Privacy Policy

Last updated: April 2026

1. Data Collection

Applyvo collects the following information when you use our service:

  • Account information (name, email address) provided during registration via Clerk authentication
  • Profile data you voluntarily provide (skills, work experience, education, desired roles, salary preferences)
  • Uploaded documents (CVs/resumes in PDF format) for AI parsing
  • LinkedIn and GitHub profile data you choose to import
  • Usage data and analytics to improve the service

2. Data Usage

We use your data to:

  • Match you with relevant job listings
  • Generate AI-tailored CVs for specific job applications
  • Detect ghost jobs and scam listings to protect your time
  • Send job alerts and notifications based on your preferences
  • Improve our matching algorithms and detection systems

3. Data Storage

Your data is stored securely using industry-standard encryption. We use PostgreSQL databases hosted on trusted cloud infrastructure. Uploaded files are stored in secure blob storage with access controls. We retain your data for as long as your account is active.

4. Cookie Policy

Applyvo uses essential cookies for authentication and session management. We also use a cookie consent preference stored in your browser's local storage. We do not use third-party tracking cookies or advertising cookies.

5. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access: You can request a copy of all personal data we hold about you.
  • Right to rectification: You can update your profile information at any time through the Settings page.
  • Right to erasure: You can delete your account and all associated data from the Settings page.
  • Right to data portability: You can export your data in a machine-readable format.
  • Right to object: You can opt out of non-essential data processing at any time.

6. Data Deletion

You can delete your account and all associated data at any time from the Settings page within the application. Upon account deletion, we will:

  • Soft-delete your account record immediately
  • Permanently remove all personal data, uploaded documents, and profile information within 30 days
  • Remove your data from all backup systems within 90 days

7. Email Tracking

Applyvo offers optional email tracking to automatically detect application confirmations, interview invites, and rejections from your inbox. This feature is available to Pro subscribers.

How It Works

  • Google (Gmail & Workspace): You configure a forwarding rule in your Gmail settings to forward matching emails to your unique Applyvo tracking address. We only see emails that match your forwarding filter. We use Google's gmail.send permission to enable in-app replies from your real email address. OAuth tokens are stored encrypted at rest using AES-256. We never access your full inbox.
  • Microsoft (Outlook & 365): We use Microsoft Graph API with Mail.Read and Mail.Send permissions to poll your inbox every 15 minutes for new job-related emails and enable in-app replies. OAuth tokens are stored encrypted at rest using AES-256.
  • Custom email providers (IMAP/SMTP): You provide your email credentials (host, port, username, password). We poll your inbox via IMAP every 15 minutes. Credentials are encrypted at rest using AES-256.

Data We Store

  • Email metadata only: sender name, sender email, subject line, date received, and our AI classification result (confirmation, interview, rejection, offer, or irrelevant)
  • We never store the full email body in our database
  • Interview dates and meeting links extracted from calendar attachments
  • For Google path: your unique forwarding address hash and OAuth tokens (encrypted with AES-256)
  • For Microsoft path: OAuth tokens (encrypted with AES-256)
  • For custom providers: your IMAP/SMTP credentials (encrypted)

Data Retention

Email metadata is automatically deleted after 90 days. Kanban board updates made from email detection persist as part of your application tracking history.

Disconnecting

You can disconnect your email at any time from Settings. This immediately stops all email processing. For Google and Microsoft, we revoke our access tokens. For custom providers, we securely delete your stored credentials. Previously detected kanban updates remain (they represent real events in your job search).

Legal Basis

Your explicit consent via OAuth authorization (Google/Microsoft) or credential submission (custom providers) serves as the legal basis for email processing under GDPR Article 6(1)(a).

8. Third-Party Services

We use the following third-party services that may process your data:

  • Clerk: Authentication and user management
  • Anthropic (Claude AI): CV parsing and generation (data is processed but not stored by Anthropic)
  • Stripe: Payment processing for Pro subscriptions
  • Vercel: Application hosting and deployment

9. Contact

If you have any questions about this Privacy Policy or your data, please contact us through the application's Settings page or email us at privacy@applyvo.com.