1. Introduction
Applyio is a recruiting workflow platform designed to help users manage job applications, create and refine CVs and cover letters, prepare for interviews, and organize their recruiting materials in one place.
This Privacy Policy explains what personal information we collect, why we collect it, how we use it, which service providers may process it, how long we keep it, and what rights you have in relation to your personal information.
This Privacy Policy applies when you access or use the Applyio website, platform, account area, application tracker, CV tools, cover letter tools, interview preparation tools, case practice tools, support features, and related services.
2. Controller and Contact Details
The controller responsible for the processing of personal information under this Privacy Policy is:
Maximilian Kremers, trading as Applyio
Lietzenburger Straße 101, 10707 Berlin, Germany
Email: support@applyio.app
Applyio is currently operated as a sole proprietorship. If the legal structure of the business changes in the future, this Privacy Policy will be updated accordingly.
3. Information We Collect
We may collect and process the following categories of information, depending on how you use Applyio:
- Account information, such as your name, email address, user ID, login status, subscription status, account preferences, and account activity.
- Recruiting workflow information, such as companies, roles, application statuses, deadlines, job descriptions, notes, application records, and related application details.
- CV and resume information, such as uploaded CVs, generated CVs, CV text, education history, employment history, skills, achievements, projects, extracurricular activities, and other information you choose to include.
- Cover letter information, such as job descriptions, company information, user-provided context, generated cover letters, edited cover letters, and related metadata.
- Interview preparation and case practice information, such as role information, practice answers, preparation notes, generated questions, generated feedback, and related session data.
- Document and file metadata, such as file names, file keys, file types, storage references, creation dates, and download or access references. Actual documents are stored through file storage providers rather than directly in our primary database.
- Support information, such as support requests, support messages, issue descriptions, email messages, and information you provide when asking for help.
- Billing and subscription information, such as subscription plan, payment status, invoices, transaction references, and billing-related metadata. Full payment details are handled by our payment and billing providers.
- Technical and usage information, such as IP address, browser type, device type, operating system, approximate location derived from technical data, pages viewed, feature usage, timestamps, errors, logs, and security-related events.
- Analytics and cookie information, where analytics tools are enabled, such as page views, referral sources, device information, session information, and interaction data.
- Communications information, such as emails, account notices, support replies, and administrative messages we send or receive in connection with your use of the platform.
You decide what information you provide to Applyio. Because our tools are designed for recruiting and career-related workflows, information you submit may include personal information about your education, employment history, achievements, skills, and professional background.
4. How We Use Your Information
We use your information to:
- Provide, operate, maintain, and improve the Applyio platform.
- Create, authenticate, manage, and secure user accounts.
- Verify subscription status and control access to paid features.
- Store and organize your applications, CVs, cover letters, interview preparation materials, case practice materials, and related recruiting workflow data.
- Generate AI-powered CVs, cover letters, interview preparation content, case practice content, and related recruiting materials requested by you.
- Process uploaded documents, convert files, generate documents, and prepare downloadable files where requested.
- Connect generated materials to your applications and user account so that your workflow remains organized.
- Provide customer support, respond to support requests, troubleshoot issues, and improve support processes.
- Process subscriptions, billing, invoices, payments, refunds, and account administration.
- Monitor platform performance, diagnose technical issues, prevent downtime, and improve product quality.
- Analyze product usage and improve user experience where analytics tools are enabled and legally permitted.
- Protect against fraud, abuse, excessive automated use, unauthorized access, security incidents, and misuse of the platform.
- Maintain logs, backups, and operational records needed to run the service securely and reliably.
- Comply with legal obligations, enforce our agreements, resolve disputes, and protect our rights and the rights of users.
- Communicate with you about your account, product updates, support matters, legal notices, and service-related information.
5. Legal Bases for Processing
Where the General Data Protection Regulation or similar data protection laws apply, we rely on the following legal bases for processing personal information:
- Performance of a contract: to provide the platform, manage your account, deliver requested features, process subscriptions, and generate requested recruiting materials.
- Legitimate interests: to secure the platform, prevent abuse, investigate suspicious activity, troubleshoot errors, respond to support requests, maintain product reliability, understand feature usage, improve the user experience, and protect our legal and business interests.
- Consent: where required for optional cookies, analytics technologies, marketing communications, or other processing activities that legally require consent.
- Legal obligations: to comply with tax, accounting, consumer protection, regulatory, legal, and compliance requirements.
- Protection of rights and interests: to establish, exercise, or defend legal claims and enforce our Terms and other agreements.
Where we rely on legitimate interests, our interests may include keeping the platform secure, preventing fraud and misuse, improving Applyio, maintaining reliable services, supporting users, and protecting our rights. We only rely on legitimate interests where we consider that these interests are not overridden by your rights, freedoms, or interests.
If we rely on consent, you may withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before consent was withdrawn.
6. AI Processing and Automated Decisions
Applyio uses artificial intelligence features to help generate, improve, structure, and tailor recruiting-related materials, including CVs, cover letters, interview preparation content, case practice content, and related outputs.
When you use AI-powered features, the information you submit may be sent to third-party AI providers, such as OpenAI or similar providers, only as needed to process your request and generate the output you asked for. This may include CV content, job descriptions, application details, education and work history, skills, notes, answers, and other recruiting-related information you choose to submit.
Where we use commercial AI APIs, we aim to use them under applicable business terms, data processing agreements, and provider settings designed for business use. We do not intentionally use your submitted recruiting materials to train Applyio’s own AI models.
Applyio does not use AI features to make solely automated decisions about users that produce legal or similarly significant effects. AI-generated outputs are content suggestions generated at your request. You remain responsible for reviewing, editing, verifying, and deciding whether to use any generated content.
You should avoid submitting unnecessary sensitive information, such as health information, government identification numbers, financial account details, political opinions, religious beliefs, biometric data, or other special-category personal data unless it is strictly necessary for your intended use.
AI-generated content may be inaccurate, incomplete, outdated, or unsuitable for your specific situation. You are responsible for reviewing, editing, and verifying all generated content before using it in applications, interviews, professional communications, or other settings.
7. Third-Party Service Providers
We use trusted third-party service providers to operate, host, automate, secure, and deliver Applyio. These providers may process personal information only as needed to provide their services to us and support the operation of the platform.
These providers may include:
- Outseta for authentication, account management, customer management, subscriptions, billing, and embedded account functionality.
- Supabase for EU-hosted database services, platform records, user-related records, application records, generated content metadata, support records, and operational data. Our current Supabase project region is in the European Union.
- Make.com for backend workflow automation, webhook processing, data routing, and integrations between platform services.
- OpenAI or similar AI providers for AI-powered generation, refinement, summarization, and feedback features.
- Cloudflare and Cloudflare R2 for infrastructure, security, document storage, content delivery, signed file access, and related hosting or storage services.
- Framer for website hosting, frontend delivery, page hosting, and related website functionality.
- PDF.co for document processing, PDF generation, parsing, conversion, or related document workflows.
- CloudConvert for document conversion, file transformation, and related file processing workflows.
- Google Workspace, Gmail, or similar email providers for business email, user communications, and support email handling.
- Google Analytics, Framer Analytics, or similar analytics tools where enabled to understand website and product usage, subject to applicable consent requirements.
- Payment and billing providers used through our subscription stack to process payments, invoices, taxes, refunds, and subscription status.
- Email, support, monitoring, logging, and security tools used to communicate with users, provide support, understand product performance, and protect the platform.
We do not sell your personal information. We may share information with service providers, legal or regulatory authorities, professional advisers, or other parties where necessary to operate the platform, comply with law, protect rights, prevent abuse, or complete a business transaction such as a merger, acquisition, restructuring, or sale of assets.
8. Document Processing and File Storage
Some Applyio features involve uploading, generating, converting, storing, or downloading documents such as CVs, resumes, cover letters, PDFs, and related application materials.
Document files, including uploaded and generated documents, are stored with Cloudflare R2 or similar file storage infrastructure. References, metadata, ownership information, file names, file types, creation dates, user or application references, and storage keys may be stored in Supabase or other platform databases.
Where document conversion or processing is needed, files or file content may be processed by document service providers such as PDF.co, CloudConvert, or similar providers to complete the action requested by you.
9. How We Store, Protect, and Handle Data
We use reasonable technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, disclosure, or destruction.
These measures may include authentication controls, subscription checks, user and application ownership checks, access controls, secure infrastructure providers, signed file access, workflow validation, operational logging, database-level security controls, and reasonable internal security practices.
If we become aware of a personal data breach, we will assess the incident and take appropriate steps in accordance with applicable data protection law. Where legally required, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach. If a breach is likely to result in a high risk to your rights and freedoms, we will also notify affected users where required by law.
However, no online service, transmission method, or storage system is completely secure. We cannot guarantee absolute security, and you are responsible for keeping your account credentials confidential and using the platform responsibly.
10. Data Retention
We retain personal information only for as long as reasonably necessary to provide the platform, maintain your account, deliver requested services, comply with legal obligations, resolve disputes, enforce agreements, and protect the security and integrity of the platform.
- Account information is generally retained while your account remains active. If your account is inactive for 12 months, we may send an advance warning email and may delete or anonymize the account and associated platform data if there is no further activity.
- Application records, CVs, cover letters, generated materials, interview preparation materials, and case practice materials are generally retained while your account remains active or until you delete them or request deletion, subject to technical and legal limitations.
- Deletion requests are generally processed within 30 days, unless we need to retain certain information for legal obligations, billing, security, fraud prevention, dispute resolution, or other legitimate business or legal reasons.
- Support messages and support requests may be retained for up to 24 months after the support matter is closed, unless a longer period is necessary to protect legal rights, handle disputes, or comply with legal obligations.
- Billing, invoice, payment, tax, and accounting records may be retained for the period required by applicable law.
- Security logs, usage logs, and error logs are generally retained for up to 90 days, unless longer retention is necessary for security investigations, fraud prevention, legal compliance, or platform integrity.
- Backup records may persist for a limited period after deletion as part of normal backup rotation and disaster recovery processes.
You may request deletion of your account and associated personal information by contacting us at support@applyio.app. We will process deletion requests within the timeframe described above, subject to legal retention requirements, backup processes, fraud prevention, dispute resolution, and other legitimate business or legal reasons.
11. Your Rights
Depending on where you live, including if you are located in the European Economic Area, the United Kingdom, or another jurisdiction with data protection laws, you may have rights regarding your personal information.
These rights may include the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate or incomplete personal information.
- Request deletion of your personal information.
- Request restriction of certain processing activities.
- Object to processing based on legitimate interests at any time. If you object, we will stop the relevant processing unless we can demonstrate compelling legitimate grounds for the processing or the processing is needed to establish, exercise, or defend legal claims.
- Request a copy of your personal information in a portable format.
- Withdraw consent where processing is based on consent.
- Object to direct marketing communications at any time, where applicable.
- Lodge a complaint with a competent data protection supervisory authority.
If you are located in Germany, you may contact your local data protection authority. As Applyio is currently operated from Berlin, the relevant supervisory authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit.
To exercise your rights, contact us at support@applyio.app. We may need to verify your identity before responding to certain requests.
12. Cookies and Analytics
Applyio may use cookies, local storage, and similar technologies to operate the website and platform, support authentication, maintain sessions, remember preferences, improve performance, secure the service, and understand how users interact with the platform.
Necessary cookies and similar technologies are used to provide core functionality, such as login, authentication, account security, billing, subscription checks, session management, load balancing, fraud prevention, and platform security. These technologies are required for the service to function and are generally not optional.
Optional analytics or marketing technologies may be used to understand website and product usage, measure performance, improve user experience, and evaluate the effectiveness of product or marketing activities. These may include tools such as Google Analytics, Framer Analytics, or similar services where enabled.
Analytics tools may collect information such as page views, device information, browser information, approximate location, referral sources, session information, interaction data, and timestamps. Where legally required, we will request your consent before using optional analytics or marketing technologies.
Cookie duration may vary depending on the tool and purpose. Some cookies last only for your browsing session, while others may remain on your device for a longer period unless deleted earlier. You can control cookies through your browser settings and, where available on our website, through our cookie consent banner or preference controls.
Third-party tools used by Applyio, including authentication, billing, analytics, hosting, support, and infrastructure providers, may also use cookies or similar technologies according to their own privacy and cookie practices.
13. International Data Transfers
Because Applyio uses global technology providers, your information may be processed, transferred, or stored in countries outside your country of residence, including outside the European Economic Area.
Our primary platform database is hosted with Supabase in the European Union. However, some service providers, including providers for authentication, automation, AI processing, infrastructure, email, analytics, document processing, billing, and support, may process data in other countries, including the United States. This may include providers such as Outseta, Make.com, OpenAI, Cloudflare, Google, and other service providers used to operate the platform.
Where required by applicable law, we rely on appropriate safeguards for international data transfers. These may include adequacy decisions, the EU-U.S. Data Privacy Framework where a provider participates, Standard Contractual Clauses, data processing agreements, contractual safeguards, and other lawful transfer mechanisms provided by our service providers.
Where data is transferred to a country that may not provide the same level of data protection as your country of residence, we take reasonable steps to ensure that appropriate contractual, technical, and organizational safeguards are in place.
14. Account Access, Subscription Status, and Security Checks
Access to certain Applyio features may require an active account and an active subscription. We may verify your login status, user ID, subscription status, and application ownership before allowing access to specific pages or processing generation requests.
These checks help protect user accounts, prevent unauthorized access, ensure that generated materials are connected to the correct user and application, and reduce abuse of AI-powered or resource-intensive features.
15. Communications
We may send you service-related communications, including account notices, support replies, billing notices, subscription updates, security notices, product updates, and changes to legal terms or policies.
Where we send marketing communications, we will do so in accordance with applicable law and provide a way to unsubscribe where required.
16. Children’s Privacy
Applyio is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16.
If you believe that a child has provided personal information to us, please contact us so that we can take appropriate action.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal requirements, service providers, or business operations.
When we update this Privacy Policy, we will update the “Last updated” date at the top of this page. If changes are material, we may provide additional notice where appropriate, such as through the platform or by email.
18. Contact Us
If you have any questions about this Privacy Policy, how your data is handled, or how to exercise your data protection rights, contact us at:
