Autoply

Privacy Policy

Last updated: May 2026

1. What we collect

  • Account data: email address, full name (when provided).
  • CV content: the text and file you upload. Stored in Supabase Storage, encrypted at rest.
  • Job preferences: target titles, locations, salary expectations — stored in your profile.
  • Application records: which jobs Autoply applied to on your behalf and their outcomes.
  • Gmail OAuth token: a refresh token scoped to read-only Gmail access. We never store your Gmail password. Stored encrypted. Used only to detect recruiter replies.
  • BYOK API key: if you provide your own AI key, it is stored encrypted and never logged or sent anywhere except the AI provider you specified.
  • Payment data: handled entirely by Stripe. We store only the Stripe customer ID and a record of credits purchased — never card details.

2. How we use it

  • To submit job applications on your behalf using your CV and preferences.
  • To tailor your CV and cover letter using AI (your data is sent to whichever AI provider you configure — Anthropic, OpenAI, Google, or Mistral).
  • To detect recruiter replies in your Gmail inbox and surface them in your dashboard.
  • To send you transactional emails (application confirmations, recruiter reply alerts) via Resend.
  • To compute platform-level callback rate statistics (anonymised, aggregated — never individual).

3. What we never do

  • We never sell your data to third parties.
  • We never read Gmail emails that aren't from known recruiter domains or job-related senders.
  • We never store your Gmail password.
  • We never use your CV or applications to train AI models.
  • We never share individual application data with employers or recruiters (Phase 2 recruiter search uses only anonymised candidate profiles).

4. Data retention

Your data is retained for as long as your account is active. You can delete your account at any time from Settings → Delete Account. All associated data is permanently deleted within 30 days.

5. Third-party services

  • Supabase — database and file storage (EU region)
  • Stripe — payment processing
  • Resend — transactional email delivery
  • Railway — server-side automation workers
  • Google / Anthropic / OpenAI / Mistral — AI providers (only when you use BYOK or Autoply's hosted AI)

6. Your rights (GDPR)

If you are based in the UK or EU, you have the right to access, correct, export, or delete your personal data. Email privacy@autoply.tech and we will respond within 30 days.

7. Contact

Questions? Email hello@autoply.tech.