Privacy Policy

ApplyForge ("the Extension", "the Service") is a browser extension that helps users optimize their job applications on LinkedIn. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

• Account information: Email address and name provided during sign-up.
• CV / Resume data: The CV you upload is parsed and stored securely on our servers, encrypted at rest.
• Job page data: Job title, company name, location, and description are extracted from LinkedIn job pages only when you interact with the extension on a job page.
• Usage counters: We track daily feature usage counts (e.g., number of CV generations) to enforce plan limits.
• Payment data: Subscription payments are processed by Paddle. We receive your subscription status but never see or store your card number.

2. Data We Do NOT Collect

• We do not collect your LinkedIn credentials or password.
• We do not track your browsing history or activity outside of LinkedIn job pages.
• We do not sell, rent, or share your data with third parties for marketing.
• We do not use cookies or third-party analytics trackers in the extension.
• We do not access or read your LinkedIn messages, connections, or profile data.

3. How We Use Your Data

• To generate AI-optimized CVs, cover letters, and job fit scores tailored to specific job postings.
• To store your base CV so you don't need to re-upload it each session.
• To enforce daily usage limits based on your subscription plan.
• To send transactional emails (e.g., CV upload confirmation, password reset codes).
• To improve the Service and fix bugs (only aggregated, anonymized usage data).

4. Third-Party Services

• Cloud Infrastructure: Our backend runs on secure cloud servers. All data is processed in a single region and never distributed across multiple locations.
• AI Provider: Job descriptions and CV data are sent to our AI provider for analysis. The AI provider does not retain your input data for model training.
• Authentication: We use a secure authentication service. Passwords are hashed and never stored in plain text.
• Email Service: We use a transactional email service to send important notifications. We do not send marketing or promotional emails.
• Paddle: Handles subscription billing. Subject to Paddle's Privacy Policy.

5. Data Retention

• Your CV is stored until you delete it (via Settings → Remove CV).
• Generated documents are automatically deleted after a reasonable period.
• Usage records are periodically cleaned up and not retained indefinitely.
• Account data is retained until you request deletion.

6. Data Security

All data is transmitted over HTTPS/TLS. Data at rest is encrypted using industry-standard encryption (AES-256). Authentication tokens are stored in the browser's local storage and expire after 1 hour (auto-refreshed for up to 30 days). We follow security best practices including least-privilege access policies.

7. Your Rights

You have the right to:

• Access your personal data — you can view your CV and profile in the extension settings.
• Correct your data — upload an updated CV at any time.
• Delete your data — remove your CV through settings, or request full account deletion by contacting us.
• Export your data — download your CV and generated documents as PDFs.
• Withdraw consent — uninstall the extension and request account deletion at any time.

For EU/EEA residents: you may have additional rights under GDPR including the right to lodge a complaint with a supervisory authority.

8. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

9. Extension Permissions

The extension requests only the minimum permissions necessary:

• activeTab: To read job data from the current LinkedIn page when you click the extension.
• storage: To save your session, preferences, and cached job data locally.
• scripting: To inject the content script into LinkedIn pages for job data extraction.
• Host permissions (linkedin.com): To operate on LinkedIn job pages.
• Host permissions (cloudfront.net, applyforge.net): To communicate with our API backend.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice. The "Last updated" date at the top indicates when the policy was last revised.

11. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:
support@applyforge.net