AutoApply

Privacy Policy

Last updated: June 2026  ·  Placeholder — not legal advice

1. Information We Collect

We collect the minimum information needed to operate the service:

  • Account information. Your name and email address when you register. Your password is hashed with bcrypt and never stored in plain text.
  • WhatsApp group messages. In v1 AutoApply reads messages from the WhatsApp groups you authorise. We store only the content classified as a hiring post. General conversation messages are processed in memory and discarded.
  • Resume data. Text extracted from the resume or CV you upload (PDF or DOCX). Used exclusively for skill matching and proposal generation.
  • SMTP credentials. Email account credentials you add for outbound sending. These are encrypted at rest using AES-256 Fernet symmetric encryption and are never transmitted in plain text.
  • Usage data. Standard server logs (request timestamps, IP addresses, error traces) retained for up to 14 days for debugging purposes.

2. How We Use Your Information

Information you provide is used only to deliver the service you signed up for:

  • Authenticate your account and secure your session.
  • Match WhatsApp hiring posts against your resume and skills.
  • Generate personalised job-application email proposals via AI.
  • Send application emails through your configured SMTP accounts.
  • Populate your dashboard with lead scores, statuses, and sent proposals.
  • Send transactional emails (password reset, billing receipts).

We do not use your data for advertising, sell it to third parties, or use it to train AI models without explicit consent.

3. Data Storage & Security

Your data is stored on servers in the European Union (or the region selected at account creation). We apply the following controls:

  • TLS 1.2+ in transit for all API and frontend traffic.
  • AES-256 encryption at rest for SMTP credentials and session tokens.
  • PostgreSQL row-level scoping — each user's data is queried only with their own user_id.
  • Redis broker access restricted to internal network only.
  • Automated log rotation and purge after 14 days.

Despite these measures, no system is completely secure. We will notify you promptly in the event of a breach affecting your personal data.

4. WhatsApp Data

AutoApply connects to WhatsApp via your own account credentials using a read-only integration. We never post messages, join groups, or interact with your contacts on your behalf. Group messages are streamed to our classifier in real time; only messages identified as hiring posts are persisted to your account database. All other messages are discarded immediately after processing. We do not share WhatsApp message content with any third party other than the AI analysis services described in Section 5, and only in anonymised or pseudonymised form.

5. Third-Party Services

We use a limited set of third-party processors to deliver the service:

  • OpenAI. Hiring post text and resume excerpts are sent to OpenAI's API to generate match scores, opportunity summaries, and email proposals. Data is processed under OpenAI's API data usage policy — not used for model training by default.
  • SMTP providers. Email applications are sent through SMTP accounts you configure (e.g. Gmail, Outlook, custom domain). We act as a processor; your chosen provider's privacy policy applies to the transmission.
  • Infrastructure. Hosted on cloud infrastructure (PostgreSQL, Redis, object storage). Data is stored in encrypted volumes in the region you select.

6. Your Rights

Depending on your jurisdiction you may have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your account and associated data.
  • Object to or restrict certain types of processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at the address in Section 9. We will respond within 30 days.

7. Data Retention & Deletion

Your account data is retained for as long as your account is active. If you delete your account, all personal data — including your resume, SMTP credentials, harvested hiring posts, and sent applications — is permanently deleted within 30 days. Anonymised aggregate statistics (e.g., total applications sent per day across all users) may be retained indefinitely and cannot be linked back to you. Billing records are retained for seven years as required by applicable financial regulations.

8. Cookies & Tracking

AutoApply uses a minimal session cookie to maintain your authenticated state. We do not use advertising trackers, third-party analytics pixels, or fingerprinting scripts. Any analytics we run are self-hosted and aggregate-only.

9. Contact

For privacy-related enquiries, data access requests, or deletion requests, email us at privacy@autoapply.app. We aim to respond within 5 business days and will resolve all requests within 30 calendar days.