Back to Home

Privacy Policy

Effective Date: January 1, 2025

Last Updated: January 1, 2025

GoApply ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered job application platform and services (collectively, the "Service").

By using GoApply, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: When you sign up via Google OAuth, we collect your name, email address, and profile picture from your Google account
  • Resume and Professional Information: Work history, education, skills, certifications, references, cover letters, and other career-related documents you upload or create using our platform
  • Job Preferences: Desired job titles, locations, salary ranges, industries, company sizes, work arrangement preferences (remote, hybrid, in-office), and other job search criteria
  • Application Data: Information about jobs you apply to, application statuses, and employer responses
  • Communications: Messages you send to our support team, feedback, and survey responses

1.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on the platform, button clicks, and navigation patterns
  • Device Information: IP address, browser type and version, operating system, device identifiers, screen resolution
  • Cookies and Tracking: Session IDs, authentication tokens, preferences, and analytics data (see Section 9 for details)
  • Log Data: Server logs including timestamps, API calls, error messages, and system events

2. How We Use Your Information

We use your information for the following purposes:

Core Service Delivery

  • • Automatically submit job applications on your behalf
  • • Generate tailored resumes and cover letters using AI
  • • Match you with relevant job opportunities
  • • Track application statuses and employer responses
  • Account Management: Create and maintain your account, process authentication, and provide customer support
  • AI Enhancement: Train and improve our AI models for better resume optimization and job matching
  • Communication: Send application status updates, interview notifications, and respond to your inquiries
  • Platform Improvement: Analyze usage patterns to optimize features and user experience
  • Security: Detect fraud, prevent abuse, and protect platform integrity
  • Legal Compliance: Comply with legal obligations and enforce our Terms of Service

3. Third-Party Service Providers

We work with trusted third-party service providers to deliver our Service. These providers have access to your information only to perform specific tasks on our behalf and are contractually obligated to protect your data:

Database & Authentication

Supabase: Secure PostgreSQL database hosting, user authentication, and data storage

Data Location: US/EU regions | Encryption: AES-256 at rest, TLS 1.3 in transit

AI Services

OpenAI: GPT-4 models for resume tailoring, cover letter generation, and job description analysis

Your data is used only for your requests and is not used to train OpenAI models

Infrastructure Hosting

Vercel: Frontend hosting (Next.js)
Railway: Backend worker hosting (job automation)

SOC 2 Type II compliant infrastructure with 99.99% uptime SLA

Email Delivery

Mailgun: Transactional emails for notifications, status updates, and communications

DKIM, SPF, and DMARC authenticated

Authentication

Google OAuth 2.0: Secure sign-in via your Google account

We receive only basic profile info (name, email, photo)

Background Jobs

Trigger.dev: Queue system for processing job applications and automated tasks

End-to-end encrypted task processing

Note: All third-party providers are GDPR and CCPA compliant and maintain appropriate security certifications (SOC 2, ISO 27001).

4. Data Security

We implement comprehensive security measures to protect your information:

Encryption

AES-256 encryption at rest, TLS 1.3 in transit

Access Control

Role-based access, principle of least privilege

Monitoring

24/7 security monitoring and incident response

Backups

Daily encrypted backups with disaster recovery

5. Data Retention

We retain your information as follows:

  • Active Accounts: Data retained while your account is active
  • Account Deletion: Personal information deleted within 30 days of account deletion request
  • Legal Requirements: Some data retained for compliance (tax, accounting) as required by law
  • Analytics: Aggregated, anonymized data may be retained indefinitely for platform improvement

6. Your Rights and Choices

Access & Download

Request a copy of your personal information at any time through your account settings.

Correction

Update your profile, resume, and preferences directly in your dashboard.

Deletion

Request account deletion at any time. We'll delete your data within 30 days (some information may be retained for legal compliance).

Opt-Out of Marketing

Unsubscribe from promotional emails via the link in any email or in your account settings.

7. Regional Privacy Rights

GDPR (European Economic Area)

If you're in the EEA, you have additional rights:

  • • Right to access, rectify, and erase your data
  • • Right to restrict processing and data portability
  • • Right to object to processing and withdraw consent
  • • Right to lodge a complaint with a supervisory authority

CCPA (California)

California residents can:

  • • Know what personal information we collect and how it's used
  • • Request deletion of personal information
  • • Opt-out of sale (we do not sell personal information)
  • • Non-discrimination for exercising your rights

8. Cookies and Tracking

We use cookies for:

Essential Cookies

Authentication, security, session management (required for platform to work)

Analytics Cookies

Understand usage patterns and improve user experience (can be disabled)

9. Children's Privacy

GoApply is not intended for individuals under 18. We do not knowingly collect data from children. If you believe we have collected information from someone under 18, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in the United States and other countries. We use Standard Contractual Clauses (SCCs) and other legally recognized mechanisms to ensure appropriate safeguards for international transfers.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be announced via email and a notice on our platform. Continued use after changes constitutes acceptance.

12. Contact Us

Questions about this Privacy Policy or how we handle your data?

Response Time

Within 30 days

This Privacy Policy is effective as of January 1, 2025

© 2025 GoApply. All rights reserved.