Privacy Policy
This Privacy Policy explains how Applio collects, uses, stores, and protects your personal information. By using Applio, you agree to the practices described here. Questions? Contact us at support@applio.me.
1. Information We Collect
1.1 Account Information
When you create an account via OAuth (Google or GitHub) we collect your name, email address, profile avatar (if provided by the OAuth provider), and authentication provider.
1.2 Job Application Data
We store all information you input including company name, job title, industry, salary details, application status, dates, follow-up reminders, interview records, and offer details.
1.3 Uploaded Files
We store resume and cover letter files (PDF, DOC, DOCX) you upload. Files are stored securely on Cloudflare R2 and are only accessible to you via time-limited authenticated links.
1.4 Usage Data
Applio does not use third-party analytics scripts and does not collect browsing behavior, session duration, or page visit data. No analytics tracking code is installed on Applio.
1.5 Payment Information
Payments are processed by Stripe. We do not store your card details โ only your Stripe Customer ID, subscription plan, status, and billing cycle.
2. How We Use Your Information
We use your information to provide and operate Applio, authenticate your account, send account and billing emails, send optional follow-up reminders (which you can disable), ensure security, and fulfill legal obligations.
We will never: sell your personal data, use your resume or cover letter content to train AI models without your explicit opt-in consent, share your individual data with advertisers, or use your data for purposes unrelated to Applio.
3. Where We Store Your Data
| Data Type | Storage Location |
|---|---|
| Account and application data | PostgreSQL database on Railway |
| Resume and cover letter files | Cloudflare R2 (object storage) |
| Payment records | Stripe (PCI-compliant) |
| Session tokens | Secure HTTP-only cookies |
All data is encrypted in transit using HTTPS/TLS. Database backups are maintained on a regular schedule and encrypted at rest.
4. Data Retention
Your data is retained for as long as your account is active. Upon account deletion, all personal data and uploaded files are permanently deleted within 7 days. Backup copies are fully purged within 90 days. Stripe may retain payment transaction records independently as required by financial regulations.
5. Your Rights
5.1 Right to Access
You may request a copy of the personal data we hold about you by contacting support@applio.me.
5.2 Right to Deletion
You may delete your account at any time from account settings, triggering permanent deletion of your data within 7 days. You may also email us to request manual deletion.
5.3 Right to Portability
All users may export their personal data as JSON via account settings. Pro users may additionally export data as CSV or ZIP archive.
5.4 Right to Correction
You may update inaccurate personal data directly in account settings or by contacting support@applio.me.
5.5 Right to Opt Out
You may opt out of optional communications (reminders, product updates) at any time via notification settings or by clicking "Unsubscribe" in any email.
5.6 GDPR (European Users)
If you are located in the EEA, you have additional rights under GDPR including the right to lodge a complaint with your local supervisory authority. Our lawful basis for processing is performance of a contract and legitimate interests.
5.7 CCPA (California Users)
If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. Applio does not sell personal information.
We respond to all data subject requests within 30 days.
6. Third-Party Services (Sub-processors)
We use the following third-party service providers to operate Applio. Each provider processes only the data necessary to deliver their service and is bound by their own privacy policy and data processing agreements.
| Service | Purpose |
|---|---|
| Stripe (stripe.com) | Payment processing and subscription management |
| Resend (resend.com) | Transactional email delivery |
| Cloudflare R2 (cloudflare.com) | File storage for uploaded resumes and cover letters |
| Railway (railway.app) | Database hosting and backend infrastructure |
| Google (google.com) | OAuth authentication (if you sign in with Google) |
| GitHub (github.com) | OAuth authentication (if you sign in with GitHub) |
| Vercel (vercel.com) | Frontend hosting and deployment |
Each third-party service is governed by its own privacy policy. We encourage you to review them independently.
7. Security
We implement HTTPS encryption for all data in transit, secure environment variables for all API keys, time-limited presigned URLs for file access, regular security updates, and access controls limiting which systems can access your data.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use Applio at your own risk. To report a security vulnerability, contact support@applio.me.
8. Cookies and Local Storage
8.1 Session Cookies
Applio uses secure, HTTP-only session cookies to maintain your authenticated session. These are essential and cannot be disabled while using Applio.
8.2 Local Storage
Your theme preference (light or dark mode) is stored in browser localStorage. This data never leaves your device and is not accessible to our servers.
9. Age Restriction
Applio is intended solely for users 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If you believe a minor has created an account, please contact support@applio.me.
10. Changes to This Policy
We may update this Privacy Policy at any time. Material changes will be communicated via email or in-app notification. Continued use of Applio after the effective date constitutes acceptance of the revised policy.
11. Contact
For questions, requests, or concerns regarding this Privacy Policy:
Email: support@applio.me
Response time: Within 30 days