One-Click Resumes Privacy Policy

How we collect, use, and protect your data

Effective Date: February 1, 2026
Last Updated: February 1, 2026

1. Introduction

Toadstone Labs ("we," "us," or "our") operates One-Click Resumes, a Chrome extension and web dashboard that generates AI-tailored resumes from job postings. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

By using One-Click Resumes, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Authentication Data

We use Kinde as our identity management provider. When you sign in, you may authenticate through Google, Apple, LinkedIn, or Facebook via Kinde. We do not directly interact with these identity providers' OAuth APIs — Kinde handles all communication with them on our behalf.

From Kinde, we receive and store:

  • Kinde user ID (a unique identifier)
  • Email address
  • Display name
  • Profile photo (if provided by the identity provider)

We do not receive or store OAuth tokens from Google, Apple, LinkedIn, or Facebook. For details on how Kinde handles your data, see Kinde's Privacy Policy.

2.2 User Profile Data

To generate tailored resumes, we collect and store the personal and professional information you provide:

  • Name, email, phone number, and location
  • Employment history (job titles, companies, dates, descriptions)
  • Education history
  • Skills and certifications
  • Any other information you add to your profile

This data is stored in AWS DynamoDB and is associated with your user account.

2.3 Job Posting Data

When you use the Chrome extension on a job site, we extract information from the job posting, including:

  • Job title
  • Company name
  • Job description and requirements

This data is sent to our backend for processing. The job description is not permanently stored after your resume is generated.

2.4 Generated Resume Data

We store metadata about your generated resumes (such as the job title and generation date) in DynamoDB.

2.5 Transaction Data

We store records of credit purchases, promo code usage, and referral credit activity in DynamoDB. This is used to manage your credit balance and transaction history.

2.6 Payment Information

All payment processing is handled by Stripe. We do not collect, store, or have access to your credit card numbers, bank account details, or other payment credentials. Stripe provides us only with a transaction confirmation and payment status.

3. How We Use Your Information

We use your information to:

  • Provide the service: Generate AI-tailored resumes based on your profile and job postings
  • Manage your account: Authenticate you, maintain your profile, and track your credit balance
  • Process payments: Facilitate credit purchases through Stripe
  • Improve the service: Understand usage patterns and improve functionality
  • Provide support: Respond to your inquiries and troubleshoot issues
  • Communicate with you: Send service-related notifications (e.g., low credit alerts, important updates)

4. AI Processing and Third-Party AI Providers

When you generate a resume, your profile data and the extracted job description are sent to one of our AI providers for processing:

Both providers process your data solely to generate the requested resume output. We use their APIs under terms that prohibit training on customer data. Your resume data is not used by these providers to train their AI models.

5. Chrome Extension Permissions

The One-Click Resumes Chrome extension requests the following permissions:

  • activeTab: Allows the extension to read the content of the currently active tab when you click the extension icon. This is how we extract job posting details from job sites.
  • storage: Used to store your profile data and extension preferences locally in your browser.
  • Host permissions (job sites): The extension has permission to run on LinkedIn, Indeed, Glassdoor, Monster, ZipRecruiter, and other job sites so it can detect and extract job posting information. The extension only activates on these sites when you interact with it.

6. Data Sharing and Third-Party Services

We share your data only with the following third-party services, and only as necessary to provide our service:

ServicePurposeData Shared
KindeAuthentication and user managementEmail, name, identity provider tokens (managed by Kinde)
Anthropic (Claude)AI resume generationProfile data, job description
OpenAIAI resume generationProfile data, job description
StripePayment processingTransaction amount, user email (for receipts)
AWSHosting and data storageAll service data (Lambda, DynamoDB, S3, API Gateway — all in US based datacenters)

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

7. Data Retention

  • Account and profile data: Retained until you request deletion of your account.
  • Job description data: Not permanently stored. Used only during resume generation and discarded after processing.
  • Transaction records: Retained for accounting and support purposes for the life of your account.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data in transit is encrypted using TLS (HTTPS).
  • Data at rest in AWS DynamoDB is encrypted.
  • Authentication is managed through Kinde with industry-standard security practices.
  • API access is authenticated and rate-limited.
  • We follow the principle of least privilege for service access.
  • Authentication tokens used during active browser sessions are stored in volatile (session-only) memory and are never persisted to disk. Long-lived credentials are stored securely in encrypted browser extension storage.
  • Locally cached data such as generated resume history is automatically pruned to limit retention.
  • Profile data stored locally in your browser via Chrome's storage APIs is protected by your operating system's access controls (such as your device login and disk encryption). Chrome does not encrypt extension storage at rest, so we recommend using a password-protected device and enabling full-disk encryption for additional protection.

While we take reasonable steps to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights

Regardless of where you are located, we provide the following rights to all users:

  • Access: You can request a copy of the personal data we hold about you.
  • Correction: You can update your profile data at any time through the extension or web dashboard. You may also request corrections to other data.
  • Deletion: You can request that we delete your account and all associated data. This action is irreversible.
  • Portability: You can request your data in a structured, machine-readable format.
  • Opt out of communications: You can opt out of non-essential communications at any time.

To exercise any of these rights, contact us at privacy@toadstonelabs.com. We will respond within 30 days.

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply:

  • Legal basis for processing: We process your data based on your consent (when you create an account and use the service), contractual necessity (to provide the service you requested), and legitimate interest (to improve our service and ensure security).
  • Data transfers: Your data is processed and stored in the United States (AWS us-east-1). We rely on standard contractual clauses and service provider agreements to ensure appropriate safeguards for international transfers.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority.
  • Right to restrict processing: You may request that we restrict the processing of your data in certain circumstances.
  • Right to object: You may object to processing based on legitimate interests.

11. CCPA Compliance (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to know: You can request details about the personal information we have collected about you in the past 12 months, including the categories and specific pieces of data, the sources, the business purpose, and the categories of third parties with whom we share it.
  • Right to delete: You can request deletion of the personal information we have collected about you, subject to certain exceptions.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.
  • No sale of personal information: We do not sell your personal information as defined by the CCPA. We do not share personal information for cross-context behavioral advertising.

To exercise your CCPA rights, contact us at privacy@toadstonelabs.com.

12. Children's Privacy

One-Click Resumes is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@toadstonelabs.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date. For significant changes, we may also notify you via email or an in-app notification.

Your continued use of One-Click Resumes after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us:

← Back to One-Click Resumes