Autoply

Privacy Policy

Last updated: May 2026

1. What we collect

  • Account data: email address, full name (when provided).
  • CV content: the text and file you upload. Stored in Supabase Storage, encrypted at rest.
  • Job preferences: target titles, locations, salary expectations — stored in your profile.
  • Application records: which jobs Autoply applied to on your behalf and their outcomes.
  • Gmail OAuth token: a refresh token scoped to read-only Gmail access. We never store your Gmail password. Stored encrypted. Used only to detect recruiter replies.
  • BYOK API key: if you provide your own AI key, it is stored encrypted and never logged or sent anywhere except the AI provider you specified.
  • Payment data: handled entirely by Stripe. We store only the Stripe customer ID and a record of credits purchased — never card details.

2. How we use it

  • To submit job applications on your behalf using your CV and preferences.
  • To tailor your CV and cover letter using AI (your data is sent to whichever AI provider you configure — Anthropic, OpenAI, Google, or Mistral).
  • To detect recruiter replies in your Gmail inbox and surface them in your dashboard.
  • To send you transactional emails (application confirmations, recruiter reply alerts) via Resend.
  • To compute platform-level callback rate statistics (anonymised, aggregated — never individual).

3. What we never do

  • We never sell your data to third parties.
  • We never read Gmail emails that aren't from known recruiter domains or job-related senders.
  • We never store your Gmail password.
  • We never use your CV or applications to train AI models.
  • We never share individual application data with employers or recruiters (Phase 2 recruiter search uses only anonymised candidate profiles).

4. Chrome Extension

The Autoply Chrome Extension collects and uses data as follows:

  • Job page content: when you click "Apply with Autoply" on a supported job board (LinkedIn, Indeed, Reed, etc.), the extension reads the job title, company name, location, and description from that page's DOM. This data is sent to Autoply's servers solely to create a job application record on your behalf.
  • Authentication token: your Autoply login token is stored locally in chrome.storage.local on your device. It is never shared with third parties and is used only to authenticate requests to autoply.tech.
  • Browsing activity: the extension only activates on specific job board URLs listed in its manifest. It does not track general browsing history, read emails, or interact with any other pages.
  • No extension data is sold or shared. All data transmitted leaves the extension only to reach autoply.tech (the Autoply platform you are logged in to).

5. Data retention

Your data is retained for as long as your account is active. You can delete your account at any time from Settings → Delete Account. All associated data is permanently deleted within 30 days.

6. Third-party services

  • Supabase — database and file storage (EU region)
  • Stripe — payment processing
  • Resend — transactional email delivery
  • Railway — server-side automation workers
  • Google / Anthropic / OpenAI / Mistral — AI providers (only when you use BYOK or Autoply's hosted AI)

7. Your rights (GDPR)

If you are based in the UK or EU, you have the right to access, correct, export, or delete your personal data. Email privacy@autoply.tech and we will respond within 30 days.

8. Contact

Questions? Email hello@autoply.tech.