Privacy Policy
This Privacy Policy explains how Applio collects, uses, stores, and protects your personal information. By using Applio, you agree to the practices described here. Questions? Contact us at [INSERT_EMAIL].
1. Information We Collect
1.1 Account Information
When you create an account we collect your name, email address, profile avatar (if provided via OAuth), and authentication provider (Google, GitHub, or credentials).
1.2 Job Application Data
We store all information you input including company name, job title, industry, salary details, application status, dates, follow-up reminders, interview records, and offer details.
1.3 Uploaded Files
We store resume and cover letter files (PDF, DOC, DOCX) you upload. Files are stored securely on Cloudflare R2 and are only accessible to you via time-limited authenticated links.
1.4 Usage Data
We may collect anonymized usage data including pages visited, features used, session duration, browser type, operating system, and IP address (for security and fraud prevention).
1.5 Payment Information
Payments are processed by Stripe. We do not store your card details โ only your Stripe Customer ID, subscription plan, status, and billing cycle.
2. How We Use Your Information
We use your information to provide and operate Applio, authenticate your account, send account and billing emails, send optional follow-up reminders (which you can disable), improve the product through anonymized analytics, ensure security, and fulfill legal obligations.
We will never: sell your personal data, use your resume or cover letter content to train AI models without your explicit opt-in consent, share your individual data with advertisers, or use your data for purposes unrelated to Applio.
3. Where We Store Your Data
| Data Type | Storage Location |
|---|---|
| Account and application data | PostgreSQL database on Railway |
| Resume and cover letter files | Cloudflare R2 (object storage) |
| Payment records | Stripe (PCI-compliant) |
| Session tokens | Secure HTTP-only cookies |
All data is encrypted in transit using HTTPS/TLS. Database backups are maintained on a regular schedule and encrypted at rest.
4. Data Retention
Your data is retained for as long as your account is active. Upon account deletion, all personal data and uploaded files are permanently deleted within 30 days. Backup copies are fully purged within 90 days. Stripe may retain payment transaction records independently as required by financial regulations.
5. Your Rights
5.1 Right to Access
You may request a copy of the personal data we hold about you by contacting [INSERT_EMAIL].
5.2 Right to Deletion
You may delete your account at any time from account settings, triggering permanent deletion of your data within 30 days. You may also email us to request manual deletion.
5.3 Right to Portability
Pro users may export their job application data as CSV or JSON via account settings. Free users may contact us to request a data export.
5.4 Right to Correction
You may update inaccurate personal data directly in account settings or by contacting [INSERT_EMAIL].
5.5 Right to Opt Out
You may opt out of optional communications (reminders, product updates) at any time via notification settings or by clicking "Unsubscribe" in any email.
5.6 GDPR (European Users)
If you are located in the EEA, you have additional rights under GDPR including the right to lodge a complaint with your local supervisory authority. Our lawful basis for processing is performance of a contract and legitimate interests.
5.7 CCPA (California Users)
If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. Applio does not sell personal information.
We respond to all data subject requests within 30 days.
6. Third-Party Services
| Service | Purpose |
|---|---|
| Stripe | Payment processing |
| Cloudflare R2 | File storage (resumes, cover letters) |
| OAuth authentication | |
| GitHub | OAuth authentication |
| Railway | Database hosting |
| Google Analytics | Anonymized usage analytics |
Each third-party service is governed by its own privacy policy. We encourage you to review them independently.
7. Security
We implement HTTPS encryption for all data in transit, bcrypt password hashing for credential accounts, secure environment variables for all API keys, time-limited presigned URLs for file access, regular security updates, and access controls limiting which systems can access your data.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use Applio at your own risk. To report a security vulnerability, contact [INSERT_EMAIL].
8. Cookies and Local Storage
8.1 Session Cookies
Applio uses secure, HTTP-only session cookies to maintain your authenticated session. These are essential and cannot be disabled while using Applio.
8.2 Analytics Cookies
We may use Google Analytics cookies to collect anonymized usage data. You can opt out via your browser settings or the Google Analytics Opt-out Add-on.
8.3 Local Storage
Your theme preference (light or dark mode) is stored in browser localStorage. This data never leaves your device and is not accessible to our servers.
9. Age Restriction
Applio is intended solely for users 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If you believe a minor has created an account, please contact [INSERT_EMAIL].
10. Changes to This Policy
We may update this Privacy Policy at any time. Material changes will be communicated via email or in-app notification. Continued use of Applio after the effective date constitutes acceptance of the revised policy.
11. Contact
For questions, requests, or concerns regarding this Privacy Policy:
Email: [INSERT_EMAIL]
Response time: Within 30 days