Version: v2.0 • Last updated: 30 September 2025
AIApply Ltd. (Company No.15200716, registered office 24 Bowness Road, Little Lever, Bolton, England BL3 1UB) is the controller for most processing described here.
Contact: [email protected]
Data Protection Officer: [email protected]
Mail: 24 Bowness Road, Little Lever, Bolton, England BL3 1UB
This Policy covers personal data processed via:
When you request AI‑generated text (e.g., a cover letter), we send the minimum necessary prompt data to our model provider(s). We instruct them not to use prompts or outputs to train their models. Returned text is stored in your account only as long as you keep it or as needed to deliver the feature.
If you enable Auto‑Submit (or approve a queued submission), we perform automated ranking, selection and form‑filling at your request to execute your instructions. This does not produce legal or similarly significant effects about you by us; it automates tasks you would otherwise perform. To avoid automated decisions, keep Review Mode enabled and decline submissions you do not want sent.
Interview Buddy may use third‑party providers for speech‑to‑text (STT), large language model (LLM) generation, and evaluation/testing. Providers may change over time (for example: STT providers such as Deepgram or others; LLM providers such as OpenAI, Groq or others; and evaluation/testing frameworks similar to Braintrust). We select providers based on accuracy, latency, reliability, security and cost, and may route requests to the best available provider at the time.
Capture & transmission. Audio is captured on‑device and streamed to an STT provider solely to create a text transcript.
Raw audio. We do not retain raw audio after transcription.
Transcripts. The text transcript is stored in our backend so that you can review your sessions. Transcripts remain in your account until you delete them or close your account (subject to backup purge timelines).
Purpose limitation. Transcripts are processed only: (i) to generate real‑time or post‑session suggestions; (ii) to display to you in your account; (iii) for debugging and quality assurance if you report an issue.
Testing & evaluation. For service improvement we may use anonymised, de‑identified, or synthetic transcript data in automated tests. Where real transcripts are used for bug reproduction, we apply strict access controls and use the minimum necessary data.
Provider safeguards. Providers act as subprocessors under GDPR‑compliant data‑processing terms and are contractually prohibited from using your data for their own training or unrelated purposes.
International transfers. Where data leaves the UK/EEA, we use Standard Contractual Clauses or another lawful mechanism.
Provider changes. We may update or rotate providers without notice to maintain service quality; we will give additional notice if legally required.
Your choices. You may delete transcripts at any time from within your account or by closing your account. If you do not want audio processed by STT/LLM providers, please do not enable microphone/transcription.
Application data is transmitted to third‑party platforms as provided by you; we do not redact or mask fields on your behalf. Avoid including payment‑card data, bank details, government ID numbers, health/biometric data or other special‑category data unless a form explicitly requests it and you choose to provide it.
By default, the browser extension performs most processing locally. If you opt into cloud features (e.g., multi‑device sync), only the data needed for that feature are transmitted to AIApply.
The AutoApply mailbox is retained for at least 1 months after your last successful payment, then permanently deleted (non‑recoverable). Save or forward any messages you wish to keep during that period.
We host primarily in the UK/EEA. Where transfers occur outside the UK/EEA, we use Standard Contractual Clauses or another lawful mechanism.
We do not sell or rent personal data. We share with: (i) service providers acting on our instructions (hosting, analytics, transcription, email delivery, evaluation); (ii) third‑party platforms where you direct us to submit applications; (iii) authorities where required by law; and (iv) parties necessary to protect rights or detect security issues.
We use cookies and similar technologies to operate and improve the Services (e.g., session authentication, preferences, analytics). Manage preferences via our cookie banner or your browser. On iOS we use on‑device storage/Keychain; the mobile app sets no advertising cookies.
We only send marketing to individuals with consent or where soft opt‑in applies (existing customer/negotiations + our own similar products/services + opt‑out at collection and in every message). We maintain records of consent (who, when, how, what you were told).
We treat AIApply and The Download as separate lists; each requires its own consent and provides a separate unsubscribe. For corporate subscribers (many B2B addresses), different PECR rules may apply; we include identity and an easy opt‑out in every message.
You may request access, correction, deletion, restriction, objection, or portability, and withdraw consent at any time: [email protected]. You may complain to a supervisory authority (UK ICO or your local authority).
We implement reasonable technical and organisational measures (access controls, network protections, encryption where appropriate). No method is infallible; we cannot guarantee absolute security.
The Services are not directed to those defined as minors in your jurisdiction. If you believe a child has provided us with personal data, email [email protected] so we can immediately delete it.
You have the right to lodge a complaint with your local data‑protection authority. In the United Kingdom this is the Information Commissioner’s Office (ICO). We encourage you to contact us first so we can try to resolve your concern.
We may update this Policy; we will post changes with a new “Last updated” date. Where required by law, material changes will be accompanied by additional notice or consent.
We are not responsible for the content or privacy practices of external sites we link to.