Privacy Policy

Effective Date: March 26, 2026

Aplyr ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our job search automation platform (the "Service"). By using Aplyr, you consent to the practices described in this policy.

1. Information We Collect

Account Data

When you create an account, we collect your name, email address, and authentication credentials (managed via Firebase Authentication).

Profile Data

To power auto-fill and application submission, we collect personal information you provide, including your name, email address, phone number, mailing address, work history, education history, and resume content.

Gmail Data (via OAuth)

If you connect your Gmail account, we request read-only access to scan for job application-related emails. We collect email metadata only -- including subject lines, sender addresses, and dates -- for the purpose of detecting and tracking job application confirmations and status updates. We do not read or store the full body of your emails.

Job Application Tracking Data

We store information about job applications you submit through the Service, including company names, job titles, application dates, and status updates.

Usage and Analytics Data

We collect anonymized usage data such as pages visited, features used, and performance metrics to improve the Service.

2. How We Use Your Information

  • Provide the Service: Search for jobs, track applications, and manage your job search pipeline.
  • Auto-fill and submit applications: Use your profile data to automatically populate and submit job applications on your behalf through browser automation.
  • AI-powered job matching: Analyze your profile and preferences using AI (via OpenAI API) to recommend relevant job opportunities and tailor your resume for specific positions.
  • Email scanning: Detect job application confirmation emails and status updates to automatically update your application timeline.
  • Service improvement: Analyze usage patterns to improve features, fix bugs, and enhance the user experience.
  • Communications: Send transactional emails related to your account and application activity.

3. Third-Party Service Providers

We use the following third-party services to operate Aplyr. Each provider processes data only as necessary to deliver their respective service:

  • Firebase / Google Cloud -- Authentication, database (Firestore), and cloud infrastructure.
  • OpenAI-- AI-powered job matching and resume tailoring. Data is sent via the OpenAI API, which is subject to OpenAI's API data usage policy. OpenAI does not use API inputs or outputs to train its models.
  • Vercel -- Application hosting and deployment.
  • Typesense -- Job search indexing and search functionality.
  • Resend -- Transactional email delivery.
  • Upstash -- Redis-based rate limiting and caching.

4. Google API Services -- Limited Use Disclosure

Aplyr's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. For full details, please see our Google API Limited Use Disclosure.

5. Data Retention

  • Account and profile data is retained for as long as your account remains active.
  • Upon account deletion request, all personal data is deleted within 30 days. Backups may be retained for up to 90 days before being permanently purged.
  • Gmail scan data is processed in real-time. Only extracted metadata (subject, sender, date) is stored to build your application timeline. Full email content is never stored.
  • Usage and analytics data may be retained in anonymized form for service improvement purposes.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete personal data.
  • Deletion: Request that we delete your personal data.
  • Data portability: Request a machine-readable copy of your data.
  • Opt out of automated processing: Request human review of decisions made solely by automated means.
  • Withdraw consent: Revoke previously granted consent at any time, including disconnecting your Gmail account.

California residents (CCPA/CPRA): You have the right to know what personal information is collected, request its deletion, opt out of the sale or sharing of personal information (Aplyr does not sell your data), and not be discriminated against for exercising your rights.

EU/EEA residents (GDPR): You have the rights described above, plus the right to restrict processing, object to processing, and lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at privacy@aplyr.co.

7. Automated Decision-Making

Aplyr uses artificial intelligence to provide job matching recommendations and resume tailoring suggestions. These features are designed to assist you, not to make decisions on your behalf. You can review, modify, and approve all AI-generated content before any job application is submitted. No application is submitted without your authorization.

8. Cookies and Tracking

  • Essential cookies: We use cookies strictly necessary for authentication and session management (powered by Firebase).
  • No advertising cookies: Aplyr does not use advertising, retargeting, or third-party tracking cookies.
  • Analytics: We use Vercel Web Analytics, which is a cookieless, privacy-friendly analytics solution that does not track individual users.

9. Children's Privacy

Aplyr is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a user under 16, we will promptly delete that information.

10. International Data Transfers

Aplyr is based in the United States. Your data is stored and processed in the United States. If you access the Service from outside the United States, you consent to the transfer, storage, and processing of your data in the United States, where data protection laws may differ from those in your jurisdiction.

11. Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of data at rest and in transit (TLS/SSL).
  • OAuth tokens encrypted with AWS Key Management Service (KMS) before storage.
  • Role-based access controls for internal systems.
  • Regular security reviews and updates.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email at the address associated with your account. The "Effective Date" at the top of this page indicates when the policy was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Aplyr
Email: privacy@aplyr.co