Privacy Policy

Account information: When you sign up, we collect your email address and, optionally, your name and job search preferences (current title, target roles, target locations).

Resume content: If you upload a resume, we extract its text for use in AI-powered features (match scoring, resume tailoring, cover letter generation). The original file is stored securely in Supabase Storage.

Job application data: Job titles, companies, descriptions, stages, notes, and any documents you create through the app.

Usage data: Pages visited, features used, and error events — collected via PostHog for product analytics. No personally identifiable information is attached to analytics events.

We use your data solely to provide and improve ApplyPilotAI:

• Displaying your job board and application history
• Running AI features on your resume and job descriptions
• Sending follow-up reminder emails you schedule
• Processing payments via Stripe
• Improving the product through aggregated, anonymised analytics

We do not sell your data to third parties.

ApplyPilotAI uses the Anthropic API to power AI features (match scoring, resume tailoring, cover letter generation, interview prep).

When you trigger an AI feature, relevant content — such as your resume text and the job description — is sent to Anthropic's API servers to generate a response.

Anthropic does not train its models on data submitted through the API. Your resume and job data are not used to improve Anthropic's models. You can read Anthropic's privacy policy at anthropic.com/privacy.

All data is stored in Supabase (PostgreSQL), hosted on AWS infrastructure in the US. Resume files are stored in a private Supabase Storage bucket — they are never publicly accessible. Signed URLs with a 1-hour expiry are used to serve your files.

We enforce row-level security (RLS) on every database table — your data is only accessible to you and cannot be read by other users.

If you are in the European Economic Area, you have the right to:

• Access — request a copy of the data we hold about you
• Correction — update inaccurate data via your account settings
• Deletion — delete your account and all associated data from Settings → Danger Zone. This permanently removes all your data from our database, storage, and authentication records.
• Portability — request an export of your data

To exercise any of these rights, email us at privacy@applypilotai.app.

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you additional rights regarding your personal information:

• Right to Know — you may request the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete — you may request deletion of your personal information. You can do this directly from Settings → Danger Zone, or by emailing us.
• Right to Correct — you may request correction of inaccurate personal information via your account settings or by contacting us.
• Right to Opt-Out of Sale or Sharing — ApplyPilotAI does not sell your personal information and does not share it for cross-context behavioral advertising. No opt-out is necessary.
• Right to Non-Discrimination — we will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of personal information collected: identifiers (email, name), professional information (resumes, job application data), internet activity (usage analytics), and commercial information (subscription plan, payment history via Stripe).

To exercise any of these rights, email privacy@applypilotai.app. We will verify your identity and respond within 45 days as required by law.

ApplyPilotAI is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@applypilotai.app and we will promptly delete that information.

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will:

• Investigate and contain the breach as quickly as possible.
• Notify affected users by email within 72 hours of becoming aware of the breach, as required by GDPR. For California residents, notification will comply with Cal. Civ. Code § 1798.82.
• Notify relevant supervisory authorities where required by applicable law.
• Provide a description of the nature of the breach, the categories of data affected, the likely consequences, and the measures taken to address and mitigate the breach.