How Amanox AI handles your data.

1. Who we are

Amanox AI ("Amanox", "we", "our", "us") is a platform that analyses resumes using multiple AI models to provide scores, insights and suggested improvements for candidates and recruiters.

2. Information we collect

We collect the following types of data:

• Account information. Name, email address, hashed password and user role (candidate/recruiter).
• Authentication data. One-time passwords (OTPs) stored temporarily in Redis for verification, Google OAuth ID tokens (for Google sign-in), and session identifiers.
• Usage data. Basic product events such as login activity, analysis requests and feature usage, used to keep the service secure and improve the experience.
• Resume content (temporary). When you upload a resume, we process the file in memory to extract text and send it to AI providers. We do not store the original file for long-term retention.
• Job descriptions. When you paste a target job description, we use it to compute match scores and keyword gaps.
• Technical data. IP address, device/browser information and similar data generated by your use of the service, which may be logged for security and debugging.

3. How we use your information

We use your information to:

• create and manage your Amanox account;
• authenticate logins, send OTPs and maintain secure sessions;
• process resume files and job descriptions to generate scores, insights and suggested rewrites;
• personalise your experience (for example, candidate vs recruiter views);
• monitor, debug and improve the platform;
• communicate with you about product updates, security alerts or support responses.

4. How we handle resumes and job data

Resumes and job descriptions are sensitive. Our approach is:

• Resume files are processed in memory for text extraction and analysis.
• We do not use resume files to train our own models or sell them to third parties.
• We may log anonymised or aggregated metrics (for example, overall score distributions) to improve the product, but we aim to avoid storing content that directly identifies you.

5. Third-party services and AI providers

We rely on trusted third parties to run Amanox, including:

• AI providers. We call models via providers such as OpenRouter. Resume text and job descriptions may be sent to these APIs so they can generate insights and scores.
• Email and OTP delivery. We use third-party email services to deliver verification links, OTPs and password reset messages.
• Infrastructure & storage. Cloud platforms, databases and Redis used to host the application, store user accounts, sessions and logs.

These providers are only given the data necessary to perform their services, and we aim to choose vendors with strong security practices.

6. Cookies and similar technologies

We use cookies and related technologies to keep you logged in and protect your account:

• session cookies for access and refresh tokens;
• CSRF protection tokens;
• cookies that remember basic preferences such as interface settings.

For more detail, please see our Cookie Policy.

7. Legal bases and retention

Where applicable law requires a legal basis (for example in the EU/EEA), we typically rely on:

• Performance of a contract – to operate your account and deliver the service you request.
• Legitimate interests – to secure the platform, prevent abuse and understand how the product is used.
• Consent – for certain communications or optional analytics where required.

We retain account data for as long as your account is active and for a reasonable period afterwards to comply with legal obligations, resolve disputes and maintain security logs.

8. Your rights and choices

Depending on your location, you may have rights such as:

• accessing the personal data we hold about you;
• requesting corrections to inaccurate information;
• requesting deletion of your account and certain associated data;
• objecting to or restricting certain processing;
• withdrawing consent where we rely on it.

To exercise any of these rights, contact us at contact@amanox.in. We may need to verify your identity before responding.

9. Security

We use reasonable technical and organisational measures to protect your data, including hashed passwords, token-based authentication and rate-limited OTP flows. No system is perfectly secure, but we actively monitor for abuse and improve our defences over time.

10. Changes to this policy

We may update this Privacy Policy as our product evolves or legal requirements change. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you through the product or by email.

11. Contact

If you have questions about this policy or how we handle data, please contact contact@amanox.in or use the contact form on our Contact page.