Privacy Policy

Last updated: 22 February 2026

Who we are

Applyflow is a job-application tracking service operated by Applyflow (“we”, “us”, “our”). We provide a web application at applyflowtracker.com and a companion Chrome browser extension.

What data we collect

Web application

Account information — email address and password, used for account creation and login.
Job listing data — company name, role title, URL, status, notes, and any other details you choose to save.
Events — status changes and interactions you generate while tracking applications.
Resume data — you may upload a resume as a PDF file or enter resume text manually. Resume files are stored in Supabase Storage (EU Frankfurt). Text is extracted from PDFs and stored for use with AI features.
Subscription information — if you subscribe to a paid plan, payment and billing details are collected and processed by Stripe. We do not store credit card numbers or bank details on our servers. See Stripe's privacy policy for details.

Chrome extension

When you use the “Save Job” action on a job-listing page the extension collects:

Page URL — the URL of the page you are viewing.
Page title — the title of the page.
Visible page text (truncated) — used to extract the company name, role title, and other listing details.
Authentication / session identifiers — required to associate the saved listing with your Applyflow account.

The extension stores your API URL and API token locally in chrome.storage.local to communicate with the Applyflow web application. This data is never synced to the cloud or shared with third parties.

The extension does not collect browsing history, run in the background on pages you have not explicitly activated it on, or access data from other tabs.

AI-assisted extraction

When you save a job listing, the visible page text may be sent to OpenAI's API to automatically extract structured details such as the company name, role title, location, and requirements. This text is processed solely for extraction purposes and is not used to train AI models. See OpenAI's privacy policy for details on how they handle data.

When you use AI Suggestions on a job listing, your resume text and the job description are sent to OpenAI's API to generate personalised improvement suggestions. This data is processed solely for generating suggestions and is not used to train AI models.

Cookies and local storage

We keep our use of browser storage to the minimum needed to operate the service:

Storage type	What	Purpose	Sensitive?
HTTP-only cookie	Supabase auth session	Keeps you logged in (essential)	Yes
localStorage	Theme preference (`light` / `dark` / `system`)	Remembers your display setting	No
chrome.storage.local	API URL and API token (extension only)	Extension-to-app communication	Yes

We do not use Google Analytics, tracking pixels, fingerprinting, third-party marketing cookies, or any other form of cross-site tracking.

Purpose of data collection

All data collected — by both the web app and the extension — serves a single purpose: to save and organise job listings in your Applyflow account so you can track your applications.

Where data is stored

Your data is stored in a PostgreSQL database hosted by Supabase in the EU (Frankfurt, Germany). The web application is hosted on Vercel.

Data sharing

We do not sell, rent, or trade your personal data. We share data only with the infrastructure and service providers strictly necessary to operate Applyflow:

Provider	Role
Supabase	Database hosting and authentication (EU)
Vercel	Web application hosting
Resend	Transactional email delivery
Stripe	Payment processing
OpenAI	AI-powered job listing extraction

Data retention and deletion

Your data is retained for as long as your account exists. You can delete your account at any time from your Profile page. When you delete your account, ALL data is permanently and immediately removed — including your jobs, resumes, resume PDF files, AI suggestions, events, and account settings. There is no retention period after deletion.

Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data on the following legal bases:

Contract — processing your account and job listing data is necessary to provide the service you signed up for.
Legitimate interest — we may process data to maintain the security and integrity of the service.
Consent — where required, we will ask for your explicit consent before processing.

Your rights

Under applicable data protection laws (including the GDPR), you have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your data.
Object to or restrict certain processing.
Data portability — receive your data in a structured, machine-readable format.
Lodge a complaint with a supervisory authority in your jurisdiction.

To exercise any of these rights, contact us at the email below.

Chrome Web Store compliance

Our use and transfer of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or through the application. The “last updated” date at the top reflects the most recent revision.

Contact

For privacy-related requests or questions, email us at hello@applyflowtracker.com.