Section 1. Introduction & Scope

Who we are. This Privacy Policy is issued by Splash Sol LLC, a limited liability company registered in Wyoming, United States.

• Registered office: 30 N Gould St, Sheridan, WY 82801, United States
• Email: info@resumecroc.com
• Phone: +1 307 205 7358
• Website: https://resumecroc.com/

What this policy covers. This Privacy Policy applies to all personal information collected when you visit or use our website at https://resumecroc.com and when you purchase or use any of our professional resume writing, CV writing, LinkedIn profile optimisation, or resume review services (collectively, the “Service”). It covers information collected online through the website and offline to the extent it relates to your use of the Service.

Relationship to other policies. This Privacy Policy should be read alongside our Terms and Conditions, which govern the contract between us when you purchase a Service. If you have any questions about either document, you can reach our privacy team at our contact page.

By using the website or the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of it, please do not use the website or the Service.

Section 2. Information We Collect

We collect personal information in three main ways: directly from you, automatically as you use the website, and from our payment processor.

2a. Information You Provide to Us

When you interact with ResumeCroc — whether by requesting a free resume review, placing an order, creating an account, or contacting us — you may provide the following categories of personal information:

• Identity information: your full name, professional title, industry, and years of experience.
• Contact information: email address, phone number, and postal address if applicable.
• Account credentials: username and password if you create a customer account on our website.
• Billing information: billing name and address. Payment card details are handled exclusively by our payment processor, Stripe (see Section 2c below) — we never receive or store your full card number.
• Career and professional history: the resume, CV, LinkedIn profile, or career-history documents you submit so that our writers can provide the Service. This may include employment history, educational background, professional qualifications, skills, and achievements.
• Communications: messages, emails, support requests, and any other content you send to us, including feedback and responses to our follow-up queries.
• Preference and consent records: records of any marketing preferences, consents, or opt-outs you have communicated to us.

Providing some of this information is necessary to deliver the Service — for example, we cannot write or review your resume without receiving it. Where information is optional, we will make that clear at the point of collection.

2b. Information Collected Automatically from Your Use of the Site

When you visit the website, certain technical information is collected automatically by our hosting infrastructure, performance-optimisation layer, and CDN. This includes:

• Device and browser metadata: your browser type and version, operating system, device type, screen resolution, and language settings.
• Network information: your IP address, internet service provider, and approximate geographic location (city or region level — not precise GPS location).
• Usage information: pages viewed, the URL you came from (referrer), links clicked, time spent on pages, and the sequence of pages visited during a session.
• Performance metrics: page-load times, error events, and other technical performance signals used to diagnose and improve the website. This data is aggregated and anonymised where feasible.
• Cookies and similar technologies: see Section 5 for full details on how we use cookies.

This automatically collected information helps us operate the website reliably, improve user experience, and detect and prevent fraud or abuse. We do not use this information to build individual behavioural advertising profiles.

2c. Information from Payment Processing

All payment card transactions on the website are processed by Stripe, Inc., a PCI DSS-compliant payment processor. When you enter your card details at checkout, that information is submitted directly to Stripe’s secure servers and is governed by Stripe’s Privacy Policy.

We do not store full Payment Account Numbers (PANs), CVV/CVC codes, or magnetic-stripe data. Stripe provides us with a tokenised representation of your payment method and a confirmation of whether the transaction succeeded. We retain only the billing name, billing address, last-four card digits (as displayed on your order record), and transaction reference number.

Section 3. How We Use Your Information

We use the personal information we collect for specific, defined purposes only. We do not use your information in ways that are incompatible with the purposes set out below.

• To provide and deliver the Service: processing your order, assigning a writer from our professional team (Katherine A., Keiron D., or Olivia G.), producing and delivering your resume, CV, or LinkedIn profile, and honouring our 45-day interview guarantee if applicable.
• Account management: creating and maintaining your customer account, enabling you to log in, view order history, and download your documents from the account area.
• Communications about your order: sending order confirmations, delivery notifications, progress updates, and responding to your support queries. These are transactional communications and are not marketing.
• Service improvement: analysing aggregated, anonymised usage data to understand how the website is used, identify technical issues, improve page performance, and develop new features or service offerings.
• Fraud prevention and security: detecting, investigating, and preventing fraudulent transactions, abuse, chargebacks, and other illegal or harmful activity.
• Legal compliance: fulfilling our obligations under applicable laws, including tax record-keeping, responding to lawful requests from public authorities, and enforcing our contractual rights.
• Marketing communications: we may send you emails about our services, offers, and career resources, but only if you have given your consent or where we have a legitimate interest and applicable law permits (e.g. soft opt-in where you are an existing customer). You can unsubscribe at any time via the link in any marketing email or by contacting us at info@resumecroc.com.

We will never use your career history, resume content, or professional documents for any purpose other than delivering the Service you ordered and, where you have consented, communicating with you about related services.

Section 4. Legal Bases for Processing (UK & EU Residents)

If you are located in the United Kingdom or the European Economic Area, data protection law requires us to have a legal basis for each way we process your personal information. The following bases apply to our processing activities:

• Contract (Article 6(1)(b) UK/EU GDPR): the majority of our processing — collecting your contact details, career history, processing payment, and delivering your resume — is necessary to perform the contract we have with you when you place an order. Without this processing, we cannot provide the Service.
• Consent (Article 6(1)(a) UK/EU GDPR): where we send you direct marketing emails or use non-essential cookies, we rely on your freely given, specific, informed consent. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Legitimate interests (Article 6(1)(f) UK/EU GDPR): we process certain technical and usage data to improve the website, detect fraud, and protect our business and customers. We have assessed that our legitimate interests in doing so are not outweighed by your privacy rights, given the limited sensitivity of this technical data and the safeguards we apply.
• Legal obligation (Article 6(1)(c) UK/EU GDPR): where we are required by law — for example, to retain financial records for tax purposes or to respond to a lawful enforcement request — we process the minimum personal information necessary to fulfil that legal obligation.

If you have questions about the specific legal basis we rely on for any particular processing activity, you can contact our privacy team at info@resumecroc.com.

Section 5. Cookies & Analytics

Like most websites, resumecroc.com uses cookies and similar technologies. A cookie is a small text file placed on your device when you visit a website. Cookies allow the site to remember your preferences, keep you logged in, and help us understand how people use the site.

Types of cookies we use

• Strictly necessary cookies: essential to the operation of the website. These include the session cookie that keeps you logged in to your customer account and the cookie that remembers items in your order. The website cannot function properly without these, and they do not require your consent.
• Functional cookies: remember your preferences and settings (such as your location or language) to improve your experience. We use a limited number of these and you can disable them without losing access to the Service.
• Performance and analytics cookies: help us understand how visitors interact with the website by collecting anonymised or aggregated data about page views, session duration, and navigation paths. This information is used solely to improve the website’s structure and content. Where possible we rely on server-log analysis rather than third-party analytics scripts, reducing the tracking footprint on your device.
• Security cookies: help detect and prevent fraudulent submissions, bot activity, and abuse of our free resume-review form.

How to control cookies

You can control or delete cookies at any time through your browser settings. Most browsers allow you to block all cookies, accept only first-party cookies, or delete existing cookies. Detailed instructions for the most popular browsers are available on their respective help pages. Please note that disabling certain cookies may affect the functionality of the website — for example, you may need to log in again on each visit.

To opt out of specific data collection or request that we stop placing non-essential cookies related to your account, please contact us.

No cross-site advertising tracking

We do not use advertising networks, remarketing pixels, or cross-site tracking technologies to serve you targeted advertisements on third-party websites. Any analytics data we collect stays with us and our approved performance-monitoring subprocessors (see Section 6).

Section 6. Subprocessors & Third-Party Services

To deliver and operate the Service, we engage a small number of carefully selected third-party technology providers (subprocessors). Each subprocessor receives only the personal information it needs to fulfil its specific function and is contractually required to protect that information in line with applicable data protection law.

We do not engage any subprocessors for advertising, data enrichment, or lead-generation purposes. If we add a new subprocessor that will process your personal information, we will update this policy to reflect that change.

Section 7. Sharing of Information

We treat your personal information with discretion. We do not sell it, rent it, or trade it. The following is a complete description of the circumstances in which we may share your information:

• With our subprocessors: as described in Section 6 above, we share limited data with Stripe, Hostinger, Cloudflare, and NitroPack solely to operate the Service. Each subprocessor is bound by a data processing agreement and may use your information only for the purposes we specify.
• Our professional writing team: your resume content and career history is shared with the writer assigned to your order (one of our senior writers: Katherine A., Keiron D., or Olivia G.) for the sole purpose of completing your order. Our writers operate under strict confidentiality obligations.
• Where required by law: we may disclose personal information if we are required to do so by a court order, subpoena, regulatory requirement, or other lawful process. We will, where legally permissible, notify you before complying with such a request.
• Business transfers: in the event of a merger, acquisition, or sale of all or substantially all of our assets, personal information may be transferred to the acquiring entity. We will notify you of any such transfer by posting a prominent notice on the website or by direct communication where feasible.
• With your consent: in any other circumstance, we will ask for your explicit consent before sharing your personal information with a third party.

We do not share your resume content, career history, or professional documents with any third party for any purpose other than delivering your order, unless you explicitly request otherwise (for example, if you ask us to send your documents to a specific third party on your behalf).

Section 8. Retention

We retain your personal information for as long as is necessary to fulfil the purposes set out in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. The following retention principles apply:

• Account information: we retain your account data (name, email, order history) for as long as your account is active. If you close your account or request deletion, we will delete or anonymise your account data within 30 days, subject to the exceptions below.
• Resume and career-history documents: we retain the documents you submit for the period necessary to deliver the Service and to honour our 45-day interview guarantee. After the guarantee period ends, we typically retain your documents for up to 24 months so that we can assist you with any follow-up revisions or updates. You may request earlier deletion at any time (see Section 10).
• Order and financial records: we retain billing records and transaction data for a minimum of 7 years to comply with US tax law and accounting requirements. This data is held securely and accessed only when required for legal or financial purposes.
• Communications: support emails and messages are retained for up to 3 years to provide continuity of service and resolve any disputes that may arise. After this period, they are securely deleted.
• Technical and log data: server logs and performance metrics are typically retained for 90 days. After this period, aggregated and anonymised analytics summaries may be retained indefinitely, but these cannot be linked back to you individually.

When your data is no longer required for any of the purposes above, we will delete it securely or anonymise it so that it can no longer be associated with you. You may request earlier deletion of specific categories of data by contacting us at info@resumecroc.com.

Section 9. International Transfers

Splash Sol LLC is based in the United States. If you are accessing the Service from the United Kingdom, the European Economic Area (EEA), or another jurisdiction outside the United States, please be aware that your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country.

Safeguards for UK and EU residents

Where we transfer personal information from the United Kingdom or EEA to the United States (or any other country without an adequacy decision), we rely on appropriate safeguards to ensure your information is protected to the standard required by UK GDPR and EU GDPR. These safeguards may include:

• Standard Contractual Clauses (SCCs): the European Commission’s or UK ICO’s approved standard contractual clauses, which impose equivalent data protection obligations on the recipient of the transfer.
• Adequacy decisions: where the European Commission or UK Secretary of State has determined that a third country provides an adequate level of protection, we may rely on that decision.
• Contractual and organisational measures: we require all subprocessors to implement appropriate technical and organisational security measures when processing data transferred from the UK or EEA.

You may obtain a copy of the transfer safeguards we rely on by contacting us at info@resumecroc.com. Our subprocessors — Stripe, Hostinger, Cloudflare, and NitroPack — each maintain their own international transfer mechanisms, which are described in their respective privacy policies and data processing agreements.

Section 10. Your Privacy Rights

Depending on your location, you have a number of rights with respect to the personal information we hold about you. We are committed to honouring these rights and responding to all valid requests promptly. Here is what you can ask us to do, and how:

• Right to restriction: you may ask us to limit how we process your personal information — for example, if you contest its accuracy or object to our use of it — while we investigate your concern.
• Right to object: you may object to processing based on our legitimate interests, including any profiling we conduct for those purposes. You may also object at any time to the use of your personal information for direct marketing, in which case we will stop that use immediately.
• Right to withdraw consent: where we process your personal information on the basis of your consent (e.g. for marketing communications or non-essential cookies), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

How to exercise your rights

To exercise any of the rights above, please send a request to info@resumecroc.com or write to us at Splash Sol LLC, 30 N Gould St, Sheridan, WY 82801, United States. We may ask you to verify your identity before processing your request, to protect against unauthorised access to your information. We will respond within 30 days of receiving a valid, verified request. If we need more time (in complex cases, up to 90 days under some laws), we will let you know within the initial 30-day window and explain why.

Section 11. California Residents — CCPA / CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you specific rights regarding your personal information. This section supplements the rest of this Privacy Policy and applies exclusively to California residents.

Categories of personal information collected

In the previous 12 months, we have collected the following categories of personal information about California consumers, as defined by CCPA:

• Identifiers (name, email address, IP address, account name)
• Personal information categories listed in the California Customer Records statute (billing information, financial account details — tokenised)
• Commercial information (records of services purchased, order history)
• Professional or employment-related information (resume content, career history, skills, qualifications)
• Internet or other electronic network activity information (browsing history on our website, device metadata)
• Inferences drawn from the above to create a profile about preferences and service interests (limited)

Sources, business purposes, and sharing

We collect the above categories directly from you, automatically from your use of the website, and from our payment processor Stripe. We use this information for the business purposes described in Section 3. We share it only with the subprocessors described in Section 6 and as otherwise set out in Section 7. We have not sold or shared personal information for cross-context behavioural advertising purposes in the previous 12 months, and we do not intend to do so.

Your CCPA / CPRA rights

• Right to Know: you have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purposes for collecting or sharing it, and the categories of third parties to whom we disclosed it.
• Right to Delete: you have the right to request that we delete personal information we collected from you, subject to certain exceptions (e.g. information needed to complete your order or comply with law).
• Right to Correct: you have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: you have the right to opt out of the sale or sharing of your personal information for cross-context behavioural advertising. We do not sell or share personal information for these purposes, so this right is already exercised by our practices.
• Right to Limit Use of Sensitive Personal Information: to the extent we process sensitive personal information as defined by CPRA (which may include professional history), you have the right to limit our use of that information to the purposes necessary to provide the Service.
• Right to Non-Discrimination: we will not discriminate against you for exercising any of your CCPA/CPRA rights. You will receive the same quality of service and pricing regardless of whether you make a privacy request.

How to submit a CCPA / CPRA request

You may submit a request to know, delete, correct, or limit by:

• Email: info@resumecroc.com — include “California Privacy Request” in the subject line.
• Post: Splash Sol LLC, 30 N Gould St, Sheridan, WY 82801, United States.
• Online: contact form.

We will acknowledge your request within 10 business days and respond substantively within 45 calendar days (extendable to 90 days if we notify you of the extension and the reason). We will verify your identity before processing your request. You may designate an authorised agent to make a request on your behalf; we will require written proof of authorisation before responding to such a request.

For the 12-month period preceding the date of this policy, we have not sold personal information, and we have not disclosed personal information for cross-context behavioural advertising.

Section 12. UK & EU Residents — UK GDPR / EU GDPR

If you are located in the United Kingdom or the European Economic Area, the following additional information and rights apply to you, in addition to the rights described in Section 10.

Data controller

Splash Sol LLC, 30 N Gould St, Sheridan, WY 82801, United States, is the data controller in respect of the personal information processed about you in connection with the Service. You can contact our privacy team at info@resumecroc.com with any data protection queries.

Enhanced rights under UK GDPR / EU GDPR

In addition to the rights described in Section 10, UK and EU residents have the following rights under applicable data protection law:

• Right to lodge a complaint with a supervisory authority: if you believe we have processed your personal information in breach of applicable data protection law, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place of the alleged infringement. For UK residents, the relevant authority is the Information Commissioner’s Office (ICO) at ico.org.uk, helpline 0303 123 1113. For EU residents, the relevant authority is the data protection authority in your EU member state of residence.
• Right not to be subject to automated decision-making: we do not make automated decisions about you that produce legal or similarly significant effects. Our service relies on human writers reviewing and producing your documents.

Retention and international transfer reminders

Please see Section 8 (Retention) and Section 9 (International Transfers) for information relevant to UK and EU residents about how long we keep your data and the safeguards we use when transferring it outside the UK/EEA.

We encourage UK and EU residents who have concerns about our data practices to contact us in the first instance. We will always try to resolve your concern directly before you escalate to a supervisory authority. Contact us at our contact page or by email at info@resumecroc.com.

Section 13. Children

The Service is intended solely for use by adults aged 18 years or older. Our resume writing and career services are designed for professionals who are entering or advancing in the workforce, and are not appropriate for children.

We do not knowingly collect, solicit, or retain personal information from anyone under the age of 18. If you are under 18, please do not use the Service or provide any personal information to us. If we learn that we have inadvertently collected personal information from a child under 18, we will delete it promptly. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at info@resumecroc.com and we will take immediate steps to remove that information from our systems.

Section 14. Security

We take the security of your personal information seriously and maintain a range of administrative, technical, and organisational measures designed to protect it from unauthorised access, disclosure, alteration, or destruction.

Measures we have in place

• Encryption in transit: all data exchanged between your browser and our website is encrypted using TLS (Transport Layer Security). Our website enforces HTTPS — plain HTTP connections are redirected automatically.
• Payment tokenisation: payment card data is handled entirely by Stripe, which uses tokenisation to ensure that full card numbers are never transmitted to or stored on our servers.
• Access controls: access to personal information within our organisation is limited to personnel who need it to fulfil the Service (our writing team and administrative staff). We use role-based access controls and require strong authentication for administrative systems.
• Infrastructure security: our website is hosted on hardened LiteSpeed servers and protected by Cloudflare’s enterprise-grade security layer, which provides DDoS mitigation, bot protection, and web application firewall (WAF) capabilities.
• Operational security: we operate documented internal policies covering data handling, access management, incident response, and subprocessor oversight.

We encourage you to use a strong, unique password for your account, to keep your login credentials confidential, and to log out of your account when using shared devices.

Section 15. Data Breach Notification

In the event that we discover or are notified of a personal data breach — meaning a security incident that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal information — we will take the following steps:

• Containment and assessment: we will act promptly to contain the breach, assess its scope, and determine which individuals and categories of data are affected.
• Regulatory notification: where required by applicable law — for example, under UK GDPR or EU GDPR (within 72 hours of becoming aware of a qualifying breach) or applicable US state breach notification laws — we will notify the relevant supervisory authority or state attorney general without undue delay.
• Individual notification: where a breach is likely to result in a high risk to your rights and freedoms, we will notify affected individuals directly, in clear and plain language, explaining the nature of the breach, the likely consequences, and the steps we are taking to address it. We will also provide guidance on steps you can take to protect yourself.
• Remediation: we will take appropriate steps to remediate the breach, prevent recurrence, and improve our security measures in response to the incident.

If you suspect that your personal information may have been compromised, please contact us immediately at info@resumecroc.com or +1 307 205 7358.

Section 16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, the services we offer, or changes in applicable law. When we make material changes to this policy, we will:

• Post the updated policy on this page with a revised “Last updated” date at the top.
• Where practicable and required by law, notify you directly by email (if we hold your email address) or by displaying a prominent notice on the website before the changes take effect.
• If we intend to use your personal information in a materially different way from that described at the time it was collected, we will seek your consent before doing so.

We encourage you to review this Privacy Policy periodically so that you are aware of our current data practices. Your continued use of the Service after the effective date of a revised policy constitutes your acknowledgement of the updated terms, to the extent permitted by applicable law.

Previous versions of this policy are available on request — please email info@resumecroc.com if you would like a copy of an earlier version.

Section 17. How to Contact Our Privacy Team

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal information, please contact us. We are committed to resolving any privacy concern you raise as quickly as possible.

We aim to acknowledge all privacy-related correspondence within 2 business days and to respond substantively within 30 days. For requests that are complex or where we need to verify your identity, we may take up to 90 days in total (with notification within the first 30 days).

You can also reach us through our contact page for general enquiries. For information about the services we provide and how they work, visit our FAQ page or our free resume review page.

For an independent overview of our service quality and what our customers say about us, visit our customer reviews page and success stories.