FeaturesPricingFAQAboutContact
Login & Sign Up Paused

Privacy Policy

Last updated: June 2026

1. Introduction & Scope

Welcome to rbptech ("Company", "we", "our", "us"). We respect your privacy and are deeply committed to protecting your personal data and ensuring transparency regarding how we handle your information. This comprehensive Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our application, or engage with our services (collectively, the "Services"). It applies to all users across the globe.

Please read this privacy notice carefully as it will help you understand what we do with the information that we collect. By accessing or using our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy. If there are any terms in this privacy notice that you do not agree with, please discontinue use of our Services immediately.

2. Information We Collect

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products, participate in activities on the Services, or otherwise contact us. The personal information that we collect depends on the context of your interactions with us and the Services.

  • Identity Data: Includes first name, last name, username, and title.
  • Contact Data: Includes email address, physical address, and telephone numbers.
  • Professional Data: Includes your raw resume data, employment history, educational background, professional certificates, technical skills, target job descriptions, parsed PDFs, and generated cover letters.
  • Financial Data: Includes payment card details. All payment data is collected and processed securely by Stripe. We do not store your full credit card numbers or banking details on our servers.
  • Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data: Includes information about how you use our website and services, such as ATS scoring metrics, compilation history, interaction logs, frequency of use, and feature preferences.
  • Marketing and Communications Data: Includes your preferences in receiving marketing from us and your communication preferences.

3. How We Process Your Information

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with the law. We may also process your information for other purposes with your consent. Specifically, we process your information for the following reasons:

  • To facilitate account creation and authentication: We process your information so you can create and log in to your account securely via our authentication providers (e.g., Supabase).
  • To deliver and facilitate delivery of services: We process your Professional Data to generate ATS-optimized resumes and cover letters. This requires sending specific contextual data to our AI sub-processors (e.g., OpenAI).
  • To process payments and manage orders: We use your Financial and Contact Data to process transactions securely via our payment gateway and manage billing, accounting, and subscription lifecycles.
  • To respond to user inquiries and offer support: We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • To send administrative information: We may process your information to send you details about our products and services, changes to our terms and policies, and other similar essential information.
  • To protect our Services: We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
  • To evaluate and improve our Services: We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, products, marketing, and your experience.

4. Legal Bases for Processing (GDPR & UK GDPR)

If you are located in the European Union (EU) or the United Kingdom (UK), this section applies to you. The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases:

  • Consent: We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
  • Performance of a Contract: We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
  • Legitimate Interests: We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests, provided those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for diagnosing technical issues or improving our platform.
  • Legal Obligations: We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

5. Data Sharing and Sub-Processors

We only share information with the following categories of third parties to facilitate our Services. We have entered into data processing agreements with these vendors to ensure they protect your personal data:

  • Cloud Computing Services: We use Supabase to securely store your user profiles, generated documents, and authentication data in encrypted PostgreSQL databases and S3-compatible storage buckets.
  • AI and Machine Learning Processors: We utilize OpenAI's API to perform the semantic matching, structuring, and tailoring of your resume data. Crucially, data sent to OpenAI via their API is strictly governed by their enterprise data privacy agreements. Your personal data is NOT used to train their global foundational models.
  • Payment Processors: We use Stripe to handle all financial transactions securely. Stripe adheres to strict PCI-DSS standards.
  • Analytics Providers: We may use analytics services (such as Google Analytics or Vercel Web Analytics) to monitor and analyze the use of our Service, helping us understand user behavior and optimize performance.
  • Legal and Regulatory Authorities: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.

6. Data Retention and Deletion

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

You retain the absolute right to delete your data at any time. When you select "Delete Account" or "Delete Document" within the rbptech dashboard, we hard-delete the corresponding data rows from our Supabase databases and permanently remove associated files from our storage buckets. No residual copies are kept beyond standard rolling encrypted database backups, which are automatically destroyed after a maximum period of 30 days. Once deleted, your professional data cannot be recovered.

7. International Data Transfers

We are globally distributed, and our servers may be located in various jurisdictions including the United States and Europe. If you are accessing our Services from outside these regions, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information.

If you are a resident in the European Economic Area (EEA) or United Kingdom (UK), then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law, including implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and with our third-party providers.

8. Security of Your Information

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. For example, all data transmission is encrypted using Transport Layer Security (TLS/SSL) technology, and our databases utilize row-level security (RLS) to strictly isolate user data. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

9. Policy Regarding Children

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

10. Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

11. Privacy Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you are granted specific rights regarding access to your personal information under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You have the right to request the correction of inaccurate personal information we hold about you.
  • Right to Opt-Out: We do not sell your personal information. However, if we ever engage in the "sharing" of personal information for cross-context behavioral advertising, you have the right to opt-out.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

12. Cookies and Tracking Technologies

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information, remember your authentication session, and analyze platform traffic. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice. Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies.

13. State-Specific Privacy Rights (VCDPA, CPA, CTDPA, UCPA, Nevada)

In addition to California, residents of specific US states have specific rights regarding their personal data under their respective comprehensive state privacy laws. This includes the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA).

  • Right to Access: You have the right to confirm whether we are processing your personal data and to access such personal data.
  • Right to Correction: You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of processing.
  • Right to Deletion: You have the right to delete personal data provided by or obtained about you.
  • Right to Data Portability: You have the right to obtain a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format.
  • Right to Opt-Out: You have the right to opt-out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

Nevada Residents: Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. We do not currently sell personal data as defined under Nevada law.

14. Exercising Data Subject Rights

To exercise any of your privacy rights described above, please submit a verifiable consumer request to us by contacting our Data Protection Officer using the contact information below. Only you, or a person registered with the appropriate state authority that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request. We aim to respond to verifiable consumer requests within 45 days of receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing.

15. Automated Decision-Making and AI Profiling

Our core services utilize artificial intelligence and machine learning algorithms to evaluate your input data (resume and job description) to generate highly tailored output (cover letters, optimized resumes). While this involves automated processing of your Professional Data, we do NOT engage in "Automated Decision-Making" or "Profiling" that produces legal or similarly significant effects concerning you (such as automatically approving or denying credit, housing, or employment). Our AI acts solely as an drafting assistant under your direct control. You are responsible for reviewing and authorizing all AI-generated content before using it for employment applications.

16. Information Collected from Other Sources

We may obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms (such as LinkedIn, if you choose to integrate or authenticate via those platforms in the future), as well as from other third parties. Examples of the information we receive from other sources include social media profile information; marketing leads and search results and links, including paid listings (such as sponsored links).

17. Aggregated and De-Identified Data

We may aggregate or de-identify the information described above. Aggregated or de-identified data is not subject to this Privacy Policy. We may use such aggregated or de-identified data for any purpose, including for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors.

18. Business Transfers and M&A Activity

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. If we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

19. Security Breach Notification

In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

20. Third-Party Payment Processing Data

When you purchase a subscription or credits, your payment is processed directly by our third-party payment processor, Stripe. We do not collect, process, or store your full credit card numbers, expiration dates, or CVV codes. Stripe’s use of your personal information is governed by their independent privacy policy. We only receive secure payment tokens and basic billing data (such as your zip code and the last four digits of your card) to fulfill your orders and manage subscriptions.

21. Telemetry and Crash Reporting

To ensure the stability and reliability of our platform, we utilize automated telemetry and crash reporting services (such as Sentry or Datadog). If the application crashes or encounters an error, these services automatically collect diagnostic data, which may include your IP address, browser type, device type, operating system version, the specific sequence of actions leading to the crash, and non-sensitive application state data. This data is strictly used for debugging and improving the stability of our Services.

22. Internal Research and Development

We may use your personal data, specifically your usage patterns and feature adoption rates, for our internal research and development purposes. This helps us understand which features are most valuable to our users and guides our future product roadmap. This processing is based on our legitimate interest in improving and innovating our product offerings.

23. Vendor Management and Auditing

We enforce strict data processing agreements with all our third-party vendors and sub-processors. These agreements mandate that our vendors implement robust security measures and process your personal data solely according to our documented instructions. We reserve the right to audit our vendors' security compliance to ensure your data remains protected throughout the entire supply chain.

24. Biometric Data Disclaimer

We do not collect, process, or store any biometric data (such as fingerprints, facial recognition scans, or voiceprints) under any circumstances. If any future feature requires biometric verification, we will obtain your explicit, written, opt-in consent prior to any collection, in strict compliance with the Illinois Biometric Information Privacy Act (BIPA) and other applicable biometric privacy laws.

25. Updates to this Policy

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

26. Contact Information

If you have questions or comments about this notice, you may email our Data Protection Officer (DPO) at kairosounds.01@gmail.com or by post to:

rbptech Legal Department
Johannesburg, Gauteng
South Africa