How it worksLog inGet Started Free

Privacy Policy

Effective date: March 10, 2026

This Privacy Policy describes how Aplyd ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our website at getaplyd.com and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile photo through Google OAuth or magic-link authentication. You may also provide a LinkedIn profile URL and notification email preferences.

Resume Data

If you upload a resume, we store the original file and a parsed version (as structured data) that includes your work history, education, skills, and other information contained in the document. This parsed data is used to personalize your outreach emails and match you with relevant contacts.

LinkedIn Connection Data

You may import a LinkedIn connections CSV export. This file typically contains your connections' names, job titles, companies, email addresses, and the date you connected. We store this data to help you identify warm introductions at target companies.

Gmail Access

If you connect your Gmail account via Google OAuth, we request permission to send emails on your behalf and read incoming replies to track outreach responses. We access only the specific emails related to outreach sent through Aplyd. See Section 4 below for our full Google API disclosure.

Preferences & Target Companies

You may provide target roles, locations, industries, and company lists. We use these preferences to find relevant contacts and tailor your outreach strategy.

Payment Information

If you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card number, CVC, or full billing details on our servers. Stripe provides us with a token, your card's last four digits, expiration date, and billing email for receipt purposes.

Usage & Device Data

We automatically collect standard usage information such as your IP address, browser type, device type, pages visited, referral source, and timestamps. This data helps us understand how the Service is used and diagnose technical issues.

2. How We Use Your Information

We use the information we collect to:

  • Match you with contacts — We compare your LinkedIn connections and target companies to identify people who can refer or introduce you to hiring teams.
  • Find new contacts — With your permission, we query third-party contact databases (such as Apollo.io) using your target company names and job title preferences to discover relevant professionals.
  • Draft outreach emails — We send a summary of your resume, the recipient's name and title, and your target role to an AI model (Anthropic Claude) to generate personalized email drafts. You review and approve every email before it is sent.
  • Send and track emails — When you approve an email, we send it through your connected Gmail account and monitor for replies so you can manage your outreach pipeline.
  • Process payments — We share necessary billing information with Stripe to manage subscriptions and process charges.
  • Improve the Service — We use aggregated, anonymized usage data to analyze trends, fix bugs, and develop new features.
  • Communicate with you — We may send transactional emails (account verification, password resets, billing receipts) and, with your consent, product updates. You can unsubscribe from non-essential emails at any time.

We never sell your personal data to advertisers or data brokers.

3. Third-Party Services

We rely on the following third-party services to operate Aplyd. Each has its own privacy policy governing how it handles data:

  • Supabase (database and authentication) — Your account data, resume, connections, and outreach records are stored in a Supabase-managed PostgreSQL database hosted on AWS infrastructure in the US East (Virginia) region. Supabase is SOC 2 Type II compliant. Supabase Privacy Policy
  • Anthropic (Claude API) — We send a summary of your resume and the recipient's professional details to Anthropic's Claude model to draft outreach emails. Anthropic does not use API inputs to train its models. Anthropic Privacy Policy
  • Apollo.io — We send target company names and job titles to Apollo.io's API to discover professional contact information for potential networking targets. We do not share your personal data with Apollo. Apollo.io Privacy Policy
  • Google (OAuth & Gmail API) — We use Google OAuth for authentication and, optionally, Gmail API access to send and track outreach emails on your behalf. See Section 4 for our full Google API Limited Use disclosure. Google Privacy Policy
  • Stripe — We use Stripe to process subscription payments. Stripe collects and processes your payment card details directly; we never see your full card number. Stripe Privacy Policy
  • Railway — Our backend services (including job processing, email sending, and contact discovery) run on Railway's cloud infrastructure. Railway Privacy Policy
  • Vercel — Our frontend is hosted on Vercel. Vercel may collect standard request logs (IP addresses, user agents) as part of its hosting infrastructure. Vercel Privacy Policy

4. Google API & Gmail Limited Use Disclosure

Aplyd's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request the Gmail scopes necessary to send outreach emails you have explicitly approved and to read replies to those emails.
  • We do not use Gmail data for advertising, market research, or any purpose unrelated to providing and improving the email-sending features of Aplyd.
  • We do not allow humans to read your Gmail content unless (a) you provide affirmative consent for a specific message (e.g., a support request), (b) it is necessary for security purposes (investigating abuse or a bug), or (c) it is required by law.
  • We do not transfer Gmail data to third parties except as necessary to provide the Service (e.g., sending the email you approved through Google's own SMTP servers), with your explicit consent, or as required by law.
  • You can revoke Gmail access at any time from your Google Account permissions page or from the Aplyd Settings page. Revoking access will disable the email-sending feature but will not delete your Aplyd account.

5. Cookies & Analytics

We use cookies and similar technologies for the following purposes:

  • Authentication cookies — Essential cookies set by Supabase Auth to keep you logged in. These are strictly necessary and cannot be disabled.
  • Preference cookies — We may store UI preferences (such as sidebar state or theme) in your browser's local storage.
  • Analytics — We may use privacy-respecting analytics tools to understand aggregate usage patterns. We do not use Google Analytics or any advertising-related tracking pixels.

You can clear cookies at any time through your browser settings. Clearing authentication cookies will log you out.

6. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data — Retained until you delete your account.
  • Resume and connection data — Retained until you delete the individual records or your account.
  • Outreach emails — Drafts and sent email records are retained until you delete them or your account.
  • Payment records — Billing history is retained as required for tax and legal compliance (typically 7 years), even after account deletion.
  • Server logs — Automatically deleted after 90 days.

Deleting your account: You can request deletion of your account and all associated data by emailing hello@getaplyd.com. We will process your request within 30 days and confirm once deletion is complete. Deletion is permanent and cannot be undone.

7. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

For All Users

  • Access — You can view the personal data we hold about you in your account settings and dashboard.
  • Correction — You can update your profile, resume, and preferences at any time through the Service.
  • Deletion — You can request deletion of your account and data as described in Section 6.
  • Data portability — You can request an export of your data in a machine-readable format by emailing us.

For California Residents (CCPA)

Under the California Consumer Privacy Act, you have the right to:

  • Know what personal information we collect and how it is used.
  • Request deletion of your personal information.
  • Opt out of the sale of personal information. We do not sell your personal information.
  • Not be discriminated against for exercising your privacy rights.

For European Economic Area & UK Residents (GDPR)

If you are located in the EEA or UK, our legal bases for processing your personal data are:

  • Contract performance — Processing necessary to provide the Service you signed up for (account management, outreach features, email sending).
  • Legitimate interest — Processing for analytics, security, and service improvement where our interests do not override your rights.
  • Consent — Processing that requires your explicit opt-in, such as Gmail access. You can withdraw consent at any time.

You also have the right to lodge a complaint with your local data protection authority. Note that your data is stored and processed in the United States.

8. Children's Privacy

Aplyd is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@getaplyd.com and we will promptly delete the information. Users must be at least 18 years old to create an account.

9. Security

We take the security of your data seriously. Our measures include:

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256) via our infrastructure providers.
  • Database access is restricted by row-level security policies, ensuring users can only access their own data.
  • Authentication tokens and OAuth credentials are stored securely and never exposed to the frontend.
  • We do not store passwords — authentication is handled entirely through Google OAuth or magic links via Supabase Auth.
  • Third-party API keys and secrets are stored as encrypted environment variables, never in source code.

No system is 100% secure. If you discover a security vulnerability, please report it to hello@getaplyd.com and we will investigate promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will update the "Effective date" at the top of this page and, where appropriate, notify you via email or an in-app notice. We encourage you to review this page periodically.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.