browser settings.
7. DATA DELETION AND RETENTION
7.1 Account Deletion
When you delete your account, we delete:
- Account information (moved to backup tables for compliance)
- Uploaded files and contents
- Generated analyses, matches, and alignments
- Cover letters and professional summaries
- Vector store embeddings
- Active sessions and authentication tokens
- Password recovery information
7.2 Retained Data
We may retain:
- Payment records (as required by law)
- Deleted user information in backup tables (for compliance/audit)
- Credit history in backup tables
- Contact messages (until deletion is requested)
- Data required for legal compliance
7.3 Automatic Deletion
- Authentication tokens expire after 60 minutes of inactivity
- Expired tokens are automatically removed
- Password reset tokens expire after a set period
8. CHILDREN'S PRIVACY
The Service is not intended for users under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately.
9. CALIFORNIA PRIVACY RIGHTS (CCPA)
If you are a California resident, you have:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale (we do not sell personal information)
- Right to non-discrimination
To exercise these rights, please visit our Contact Us page.
10. EUROPEAN PRIVACY RIGHTS (GDPR)
If you are in the EEA/UK, you have:
- Right of access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making
To exercise these rights, please visit our Contact Us page.
Legal Basis for Processing:
- Performance of contract
- Legitimate interests
- Consent
- Legal obligations
11. DATA BREACH NOTIFICATION
In the event of a data breach that may affect your personal information, we will:
- Investigate promptly
- Notify affected users as required by law
- Provide details about the breach and steps taken
- Offer guidance on protective measures
12. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy. We will:
- Post the updated policy on this page
- Update the "Last Updated" date
- Notify you of material changes via email or notice
Continued use after changes constitutes acceptance.
13. CONTACT INFORMATION
True Match AI
Contact: Contact Us
Data Protection Officer:
[If applicable, provide DPO contact information]
For Privacy Inquiries:
Please visit our Contact Us page and mention "Privacy Policy Inquiry" in your message.
14. ADDITIONAL INFORMATION
14.1 File Upload Limits
- Maximum file size: 25MB per file
- Maximum upload capacity: 10 files per user
- Supported formats: PDF, plain text
14.2 Credit System
- Credits are non-refundable once used
- Credits do not expire
- Credit usage is logged for transparency
14.3 AI Processing
- AI models process your documents to generate analyses
- Processing occurs on private LLM endpoints
- Your data is not used to train public AI models
- Generated content is based solely on your provided information
14.4 Vector Store
- Resume embeddings are stored in Qdrant for search functionality
- You can remove files from the vector store at any time
- Vector embeddings are deleted when files are deleted
15. CONSENT AND ACKNOWLEDGMENT
By using the Service, you acknowledge:
- You have read and understood this Privacy Policy
- You consent to the collection, use, and disclosure of your information as described
- You are at least 18 years old
- You have the authority to provide the information you submit
16. DISPUTE RESOLUTION
Disputes related to privacy will be resolved through:
- Direct communication with our support team
- Applicable laws and regulations
- Alternative dispute resolution mechanisms, if applicable
END OF PRIVACY POLICY
Document Version: 1.0
Last Reviewed: February 15, 2026
Next Review Date: February 15, 2027