Your data, your rules

When you sign up, we collect your name, email, and country. When you upload a resume, we extract its text content (name, contact info, work history, education, skills, projects, certifications) for the sole purpose of running your job hunt.

When you connect Gmail (optional), we receive a limited-scope OAuth token that lets us send emails on your behalf and read replies to those specific threads. We do not read your full inbox.

We collect basic technical data — IP address, browser type, device fingerprint — for fraud prevention and analytics. This is anonymized after 90 days.

Your resume content is sent to AI providers (Anthropic Claude, Groq, Google Gemini, Kimi K2) for the sole purpose of tailoring applications to specific jobs. We do not store your resume on third-party AI servers — the AI processes your content per request and returns a response.

We never train AI models on your data. We do not sell your data to anyone, ever. We do not share your data with recruiters or hiring managers except through the application emails you authorize us to send.

All data at rest is encrypted using AES-256. Database backups are encrypted and stored in a separate region. Connections between your browser and our servers use TLS 1.3.

Resume content, OAuth tokens, and personal information are stored on AWS infrastructure in your account's primary region (US-East-1 for USA users, AP-South-1 for India users, CA-Central-1 for Canada users).

You can download all your data at any time from Settings → Privacy → Export. You can delete your account and all associated data at any time from Settings → Danger Zone → Delete Account. Deletion is permanent and takes effect within 24 hours.

If you are an EU/EEA resident, you have additional rights under GDPR including the right to access, correct, restrict processing, port, and erase your data. Contact privacy@aplyqk.com to exercise these rights.

If you are a California resident, you have additional rights under CCPA. We do not sell personal information.

We use essential cookies for authentication and session management. We use first-party analytics (Plausible) to understand usage patterns. We do not use third-party advertising trackers, pixel tags, or session replay tools.

You can opt out of analytics in Settings → Privacy → Analytics.

Active accounts: data is retained for as long as your account is active. Inactive accounts (no login for 12 months): we send an email warning, then delete data after 30 days.

Cancelled accounts: data is retained for 30 days after cancellation in case you reactivate, then permanently deleted.

Application emails sent through Aplyqk remain in your Gmail Sent folder under your control. We do not retain copies on our servers beyond 90 days.

We use the following sub-processors: AWS (hosting), Anthropic / Groq / Google / Moonshot (AI inference), Stripe (USA/Canada payments), Razorpay (India payments), Plausible (analytics), Postmark (transactional email).

Each sub-processor is contractually bound to data protection terms equivalent to or stricter than those in this policy.

Aplyqk is not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has signed up, contact privacy@aplyqk.com and we will delete the account immediately.

If we make material changes to this policy, we will notify all active users via email at least 14 days before the change takes effect. The current effective date is shown at the top of this page.

For privacy questions, data requests, or to report a concern: privacy@aplyqk.com. We respond within 5 business days.

Data Protection Officer: Veer Kumar, Bangalore, India.