Privacy Policy

Last updated: 07/14/2026

Version 2.0

Introduction

This Privacy Policy describes how ApplyJob (hereinafter "we", "our" or "ApplyJob") collects, uses, stores and protects the personal data of users of its job search assistance service, accessible via the website applyjob.app and the associated Chrome browser extension (hereinafter collectively the "Service").

We attach great importance to the protection of your privacy and are committed to processing your personal data in accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and the French Data Protection Act (Loi Informatique et Libertes).

By using the Service, you accept the practices described in this policy. We invite you to read it carefully.

Article 1 - Data Controller

The data controller for personal data is:

  • Company name: ApplyJob SARL
  • Address: 13 Villa De L'avenir, 93100 Montreuil, France
  • Email: contact@applyjob.app
  • SIRET number: 809 674 260 00025

Article 2 - Data Protection Officer (DPO)

For any questions regarding the protection of your personal data or to exercise your rights, you may contact:

  • Email: contact@applyjob.app
  • Postal address: ApplyJob, 13 Villa De L'avenir, 93100 Montreuil, France

Article 3 - Personal Data Collected

We collect different categories of personal data depending on your use of the Service:

3.1 Registration Data (via Google OAuth)

When you register using your Google account, we automatically collect:

  • Email address
  • First and last name
  • Profile picture (URL)
  • Unique Google identifier (UID)

3.2 Professional Profile Data

When you create and complete one or more profiles, you may provide:

Identity information:

  • First name, last name
  • Date of birth
  • Gender
  • Nationality(ies)
  • Photo

Contact details:

  • Contact email address
  • Phone number (country code and number)
  • Full postal address (street, city, postal code, country, region)

Professional links:

  • LinkedIn profile
  • Personal website
  • GitHub profile

Professional information:

  • Current position
  • Years of experience
  • Education level
  • Professional experience summary
  • Language skills
  • Resume (PDF document)
  • Content extracted from resume

Job search preferences:

  • Availability
  • Types of contracts sought
  • Remote work preference
  • Openness to relocation and travel
  • Countries where you can legally work
  • Visa/sponsorship needs

Salary information:

  • Current salary
  • Desired salary
  • Hourly rate (current and desired)
  • Currency

Additional information:

  • GPA / academic grades
  • Driver's license
  • Security clearance

3.3 Sensitive Data (Special Categories)

With your explicit consent, we may collect:

  • Disability status: only if you choose to provide it (options: Yes / No / Prefer not to answer). This information is used solely to pre-fill job application forms that include this question.

Important: You are never required to provide this information. It is collected on a voluntary basis to facilitate your applications with employers who ask this question.

3.4 Application Data

When you use the Service to apply for jobs:

  • URLs of job postings viewed and applied to
  • Job title and company name
  • Application status (draft, submitted, etc.)
  • Submission date
  • Form data filled in
  • AI-generated responses

3.5 Service Usage Data

  • AI generation history (count, date, model used, tokens consumed)
  • Saved responses
  • Saved search pages (URLs)
  • Application goals set
  • Onboarding progress
  • Extension installation date

3.6 Payment and Subscription Data

  • Stripe customer identifier
  • Subscription type and status
  • Subscription end date
  • Usage history (AI generations)

Note: Credit card information is collected and processed exclusively by our payment provider Stripe. We never have access to full card numbers.

3.7 Data Collected by the Chrome Extension

The Chrome extension collects:

  • Information from job application forms on third-party sites (for auto-fill)
  • The URL of pages visited that contain job application forms
  • The user's login status

The extension does not collect:

  • Your general browsing history
  • Your passwords
  • Your data on sites unrelated to job applications
  • Information about other tabs or windows

3.8 Technical Data

  • IP address (server logs)
  • Browser type and version
  • Operating system
  • Pages visited on the Service
  • Date and time of connections

Article 4 - Purposes and Legal Bases for Processing

We process your personal data for the following purposes:

Purpose Legal Basis Data Concerned
Creation and management of your user account Performance of contract (ToS) Google registration data
Providing the auto-fill service and application tracking Performance of contract Profile data, application data
Content generation by artificial intelligence Performance of contract Profile data, application context
Subscription management and billing Performance of contract Payment data, email
Service analysis and improvement Legitimate interest Usage data, technical data
Customer service communication Performance of contract / Legitimate interest Email, name
Sending Service information (notifications, updates) Legitimate interest Email
Fraud prevention and security Legitimate interest Technical data, logs
Compliance with legal obligations Legal obligation Billing data, logs
Collection of disability status Explicit consent Disability status (optional)

Article 5 - Data Recipients

Your personal data may be shared with the following categories of recipients:

5.1 Technical Subprocessors

We use subprocessors to provide the Service. These subprocessors act only on our instructions and are contractually bound to protect your data:

Subprocessor Purpose Location Safeguards
Google (OAuth) Authentication USA EU-US Data Privacy Framework
Stripe Payments and billing USA / Ireland EU-US Data Privacy Framework
OpenAI AI content generation USA EU-US Data Privacy Framework + DPA
Hetzner Data hosting Germany / EU Data hosted in EU, ISO 27001 certified

5.2 Transfers to the United States

Some of our subprocessors are located in the United States. These transfers are governed by:

  • The EU-US Data Privacy Framework for certified companies
  • Standard contractual clauses of the European Commission
  • Additional security measures (encryption, pseudonymization)

5.3 AI Processing

Important regarding OpenAI:

When you use the AI generation features, some of your data is transmitted to OpenAI for processing:

  • Your profile information necessary for generating personalized responses
  • The context of the question or application
  • Previous responses to ensure consistency

We use the OpenAI API configured not to use your data for training their models. The transmitted data is processed in accordance with OpenAI's privacy policy and our data processing agreement with them.

5.4 Other Recipients

Your data may also be disclosed to:

  • Judicial, administrative or tax authorities, upon legal request
  • Our legal and accounting advisors, as part of their duties
  • A potential acquirer in the event of a sale or merger of the company

5.5 No Sale of Data

We never sell your personal data to third parties.

Article 6 - Data Retention Periods

Your personal data is retained for the following periods:

Type of Data Retention Period
Account and profile data For the duration of your registration, then 3 years after the last activity or account deletion
Resumes and uploaded documents Until deleted by the user or account closure
Application history 3 years after the application
Generated and saved responses Until deleted by the user or account closure
Billing data 10 years (legal accounting obligation)
Technical and security logs 1 year
Cookies 13 months maximum

Upon expiration of these periods, your data is deleted or irreversibly anonymized.

Article 7 - Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, modification, disclosure or destruction:

7.1 Technical Measures

  • Data encryption in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure authentication via OAuth 2.0
  • Firewall and intrusion protection
  • Regular and secure backups
  • Access and anomaly monitoring

7.2 Organizational Measures

  • Data access limited to authorized personnel
  • Staff training on data protection
  • Security incident management procedures
  • Regular security audits

7.3 Breach Notification

In the event of a personal data breach likely to pose a risk to your rights and freedoms, we will inform you as soon as possible, in accordance with applicable regulations.

Article 8 - Your Rights

In accordance with the GDPR and the French Data Protection Act, you have the following rights over your personal data:

8.1 Right of Access

You have the right to obtain confirmation that your data is being processed and to receive a copy of it.

8.2 Right to Rectification

You may request the correction of inaccurate or incomplete data concerning you. You can also update your information directly from your user dashboard.

8.3 Right to Erasure (Right to be Forgotten)

You may request the deletion of your personal data in the cases provided for by regulation (data no longer necessary, withdrawal of consent, etc.).

8.4 Right to Restriction of Processing

You may request the restriction of the processing of your data in certain cases (disputing accuracy, unlawful processing, etc.).

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another data controller.

8.6 Right to Object

You may object at any time to the processing of your data for direct marketing purposes. You may also object, on grounds relating to your particular situation, to processing based on our legitimate interest.

8.7 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before the withdrawal.

8.8 Post-mortem Directives

You have the right to define directives regarding the retention, deletion and communication of your data after your death.

8.9 How to Exercise Your Rights

To exercise your rights, you may:

  • From your account: modify or delete your information directly in your profile settings.
  • By email: send your request to dpo@applyjob.app (or contact@applyjob.app) along with a copy of an identity document.
  • By mail: ApplyJob, 13 Villa De L'avenir, 93100 Montreuil, France

We will respond to your request within one month. This period may be extended by two additional months in the case of complex requests or a high number of requests, in which case we will inform you.

8.10 Complaint to the CNIL

If you believe your rights are not being respected, you may file a complaint with the French Data Protection Authority (CNIL):

  • Website: www.cnil.fr
  • Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07

Article 9 - Cookies and Similar Technologies

9.1 What is a Cookie?

A cookie is a small text file stored on your device when you visit a website. It enables the storage of information related to your browsing.

9.2 Cookies Used by ApplyJob

We use the following categories of cookies:

Type Purpose Duration Consent
Strictly necessary cookies User session, security, essential preferences Session or 13 months Not required
Functional cookies Remembering your preferences (language, display) 13 months Not required
Analytical cookies Audience measurement, usage statistics 13 months Required

Note: To date, ApplyJob primarily uses strictly necessary cookies for the operation of the Service (user session). We do not use advertising cookies or marketing trackers.

9.3 Cookie Management

You may manage your cookie preferences at any time:

  • Via your browser settings
  • Via our cookie consent banner (if applicable)

Refusing strictly necessary cookies may prevent the proper functioning of the Service.

9.4 Local Storage (Chrome Extension)

The Chrome extension uses the browser's local storage (chrome.storage) to:

  • Save your login status
  • Store your extension usage preferences
  • Temporarily cache information for the auto-fill functionality

This data remains on your device and is not transmitted to our servers, except for operations requiring synchronization (such as saving an application).

Article 10 - Protection of Minors

The Service is intended for adults. We do not knowingly collect personal data from minors under 18 years of age.

If we learn that we have collected data from a minor without the required parental consent, we will take the necessary steps to delete this data as soon as possible.

Article 11 - Links to Third-Party Sites

The Service may contain links to third-party websites (notably recruitment platforms). We are not responsible for the privacy practices of these sites. We encourage you to read their respective privacy policies.

Article 12 - Policy Modifications

We may modify this Privacy Policy at any time to adapt it to changes in the Service, regulations or our practices.

In the event of a substantial modification, we will inform you by email and/or by notification on the Service at least 15 days before the changes take effect.

The date of the last update is indicated at the top of this document. We invite you to consult this policy regularly.

Article 13 - Contact

For any questions regarding this Privacy Policy or the processing of your personal data, you may contact us:

  • By email: contact@applyjob.app or dpo@applyjob.app
  • By mail: ApplyJob, 13 Villa De L'avenir, 93100 Montreuil, France

Appendix: Summary of Your GDPR Rights

Right Description
Access Obtain a copy of your data
Rectification Correct inaccurate data
Erasure Delete your data
Restriction Restrict processing
Portability Retrieve your data in a standard format
Objection Refuse certain processing
Withdrawal of consent Withdraw your agreement at any time

Contact: contact@applyjob.app | Supervisory authority: CNIL