Privacy Policy

Last updated: March 2026

1. What we collect

Account information: When you sign up, we collect your email address and, optionally, your name and job search preferences (current title, target roles, target locations).

Resume content: If you upload a resume, we extract its text for use in AI-powered features (match scoring, resume tailoring, cover letter generation). The original file is stored securely in Supabase Storage.

Job application data: Job titles, companies, descriptions, stages, notes, and any documents you create through the app.

Usage data: Pages visited, features used, and error events — collected via PostHog for product analytics. No personally identifiable information is attached to analytics events.

2. How we use your data

We use your data solely to provide and improve ApplyPilot:

  • Displaying your job board and application history
  • Running AI features on your resume and job descriptions
  • Sending follow-up reminder emails you schedule
  • Processing payments via Stripe
  • Improving the product through aggregated, anonymised analytics

We do not sell your data to third parties.

3. AI and Anthropic API

ApplyPilot uses the Anthropic Claude API to power AI features (match scoring, resume tailoring, cover letter generation, interview prep).

When you trigger an AI feature, relevant content — such as your resume text and the job description — is sent to Anthropic's API servers to generate a response.

Anthropic does not train its models on data submitted through the API. Your resume and job data are not used to improve Anthropic's models. You can read Anthropic's privacy policy at anthropic.com/privacy.

4. Data storage and security

All data is stored in Supabase (PostgreSQL), hosted on AWS infrastructure in the US. Resume files are stored in a private Supabase Storage bucket — they are never publicly accessible. Signed URLs with a 1-hour expiry are used to serve your files.

We enforce row-level security (RLS) on every database table — your data is only accessible to you and cannot be read by other users.

5. Third-party services

  • Supabase — database, auth, and file storage
  • Anthropic — AI language model API
  • Stripe — payment processing (we never store card details)
  • Resend — transactional email delivery
  • PostHog — product analytics
  • Vercel — application hosting

6. Your rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access — request a copy of the data we hold about you
  • Correction — update inaccurate data via your account settings
  • Deletion — delete your account and all associated data from Settings → Danger Zone. This permanently removes all your data from our database, storage, and authentication records.
  • Portability — request an export of your data

To exercise any of these rights, email us at privacy@applypilot.app.

7. Data retention

We retain your data for as long as your account is active. When you delete your account, all data is permanently deleted within 30 days. Stripe may retain payment records for up to 7 years as required by law.

8. Changes to this policy

We may update this policy occasionally. If changes are material, we will notify you by email. Continued use of ApplyPilot after changes take effect constitutes acceptance of the updated policy.

9. Contact

Questions? Email privacy@applypilot.app.