— LEGAL / PRIVACY

Privacy Policy

This Privacy Policy explains how Jobapply ApS ("Company", "we", "us", or "our") collects, uses, stores, shares, and protects your personal data when you use the Jobapply.io website and application (the "Service").

Last updated: February 18, 2026 · Effective: February 18, 2026

1. Summary

Here is a high-level overview of our data practices. Details follow in the sections below.

  • We collect only the data needed to provide and improve the Service.
  • We use your data to deliver the Service, process payments, ensure security, and improve reliability.
  • We do not sell your personal data. We do not use your resume content for advertising.
  • We share data only with vetted service providers who help us operate the platform.
  • You can access, correct, export, or delete your data at any time.
  • We store data in the EU/EEA where possible and apply safeguards for any international transfers.

2. Data Controller

The data controller for your personal data is:

Jobapply ApS

Copenhagen, Denmark

Email: hello@jobapply.io

If you have questions about how your data is processed, contact us at the address above.

3. What Personal Data We Collect

3.1 Data You Provide Directly

  • Account data: name, email address, authentication identifiers (including magic-link tokens), profile preferences, and timezone.
  • Document content: resume/CV text, cover letter text, work experience, education history, skills, language proficiency, certifications, and any other information you add to your documents.
  • Profile photo: if you choose to upload a photo for your resume/CV.
  • Billing data: subscription plan, billing cycle, invoice metadata, and payment method information (processed and stored by our payment provider; we do not store full card numbers).
  • Support communications: messages, attachments, and metadata from support requests you submit.
  • Feedback and surveys: any responses you provide when we ask for feedback on the Service.

3.2 Data Collected Automatically

  • Usage data: pages visited, features used, actions taken (such as document creation, template selection, and exports), timestamps, and session duration.
  • Device and browser data: device type, operating system, browser type and version, screen resolution, and preferred language.
  • Network data: IP address, approximate geographic location (city/country level), and referral URL.
  • Cookies and similar technologies: see our Cookie Policy for details.

3.3 Data from Third Parties

If you sign in through a third-party authentication provider (such as Google or LinkedIn), we may receive your name, email address, and profile picture as provided by that service, subject to your privacy settings on that platform.

4. How We Use Your Data

We use your personal data for the following purposes:

  • Provide the Service: create and manage your account, save and render your documents, apply templates, generate PDF exports, and deliver AI-assisted writing features.
  • Process payments: handle subscriptions, renewals, invoices, and refunds through our payment provider.
  • Communicate with you: send account notifications, billing confirmations, security alerts, support responses, and product updates.
  • Ensure security: detect and prevent fraud, abuse, unauthorized access, and other harmful activities.
  • Improve the Service: analyze usage patterns, measure feature performance, identify bugs, and develop new features.
  • Comply with legal obligations: meet accounting, tax, and regulatory requirements.
  • Enforce our Terms: investigate and address violations of our Terms of Service and Acceptable Use policies.

5. Legal Bases for Processing (EU/EEA)

If you are located in the EU/EEA, we rely on the following legal bases under the General Data Protection Regulation (GDPR):

  • Contract performance (Art. 6(1)(b)): processing necessary to provide the Service, manage your account, process payments, and deliver your documents.
  • Legitimate interests (Art. 6(1)(f)): improving the Service, ensuring security, preventing fraud, and analyzing usage to enhance product quality. We balance these interests against your rights and freedoms.
  • Consent (Art. 6(1)(a)): where required, such as for optional analytics cookies, marketing emails, and certain AI features. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): processing required to comply with applicable laws, such as tax and accounting regulations.

6. Who We Share Data With

We do not sell your personal data. We share data only with the following categories of recipients, and only to the extent necessary:

  • Infrastructure and hosting providers: cloud hosting, database storage, content delivery networks, and file storage services.
  • Payment processors: to process subscription payments, manage billing, and handle refunds. Payment providers are PCI-DSS compliant.
  • Email and communication providers: to deliver transactional emails, support communications, and account notifications.
  • Analytics and monitoring tools: to measure Service performance, error rates, and usage patterns. We configure these tools to minimize personal data collection.
  • AI model providers: to deliver AI-assisted writing features. We send only the minimum content needed for the specific request. We do not share your identity with AI providers, and your content is not used to train third-party models.
  • Support and customer service tools: to manage support tickets and maintain communication history.
  • Legal and regulatory authorities: if required by law, legal process, or government request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy commitments.

All service providers are contractually bound by data processing agreements that require them to protect your data and use it only for the agreed purposes.

7. International Data Transfers

We primarily store data in the European Union. Some of our service providers may process data in other countries. When personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including:

  • EU Commission adequacy decisions for the recipient country.
  • Standard Contractual Clauses (SCCs) approved by the EU Commission.
  • The EU-U.S. Data Privacy Framework, where applicable.

You may request a copy of the applicable transfer safeguards by contacting us.

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this policy. Specific retention periods include:

  • Account and document data: retained while your account is active. After account closure, we retain data for up to 30 days to allow recovery, then delete or anonymize it.
  • Billing records: retained for up to 5 years after the last transaction to comply with accounting and tax obligations.
  • Support communications: retained for up to 3 years after the last interaction to provide consistent support and resolve recurring issues.
  • Usage and analytics data: aggregated and anonymized within 26 months.
  • Server logs: retained for up to 90 days for security and debugging purposes.

If you request deletion of your data, we will process the request within 30 days, subject to any legal retention obligations.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Access controls and role-based permissions for internal systems.
  • Regular security reviews and vulnerability assessments.
  • Monitoring for suspicious activity and unauthorized access attempts.
  • Incident response procedures for data breaches.

While we strive to protect your data, no method of transmission or storage is 100% secure. We encourage you to use strong, unique passwords and to report any suspected security incidents promptly.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): request deletion of your personal data, subject to legal retention requirements.
  • Right to restrict processing: request that we limit how we use your data in certain circumstances.
  • Right to data portability: request a copy of your data in a structured, commonly used, and machine-readable format.
  • Right to object: object to processing based on legitimate interests, including profiling and direct marketing.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: you have the right to file a complaint with a data protection supervisory authority, such as the Danish Data Protection Agency (Datatilsynet).

To exercise any of these rights, contact us at hello@jobapply.io with the email address associated with your account. We will respond within 30 days (or sooner if required by law). We may ask for verification of your identity before processing certain requests.

11. Children's Privacy

The Service is not directed to individuals under the age of 16 (or the minimum age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us.

12. AI Features and Data Processing

When you use AI-assisted features (such as content suggestions or rewriting tools), we send the minimum necessary content to our AI model providers to generate the requested output.

  • We do not send your name, email, or account identifiers to AI providers.
  • Your document content is not used to train third-party AI models.
  • AI processing is performed on-demand and content is not stored by providers beyond the processing session.
  • You may choose not to use AI features; they are optional and do not affect core document functionality.

13. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal effects or significantly affects you. AI suggestions are recommendations only and require your review and approval before use.

14. Do Not Track

Some browsers offer a "Do Not Track" signal. There is no uniform standard for how websites should respond to this signal. We currently do not respond to DNT signals but respect opt-out choices made through cookie settings and our consent mechanisms.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date. If changes are material, we will provide prominent notice (for example, by email or an in-app notification) before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us:

Jobapply ApS

Copenhagen, Denmark

Email: hello@jobapply.io

Website: https://jobapply.io

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In Denmark, this is the Danish Data Protection Agency (Datatilsynet): www.datatilsynet.dk.