Back to Home

Privacy Policy

Last Updated: December 29, 2024

1. Introduction

Welcome to HERO.AI ("we," "our," or "us"). HERO.AI stands for Helping Employment for Rescuers and Operators. We are committed to protecting your privacy and handling your personal information with care and respect.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered resume generation and optimization services at heroservices.ai (the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

We understand that as military personnel, veterans, police officers, firefighters, and paramedics, you are entrusting us with sensitive career information. We take this responsibility seriously and are committed to transparency about our data practices.

2. Information We Collect

2.1 Account Information

When you create an account using Google OAuth, we collect:

  • Your name
  • Your email address
  • Your Google profile picture (optional)
  • A unique user identifier from Google

2.2 Resume Data

To provide our AI resume generation service, we collect and process:

  • Personal Information: First name, last name, location (city/state), phone number, email address
  • Military/Service Information: Branch of service, rank, MOS/Rate/Specialty, years of service, duty stations, deployment history
  • Police Information: Department type, rank, certifications, years of service, specialized units
  • Firefighter Information: Department type, rank, certifications, years of service, specialized training
  • Paramedic/EMS Information: Service type, certifications, years of service, specialized skills
  • Work Experience: Job titles, dates of employment, duties and responsibilities, achievements
  • Education: Schools attended, degrees earned, graduation dates, relevant coursework
  • Skills: Technical skills, soft skills, certifications, licenses

2.3 Payment Information

When you make a purchase or subscribe to our services:

  • Payment Processing: All payment information (credit card numbers, billing addresses) is collected and processed directly by Stripe, our payment processor. We never see or store your full credit card information.
  • What We Store: We only store a Stripe customer ID, transaction IDs, purchase amounts, and subscription status.
  • Stripe's Privacy: Stripe's handling of your payment information is governed by their Privacy Policy at stripe.com/privacy

2.4 Job Posting Data (Resume Optimizer)

When you use our Resume Optimizer feature:

  • Job posting URLs you provide
  • Job descriptions you paste
  • Extracted job requirements, skills, and qualifications

2.5 Usage Data

We automatically collect certain information when you use our Service:

  • Pages visited and features used
  • Time and date of visits
  • Browser type and version
  • Device type and operating system
  • IP address (anonymized)
  • Referring website

2.6 Cancellation Feedback

If you cancel a subscription, we may collect:

  • Your satisfaction rating (1-5 stars)
  • Reason for cancellation
  • Optional additional feedback

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide Our Service

  • AI Resume Generation: We send your resume data to OpenAI's API to generate professional, civilian-friendly resume content using artificial intelligence
  • Resume Optimization: We analyze job postings and optimize your resume to match specific job requirements
  • PDF Generation: We create downloadable PDF versions of your resumes
  • Account Management: We maintain your account, save your resumes, and track your subscription status

3.2 To Process Payments

  • Process one-time purchases ($14.99 per resume)
  • Manage subscriptions ($29.99/month optimization, $74.99/month unlimited)
  • Handle refunds and billing disputes
  • Send payment receipts and invoices

3.3 To Communicate With You

  • Send account notifications (purchase confirmations, subscription updates)
  • Respond to your support requests
  • Send important service updates or changes to our Terms or Privacy Policy
  • Provide customer support

3.4 To Improve Our Service

  • Analyze usage patterns to improve our AI algorithms
  • Understand which features are most valuable to users
  • Identify and fix technical issues
  • Develop new features and services

3.5 For Legal and Security Purposes

  • Prevent fraud and abuse
  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect our rights and the rights of our users

4. Information Sharing and Disclosure

We share your information only in the following circumstances:

4.1 Third-Party Service Providers

OpenAI (AI Processing)

  • What We Share: Your resume data (personal info, experience, education, skills) and job posting data
  • Purpose: To generate AI-powered resume content and optimize resumes for specific jobs
  • Data Retention: OpenAI may temporarily cache data for up to 30 days for abuse monitoring, but does not use your data to train their models (per their API terms)
  • Privacy Policy: openai.com/policies/privacy-policy

Stripe (Payment Processing)

  • What We Share: Your name, email, and purchase/subscription information
  • Purpose: To process payments, manage subscriptions, and handle refunds
  • Data Retention: Stripe retains payment data per their retention policies and legal requirements
  • Privacy Policy: stripe.com/privacy

Supabase (Data Storage)

  • What We Share: All data we collect (stored in our database)
  • Purpose: To store your account information, resumes, and service data
  • Security: Data is encrypted at rest and in transit
  • Location: Data is stored in secure data centers (US region)
  • Privacy Policy: supabase.com/privacy

Google (Authentication)

  • What We Share: Nothing - Google shares your basic profile info with us when you sign in
  • Purpose: To authenticate your identity and create your account
  • Privacy Policy: policies.google.com/privacy

Vercel (Hosting)

  • What We Share: Technical logs and usage data
  • Purpose: To host our website and ensure uptime
  • Privacy Policy: vercel.com/legal/privacy-policy

4.2 What We DO NOT Do

  • We DO NOT sell your data to third parties, data brokers, or advertisers
  • We DO NOT share your resume content with employers, recruiters, or job boards without your explicit consent
  • We DO NOT use your data for marketing to third parties
  • We DO NOT share your military/service information with any government agencies unless legally required

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal process (subpoena, court order, warrant)
  • Government or regulatory requests
  • Protecting our rights, property, or safety
  • Preventing fraud or illegal activity

4.4 Business Transfers

If HERO.AI is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Technical Safeguards

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
  • Encryption at Rest: Your data is encrypted when stored in our Supabase database
  • Secure Authentication: We use Google OAuth 2.0 for secure authentication
  • API Authentication: All API endpoints require authentication to prevent unauthorized access
  • Row-Level Security: Database policies ensure users can only access their own data

5.2 Operational Safeguards

  • Access Controls: Limited employee access to user data (currently founder-only)
  • Monitoring: We monitor for suspicious activity and unauthorized access attempts
  • Regular Updates: We keep our systems and dependencies up to date with security patches

5.3 Important Security Notice

While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the security of your Google account credentials.

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active or as needed to provide you services:

  • Account Information: Retained until you delete your account
  • Purchased Resumes: Retained permanently (you paid for lifetime access)
  • Subscription Resumes: Retained permanently even after subscription ends (you generated them while subscribed)
  • Unpurchased Preview Resumes: Retained for analytics purposes (to track conversion rates)

6.2 Deleted Accounts

When you delete your account:

  • Your personal information and resume data are permanently deleted within 30 days
  • Payment records are retained for 7 years for tax and legal compliance
  • Anonymized usage data may be retained for analytics

6.3 Inactive Accounts

If your account is inactive for 3 years with no purchased resumes, we may delete your account and data after providing 30 days' notice via email.

7. Your Rights and Choices

7.1 Access Your Data

You can access your data at any time by:

  • Logging into your dashboard to view all your resumes
  • Downloading your resumes as PDFs
  • Contacting us at heroservices.ai@gmail.com to request a full data export

7.2 Correct Your Data

You can update your personal information and resume content at any time through your dashboard.

7.3 Delete Your Data

You have the right to request deletion of your data:

  • Contact us at heroservices.ai@gmail.com with subject "Delete My Account"
  • We will delete your account and data within 30 days
  • Note: Payment records must be retained for legal/tax compliance

7.4 Cancel Subscriptions

You can cancel your subscription at any time:

  • Go to your Dashboard → Manage Subscription → Cancel Subscription
  • Your subscription will remain active until the end of your current billing period
  • You will retain access to all resumes generated during your subscription

7.5 Opt Out of Communications

You can opt out of marketing emails (we don't send many!) by:

  • Clicking "Unsubscribe" in any marketing email
  • Contacting us at heroservices.ai@gmail.com
  • Note: You cannot opt out of transactional emails (receipts, account notifications)

7.6 California Residents (CCPA Rights)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect, use, and share
  • Right to delete your personal information
  • Right to opt-out of sale of personal information (we don't sell your data)
  • Right to non-discrimination for exercising your CCPA rights

7.7 European Residents (GDPR Rights)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time

8. Cookies and Tracking Technologies

8.1 What We Use

We use minimal cookies and tracking technologies:

  • Authentication Cookies: To keep you logged in (required for service)
  • Session Cookies: To remember your preferences during your visit
  • Analytics: We may use Vercel Analytics to understand usage patterns (anonymized)

8.2 Third-Party Cookies

  • Google OAuth: Sets cookies for authentication
  • Stripe: May set cookies during payment processing

8.3 Your Choices

You can control cookies through your browser settings. Note that disabling authentication cookies will prevent you from using our Service.

9. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at heroservices.ai@gmail.com, and we will delete such information from our systems.

10. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

By using our Service, you consent to the transfer of your information to the United States and other countries. We ensure that such transfers comply with applicable data protection laws and that your data receives adequate protection.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will notify you via email or prominent notice on our website
  • Your continued use of the Service after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

HERO.AI

Email: heroservices.ai@gmail.com

Website: heroservices.ai

Response Time: We aim to respond within 48 hours

For data deletion requests, please include "Delete My Account" in the subject line. For GDPR or CCPA requests, please include "Privacy Rights Request" in the subject line.

13. Acknowledgment

By using HERO.AI, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Thank You for Your Service

We understand the sacrifices you've made as military personnel, veterans, police officers, firefighters, and paramedics. We are honored to help you transition to your next chapter and are committed to protecting your privacy every step of the way.