Privacy Policy

1. Information We Collect

We collect information you provide directly:

• Account data: name, email address, and password (hashed).
• Resume data: resumes you upload, including parsed content such as work history, education, and skills.
• Preference data: job preferences, target roles, salary expectations, and location preferences.
• Application data: job applications, their status, and outcomes you report.
• OAuth data: if you sign in via Google or LinkedIn, we receive your name, email, and profile photo from the provider.

We also collect automatically:

• Usage data: pages visited, features used, and interaction patterns.
• Device data: browser type, operating system, and screen size.

2. How We Use Your Information

• To provide the Service: matching jobs, tailoring resumes, generating cover letters, and submitting applications.
• To improve matching quality using aggregated, anonymized application outcome data.
• To process payments and manage subscriptions via Razorpay.
• To send transactional emails (application confirmations, password resets) via our email provider (ZeptoMail).
• To provide customer support and respond to inquiries.

3. AI Processing

Your resume and job data are processed by AI models (OpenAI, Anthropic) to generate tailored documents, match scores, and interview preparation content. We send only the minimum necessary data to these providers. AI providers do not retain your data for training purposes under our agreements.

4. Data Sharing

We do not sell your personal data. We share data only with:

• AI providers (OpenAI, Anthropic) for content generation, under data processing agreements.
• Razorpay for payment processing.
• Employers only when you explicitly approve an application for submission.

5. Data Storage and Security

Your data is stored in PostgreSQL with encryption at rest. Resumes are stored in S3-compatible storage. Sensitive fields (for example, EEO data) can be encrypted at the application level. We use HTTPS for all data in transit, a session token for authentication, and rate limiting to prevent abuse.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, all personal data is permanently removed within 30 days. Anonymized, aggregated analytics data may be retained indefinitely.

7. Your Rights

You have the right to:

• Access: Export all your data from Profile settings.
• Correction: Update your information at any time.
• Deletion: Delete your account and all associated data.
• Portability: Download your data in a standard format.

8. Cookies and Session

We use a session token for authentication. We do not use third-party advertising cookies. Analytics cookies (Mixpanel, PostHog, and Google Analytics) are only active when explicitly configured.

9. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or in-app notification.

11. Related Policies

• Terms of Service
• Payment & Refund Policy

12. Contact

For privacy-related questions, contact us at support@xapply.ai.