Security & Privacy
GitResume reads commit metadata to build your career story. We never clone repos, never read source code, and never write to your repositories.
- What data does GitResume access?
- Commit metadata (titles, messages, timestamps, file names changed, line counts), pull request metadata (titles, descriptions, state, file names), and basic profile info (name, email, GitHub username). The same summary you'd see in a
git log --stat. - Do you read my source code?
- No. We see file names and line counts, never what's inside your files. Your intellectual property is completely off-limits.
- Do you clone or download my repositories?
- No. Your code never leaves GitHub. We don't clone, fork, or download repos. We only read metadata through GitHub's API.
- Can GitResume write to my repos?
- No. We never push, create branches, open issues, or modify anything in your repositories. Our code only reads metadata. For maximum control, use a fine-grained personal access token scoped to read-only on specific repos.
Your company is in control
GitHub's built-in organization controls give admins full visibility and authority over third-party app access.
Org-level approval gates
Organization admins can require approval before any OAuth app accesses org data. GitResume won't see org repos until an admin explicitly allows it.
Existing permissions respected
Employees only see repos they've already been granted access to. OAuth doesn't bypass any existing repository permissions or branch protections.
Revoke anytime
Org admins can revoke GitResume's access at any time from GitHub's organization settings. Instant, no questions asked.
Fine-grained token support
Prefer tighter permissions? Use a GitHub fine-grained personal access token instead of OAuth. Scope it to read-only metadata on only the repos you choose — nothing more.
AI & Data
We use Anthropic's Claude API to generate resumes and cover letters. Here's exactly how your data flows and how you stay in control.
- What data is sent to the AI?
- Contribution metadata only — commit messages, PR titles, and file names. This is sent to Anthropic's API to generate your resume and cover letters. No source code is ever included.
- Is my data used to train AI models?
- No. Anthropic's API terms prohibit using API data for model training. Your contribution data is processed, not learned from.
- Who can see my generated content?
- Only you. Generated resumes and cover letters are stored in your account only. They are never shared with other users, sold, or used for any purpose beyond serving you.
- What happens when I delete my account?
- All your data is deleted within 30 days of account deletion. You can also revoke GitHub access at any time from your GitHub Settings.
Questions?
Feel free to reach out. We're happy to answer anything.
Read the full Privacy Policy for additional details.
Get Started FreeFree tier • No credit card • Read-only access