Back to signup

Privacy Policy

AppliAI Privacy Policy

This Privacy Policy explains what personal data AppliAI collects, why it is used, how long it is kept, and what rights users have under UK GDPR and related data protection laws.

Covers account data, CVs, job descriptions, and AI prompt inputs
Explains lawful bases including contractual necessity and legitimate interests
Sets a maximum retention period of 12 months after last login
Describes user rights to access, correct, and delete personal data

1. Scope of This Policy

This Privacy Policy applies to personal data processed when you visit, register for, or use AppliAI.

It should be read alongside the Terms of Service and any other privacy notices shown for specific features.

2. Personal Data We Collect

  • Account information, including your name, email address, authentication details, and profile settings.
  • Uploaded documents and inputs, including CVs, job descriptions, interview answers, prompts, notes, and edited content.
  • Generated content, including tailored CV drafts, cover letters, interview feedback, and builder outputs.
  • Technical and usage information, including device, browser, log, and service interaction data used to operate and secure the platform.
  • Payment-related records such as subscription status, billing events, and Stripe customer references. Full payment card details are handled by Stripe and are not stored by AppliAI.

3. How and Why We Use Personal Data

We use personal data to deliver the services you request, maintain your account, save your work, provide support, monitor performance, and protect the platform from abuse.

  • Generate tailored CVs, cover letters, AI mock interviews, and CV builder outputs.
  • Store and retrieve your documents and application history.
  • Improve service reliability, usability, and safety.
  • Investigate misuse, enforce policies, and comply with legal obligations.

4. Lawful Bases for Processing

Our main lawful bases under UK GDPR and similar rules are contractual necessity and legitimate interests.

  • Contractual necessity: where processing is needed to create your account, deliver requested outputs, manage subscriptions, or provide service features.
  • Legitimate interests: where processing supports product improvement, platform security, abuse prevention, analytics, and reasonable service administration.
  • Legal obligation: where records must be retained or disclosed to comply with law, regulation, or valid legal process.

4A. Cookies and Similar Technologies

AppliAI uses essential cookies for login, security, account access, saved preferences, and payments. These cookies are necessary for the platform to work.

Optional analytics cookies are only used where you have consented through the cookie banner or Cookie settings.

  • Supabase authentication cookies keep users signed in and support account access.
  • Stripe may set cookies or use similar technologies when handling secure checkout, billing, fraud prevention, and payment processing.
  • The cookie_consent cookie stores your analytics preference.

You can change non-essential cookie choices from Cookie settings. Essential cookies cannot be disabled through the banner because account access, security, and payments depend on them.

5. AI Processing and Human Review

AppliAI uses AI and automation to interpret your inputs and generate outputs. This may involve secure processing by third-party AI providers acting on our instructions.

Automated outputs may be reviewed by you and, where reasonably necessary for support, safety, debugging, or abuse prevention, may also be accessed by authorised personnel subject to access controls.

6. Sharing Personal Data

We share personal data only where reasonably necessary to operate the service, comply with law, or protect rights and security.

  • Infrastructure and storage providers such as Supabase.
  • Payment processors such as Stripe.
  • AI and processing providers used to generate requested outputs.
  • Professional advisers, regulators, courts, or law enforcement where required or reasonably necessary.

Service providers are expected to process data under appropriate contractual and security controls.

7. Data Storage and Retention

Personal data is stored using secure backend systems and retained only for as long as reasonably necessary for the stated purposes.

As a general rule, user data is retained for no more than 12 months after your last login unless a longer period is required for legal, fraud-prevention, taxation, accounting, or dispute-resolution reasons.

After the applicable retention period, data is deleted, anonymised, or irreversibly de-identified where reasonably practicable.

8. Security Measures

We use technical and organisational safeguards intended to protect personal data against unauthorised access, loss, misuse, or disclosure.

  • Encryption in transit where supported.
  • Secure authentication and access controls.
  • Monitoring, backups, and platform security practices appropriate to the nature of the service.

No online environment can be guaranteed to be completely secure, so users should also take care to protect their own devices and credentials.

9. Your Rights

Depending on your location and applicable law, you may have rights to access, correct, erase, restrict, object to, or request portability of your personal data.

  • You may request access to the personal data we hold about you.
  • You may request correction of inaccurate or incomplete information.
  • You may request deletion of your account and personal data, subject to lawful exceptions.
  • You may raise a complaint with the relevant supervisory authority if you believe your rights have been infringed.

10. International Data Transfers

Where personal data is processed or accessed outside the UK, EEA, or your home jurisdiction, we aim to use appropriate safeguards that are reasonable for the service and legally required where applicable.

11. Children's Privacy

AppliAI is not intended for children under 18 without appropriate permission or supervision where permitted by law. We do not knowingly design the service for unsupervised use by children.

12. Policy Updates

We may update this Privacy Policy to reflect changes in the service, our processors, legal requirements, or operational practices.

Material changes will be communicated through reasonable in-product or website notices where appropriate.

13. Contact and Data Requests

If you want to exercise your privacy rights, request deletion, or ask a question about this Privacy Policy, you should contact AppliAI using the official support or privacy contact details made available on the website or inside the product.

We may need to verify your identity before completing certain requests for security reasons.