Last updated: February 2026

Privacy Policy

Applyer ("Company", "we", "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information in compliance with the EU General Data Protection Regulation (GDPR) and applicable Israeli privacy laws.

1. Data Controller

Applyer, based in Israel, is the data controller for the personal data processed through this Service. Contact: legal@applyer.io.

2. Data We Collect

2.1 Data you provide

• Google profile data: Name, email address, and profile picture (via Google SSO)
• CV / resume text: The content of CVs you upload or paste
• Job descriptions: Job listing text and URLs you submit for matching

2.2 Data generated by the Service

• AI-generated CV suggestions and match scores
• Interview preparation materials
• Credit usage and action logs

2.3 Technical data

• Authentication session cookies (Supabase auth — no tracking cookies)
• Basic analytics via Vercel Analytics (anonymized, no personal identifiers)

3. Legal Basis for Processing (GDPR Art. 6)

• Consent (Art. 6(1)(a)): You consent when creating your account and accepting these terms
• Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service
• Legitimate interest (Art. 6(1)(f)): Service improvement and security

4. How We Use Your Data

• Provide and improve the CV optimization, job matching, and interview prep features
• Process your CV through AI models to generate tailored suggestions
• Track credit usage and enforce plan limits
• Send transactional emails (account-related only)
• Maintain platform security and prevent abuse

5. Third-Party Processors

We share your data with the following processors, all under data processing agreements:

Data transferred outside the EU/EEA is protected by Standard Contractual Clauses (SCCs) or equivalent safeguards as maintained by each provider.

6. Data Retention

We retain your personal data for as long as your account is active. Upon account deletion, your data is permanently removed within 30 days. AI action logs are retained for billing and audit purposes for up to 12 months after account deletion.

7. Your Rights (GDPR Art. 15–20)

You have the right to:

• Access (Art. 15): Request a copy of your personal data
• Rectification (Art. 16): Correct inaccurate data
• Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Restriction (Art. 18): Restrict processing in certain circumstances
• Portability (Art. 20): Receive your data in a structured, machine-readable format
• Objection (Art. 21): Object to processing based on legitimate interest
• Withdraw consent: At any time, without affecting prior processing

To exercise any of these rights, contact us at legal@applyer.io. We will respond within 30 days.

8. Cookies

We use only essential cookies for authentication (Supabase session cookies). We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies.

9. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us for removal.

10. Data Security

We implement appropriate technical and organizational measures including encrypted connections (TLS), row-level security (RLS) in our database, and access controls to protect your data. However, no system is 100% secure.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or in-app notice. The "Last updated" date reflects the most recent revision.

12. Supervisory Authority

If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection authority. In Israel, the relevant authority is the Privacy Protection Authority (PPA).

13. Contact

For privacy-related inquiries, contact us at legal@applyer.io.