Privacy

Privacy Policy

Last updated June 10, 2026

Introduction

Applying Pal ("we", "us") makes a curated jobs catalog, a resume builder, and a Chrome extension that helps you complete job application forms. This Privacy Policy explains what data we handle, why, and the choices you have.

By using Applying Pal, you agree to this policy. If you don't, please don't use the service.

Plain-English summary

We collect only what we need to provide the products you actively use.

We do not sell your data, share it with employers without your action, or use it for advertising.

Resume content stays in your browser unless you sign in. When signed in, your data is stored on our servers so it can sync across devices.

AI features (in the extension) are the one paid feature; AI providers process your drafts on demand and do not train on your data.

1. Information we collect

1.1 Account information

Email and name

Password (bcrypt-hashed) or Google OAuth identifier

1.2 Resume and profile data

Contact info: name, email, phone, location, LinkedIn, GitHub, portfolio

Resume: text, filename, parsed sections (experience, education, projects, skills, certifications, languages)

Preferences: industry, role, experience level, company size

Q&A pairs: saved responses, both user-created and AI-generated

AI notes: custom instructions you provide (up to 500 characters, sanitized)

1.3 Local browser storage (never sent to our servers)

Resume file (IndexedDB, up to 10 MB)

Job descriptions you've viewed (Chrome Storage, up to 50 most recent)

Form history (IndexedDB, up to 1,000 most recent)

Visited job URLs and authentication tokens

You can clear this data anytime through the extension or your browser settings.

1.4 Application activity

When you use the extension to submit an application on a supported ATS, we record a row in your applications dashboard: the job URL, company name, role, timestamp, and any notes you add. This data is yours and can be deleted anytime.

1.5 Usage and analytics

We collect minimal usage information to operate and improve the product:

AI credit usage and feature usage

Subscription and billing status

Application monitoring (no PII)

1.6 Payment information

Stripe processes all payments and is PCI-DSS compliant. We store only the Stripe customer ID, subscription ID, and plan status. We never see your card details.

1.7 Custom API keys

If you choose to bring your own OpenAI or Gemini key, we encrypt it with AES-256-GCM and store it securely. You can delete it at any time.

2. How we use your information

We use your data to:

Provide services: curated jobs, resume building, form filling, AI answer drafting, application tracking

Authenticate and secure your account

Process payments and send transactional communications

Improve services and monitor security

Comply with legal obligations

We do not sell your data, share your profile with employers without your action, use your data for advertising, or track your activity outside the job platforms you use the extension on.

3. Data storage and security

Backend: MongoDB Atlas, encrypted at rest, with 30-day backups

Local: your browser (Chrome Storage, IndexedDB)

Passwords: bcrypt-hashed (12 salt rounds)

API keys: AES-256-GCM encrypted

Transmission: HTTPS/TLS

Access: role-based controls, authentication required

AI notes: sanitized to mitigate prompt injection

No internet system is 100% secure. We apply industry-standard safeguards and continue to improve them.

4. Third-party services

AI providers

OpenAI: resume parsing and answer drafting; OpenAI does not train on API data. openai.com/policies/privacy-policy

Google Gemini: alternative AI provider. policies.google.com/privacy

Infrastructure and payment

Stripe: payment processing (PCI-DSS). stripe.com/privacy

Google OAuth: optional sign-in. policies.google.com/privacy

MongoDB Atlas: encrypted database. mongodb.com/legal/privacy-policy

5. Browser permissions

The Chrome extension requests only the permissions it needs:

storage: saves your resume, job descriptions, and form history locally in your browser.

activeTab and scripting: detects and helps fill application forms when you click to use the extension. We never access pages automatically.

sidePanel: displays the extension UI in Chrome's side panel.

host permissions: access to supported job platforms only when you visit them (greenhouse.io, lever.co, ashbyhq.com, workable.com, indeed.com, linkedin.com). We detect form fields, extract job descriptions for AI drafts, and help you fill forms faster. We do not access other websites, track general browsing, or share your data with employers without your explicit action (clicking Apply or Submit).

6. Data retention

Account and profile: until you delete it

Local browser data: until you clear it

Usage logs: 90 days

Backups: 30 days

Deleted accounts: removed permanently. We do not retain data after deletion.

You can request deletion of your account or data anytime by writing to support@applyingpal.com.

7. Your rights

Access, rectify, or erase your data

Export your data (portability)

Withdraw consent or switch to your own API keys

Contact support@applyingpal.com or use the in-app settings.

8. Cookies and tracking

We use essential cookies only (authentication tokens).

No advertising, cross-site tracking, or analytics cookies.

Server-side analytics only (no PII).

The extension monitors only supported platforms, only when active.

9. Policy changes

We may update this policy. For material changes, we will email you and surface an alert in the app. Continued use means acceptance. Please review periodically.

10. Contact

Questions or requests: support@applyingpal.com. We aim to respond within 30 days.

11. Acknowledgment

By using Applying Pal, you confirm that you have read and understood this Privacy Policy.

Questions?

Email support@applyingpal.com for privacy requests, data export, or account deletion.

← Back to home