AplydPrivacy Policy
Last updated: April 11, 2026
Summary: We collect only what's needed to provide the service. Your data is encrypted, never sold, and you can delete it anytime.
1. Information We Collect
Account Information
- Name, email address, password (bcrypt-hashed)
- OAuth profile data (Google, LinkedIn) if you use social login
- Profile picture (uploaded or AI-generated)
Career Data
- Resumes/CVs you upload or generate
- Job applications you track
- Interview notes and mock interview recordings
- Skills, work history, and career goals from onboarding
Usage Data
- Pages visited, features used, session duration
- Device type, browser, and general location (country/city level)
- We use Microsoft Clarity and PostHog for product analytics
2. How We Use Your Data
- AI Services: Your resume and job data is processed by AI models (Claude, OpenAI) to generate evaluations, CVs, cover letters, and career advice. Data is sent to API providers for processing only — not for training their models.
- Service Delivery: Account management, subscription billing, email notifications.
- Product Improvement: Anonymous, aggregated analytics to improve features.
3. Data Storage & Security
- Data is stored in PostgreSQL databases hosted on Neon.tech (encrypted at rest).
- Secrets are managed via GCP Secret Manager (never stored on disk).
- All connections use TLS/SSL encryption in transit.
- Passwords are hashed with bcrypt (never stored in plaintext).
- OAuth tokens are encrypted with Fernet symmetric encryption.
- File uploads are stored in GCP Cloud Storage with server-side encryption.
4. Data Sharing
We do not sell your personal data. We share data only with:
- AI Providers: Anthropic (Claude) and OpenAI for AI-powered features. Subject to their data processing agreements.
- Payment Processor: Stripe for subscription billing.
- Infrastructure: Google Cloud Platform for hosting and storage.
- Analytics: Microsoft Clarity and PostHog (anonymized usage data only).
5. Your Rights
- Access: View all your data via Settings.
- Export: Download your data in machine-readable format (Settings → Privacy → Export).
- Delete: Request account deletion (Settings → Privacy → Delete Account). Data is permanently removed within 30 days.
- Correct: Update your profile information at any time.
- Opt out: Disable analytics tracking in your browser settings.
6. Cookies
- Session cookie: Required for authentication (httpOnly, secure, SameSite=strict).
- CSRF token: Required for form security.
- Theme preference: Stored in localStorage (not a cookie).
- We do not use advertising or tracking cookies.
7. Data Retention
- Active accounts: data retained while the account is active.
- Deleted accounts: data permanently removed within 30 days.
- Free CV reviews (anonymous): retained for 7 days, then auto-deleted.
- Audit logs: retained for 90 days.
8. Children's Privacy
Aplyd is not intended for users under 16 years of age. We do not knowingly collect data from children.
9. Changes to This Policy
We may update this policy from time to time. We will notify registered users of material changes via email.
10. Contact
For privacy-related questions or data requests, contact us at privacy@aplyd.co.