Privacy Policy

Effective Date: February 20, 2025

This Privacy Policy governs the manner in which Coco Studios ("we", "us", or "our") collects, uses, maintains, and discloses information collected from users (each, a "User") of the DuckResume mobile application (the "Service"). This policy applies to all versions of the Service, including Android and iOS platforms. By accessing or using the Service, you acknowledge that you have read, understood, and agreed to the practices described herein. If you do not agree with any part of this policy, you must discontinue use of the Service immediately.

1. Information Collection

We collect several types of information to provide and improve our Service, ensure security, and comply with legal obligations. The data we gather falls into the following categories:

Account Information: When you sign in using Google or Apple, we collect your name, email address, and unique user ID for authentication and account identification purposes.
Resume Content: Information you provide when creating resumes, including your name, contact details, work experience, education history, skills, and other professional information.
- Local Storage (Without Sign-In): DuckResume can be used without creating an account. If you use the app without signing in, all resume data is stored locally on your device only. We do not collect, transmit, or have access to any resume content created in offline mode.
- Cloud Storage (With Sign-In): If you choose to sign in with Google or Apple to enable cloud sync, your resume data is transmitted to and stored on our secure servers in encrypted form. This allows you to access your resumes across multiple devices.
We do not scan, analyze, or use your resume content for advertising purposes. Your documents are processed solely to deliver the services you request.
Device Information: We automatically collect technical data such as device type, operating system version, unique device identifiers, IP address (anonymized where feasible), screen resolution, and language preferences to optimize compatibility and performance.
Usage Data: We track interactions with the Service, including features used, screens visited, navigation paths, session duration, error logs, and crash reports. This data is aggregated and anonymized to analyze trends and improve user experience.

Biometric Data: We do not collect biometric identifiers (such as fingerprints or facial recognition data). If you use device-native biometric authentication (Face ID, Touch ID, fingerprint unlock) to access the app, this authentication is handled entirely by your device's operating system and we do not receive or store any biometric data.

2. Methods of Data Collection

Data is collected through multiple channels to ensure comprehensive service delivery:

Direct User Input: Information provided via resume creation, profile customization, and AI content generation features.
OAuth Authentication: When you sign in via Google or Apple, we receive limited profile data (name, email address, user ID) as permitted by their policies and with your consent. We do not access passwords or full account details.
Automated Technologies: Firebase Analytics collects anonymized usage data and crash reports to help us improve app performance.
Third-Party SDKs: Software development kits embedded in our app collect data as described in the Third-Party Services section.

3. Use of Collected Information

We process your data for the following lawful purposes:

Service Operation: To create and manage user accounts, authenticate logins, and enable core functionalities (resume editing, PDF generation).
Cloud Synchronization: If you sign in, to store your resume data on our secure servers (encrypted) and sync it across your devices.
AI Content Generation: To generate resumes, cover letters, professional summaries, and job descriptions using our AI features (see AI Data Processing section).
Personalization: To remember your preferences and provide a customized experience.
Analytics: To understand usage patterns, identify issues, and improve the Service.
Advertising: To display advertisements through Google AdMob.
Communication: To respond to support inquiries and provide customer assistance.
Legal Compliance: To fulfill legal obligations and respond to lawful requests.

4. AI Data Processing

DuckResume includes AI-powered features to assist in creating professional documents, including generating cover letters, creating resumes from brief descriptions, writing professional summaries, and crafting job role descriptions.

When you use these AI features, we process the resume content you have entered (such as work experience, education, and skills), job titles and descriptions you provide, and any text prompts you enter for content generation.

All AI processing is performed exclusively on secure servers owned and operated by Coco Studios. We do not use any third-party AI services, and your data is never transmitted to external AI providers.

AI inputs are processed in real-time and discarded immediately after generating your requested content. We do not store, log, or retain AI processing inputs or outputs beyond your saved resume data. AI processing data is not used to train, improve, or develop AI models. Generated content is only saved when you explicitly choose to save it to your resume.

We do not use fully automated systems (e.g., AI profiling) to make decisions that significantly impact users. AI-generated content (resumes, cover letters, summaries) are suggestions only. You retain full control over your content, and all final decisions remain with you.

5. Disclosure of Information

We adhere to strict confidentiality standards and disclose data only under the following circumstances:

Service Providers: Trusted vendors assisting with authentication (Google, Apple), analytics (Firebase), and advertising (AdMob) may access data under binding contracts that prohibit independent use.
Legal Requirements: We may disclose information if compelled by court orders, government agencies, or to defend against legal claims.
Business Transfers: In the event of a merger, acquisition, or asset sale, user data may transfer to the successor entity, subject to the same privacy commitments.
Safety and Rights: If we believe disclosure is necessary to prevent harm or protect rights, we may share limited data with authorities.
Aggregated Data: We may publish statistical insights that cannot identify individuals.

We do not sell your personal information to third parties.

6. Third-Party Services

We integrate with these external platforms, each governed by their own privacy policies:

Google Sign-In: User authentication. Privacy Policy
Apple Sign-In: User authentication on iOS. Privacy Policy
Firebase: Analytics, crash reporting, cloud storage. Privacy Policy
Google AdMob: Advertisement display. Privacy Policy
Google Play Services: App distribution on Android. Privacy Policy
Apple App Store: App distribution on iOS. Privacy Policy

We vet third parties for privacy compliance but encourage users to review their policies independently.

7. Advertising

DuckResume displays advertisements through Google AdMob. AdMob may collect and use the following information to serve ads:

Device advertising identifier
IP address
General location (country/region)
App usage data
Ad interaction data (views, clicks)

Opting Out of Personalized Ads:

Android: Settings → Google → Ads → Opt out of Ads Personalization
iOS: Settings → Privacy & Security → Apple Advertising → Personalized Ads (toggle off)

Opting out does not reduce the number of ads displayed; it only makes them less targeted to your interests.

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy. Specific retention periods include:

Account Data: Retained until account deletion or 3 years after last activity, then deleted.
Resume Content: Stored until deleted by user or account deletion. Inactive resume documents (not accessed or modified for 12 months) may be anonymized or deleted with prior notice.
AI Processing Data: Discarded immediately after processing; not retained.
Usage Analytics: Retained for 26 months (Firebase default).
Crash Reports: Retained for 90 days.
Local Data (No Sign-In): Data stored locally on your device is not subject to our retention policies. You can delete local data by clearing app data or uninstalling the app.

Upon account deletion, all associated data on our servers is permanently removed within 7 days, except where retention is required by law.

9. Data Security

We implement a multi-layered security framework to protect your information:

Encryption: All data transmissions use TLS 1.2+ protocols. Data at rest is encrypted using AES-256 encryption.
Access Controls: Role-based permissions limit employee access to personal data on a need-to-know basis.
Monitoring: Regular security assessments and monitoring are employed.
Breach Notification: In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of discovery, in accordance with applicable laws.

Despite these measures, no system is infallible. Users should safeguard their account credentials.

10. User Rights and Controls

Depending on your residency, you may exercise the following rights:

Access: Request a copy of your personal data.
Rectification: Update inaccurate or incomplete information.
Erasure: Demand deletion of personal data, subject to legal exceptions.
Restriction: Temporarily halt processing while disputes are resolved.
Portability: Request your data in a portable format.
Objection: Opt out of certain processing activities.
Withdraw Consent: Revoke permissions previously granted.

To exercise these rights, email cocostudios321@gmail.com. We respond within 30 days and may request identity verification.

Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. You will not receive different pricing, quality of service, or be denied access to our Service for exercising these rights.

11. Deleting Information and Accounts

You can delete your data and account by following these instructions:

If you are signed-in, go to "Settings" on the main menu and tap "Delete Account".
If you have not created a DuckResume account, you can delete your information by deleting the app from your device.

You can also initiate the account deletion process or contact us if you have any issues deleting your information by emailing us at cocostudios321@gmail.com.

After you make an account deletion request, we permanently and irreversibly delete your personal information from our systems, including backups. Once deleted, your data cannot be reinstated. Following your deletion request, it may take up to 7 days to delete your personal information from our systems. Additionally, we may retain information where deletion requests are made to comply with the law and take other actions permitted by law.

12. Children's Privacy

DuckResume is designed for users aged 13+ and complies with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect data from children under 13. If such data is inadvertently received, it is promptly deleted. Parents or guardians may contact us to review or remove a minor's information.

If you are a parent or guardian and believe your child has provided us with personal information, contact us at cocostudios321@gmail.com.

13. California Privacy Rights (CCPA/CPRA)

California residents may:

Request disclosure of data categories collected in the past 12 months.
Know whether personal information is sold or disclosed and to whom.
Request deletion of personal information.
Opt out of the sale of personal information.
Not be discriminated against for exercising privacy rights.

We do not sell personal information.

14. Other U.S. State Privacy Rights

Residents of certain U.S. states have additional privacy rights under state law:

Virginia (VCDPA): Virginia residents may access, correct, delete, and obtain a copy of their personal data, and opt out of targeted advertising, sale of personal data, and profiling.
Colorado (CPA): Colorado residents have similar rights to access, correct, delete, and port their data, and may opt out of targeted advertising and sale of personal data.
Utah (UCPA): Utah residents may access and delete their personal data and opt out of the sale of personal data and targeted advertising.

To exercise these rights, contact us at cocostudios321@gmail.com. We will respond to verified requests within the timeframes required by applicable law.

15. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis: We process your data based on: (a) your consent, (b) performance of a contract, (c) compliance with legal obligations, or (d) our legitimate interests.
Data Transfers: Your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place for such transfers, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission.
Right to Lodge Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.
Withdrawal of Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise your GDPR rights, contact us at cocostudios321@gmail.com.

16. Modifications to This Policy

We may update this policy periodically to reflect:

New service features requiring data collection.
Changes in laws or regulations.
Feedback from users or regulatory bodies.

Material changes will be announced via email or in-app notification. The "Effective Date" at the top indicates the latest revision. Your continued use of DuckResume after changes are posted constitutes acceptance of the updated policy.

17. Contact Us

For privacy-related inquiries or complaints:

Email: cocostudios321@gmail.com
Developer: Coco Studios

We acknowledge all requests within 5 business days and resolve most within 30 days.