ApplyGhost Logo

Privacy Policy

ApplyGhost

Effective date: January 1, 2026

Last updated: January 1, 2026

1) Who We Are

This Privacy Policy explains how ApplyGhost ("ApplyGhost", "we", "us", "our") collects, uses, discloses, and protects personal data when you use our websites, dashboards, APIs, and browser extension (collectively, the "Services").

Controller contact: ApplyGhost

2) Scope

This Policy applies to personal data processed in connection with:

  • Our website and user dashboard (including signup, onboarding, billing, and settings)
  • Our job discovery and job matching features
  • Our auto-apply workflows (including form-filling automation and submission attempts)
  • Our browser extension and related integrations
  • Our support and communications

3) Summary of What We Do

ApplyGhost helps you discover relevant jobs and (depending on your plan and configuration) apply to them using browser automation. We process the information you provide (e.g., resume/profile details) to match jobs and to complete application forms on your behalf. We also log automation outcomes (applied, skipped, failed) so you can see what happened and why.

4) Personal Data We Collect

4.1 Data you provide to us

  • Account data: name, email address, password or authentication tokens (if applicable), user identifiers, and account settings.
  • Profile & application data: resume/CV content, employment history, education, skills, links (e.g., portfolio, LinkedIn), work authorization information you choose to provide, preferred roles, locations, salary preferences, and other job search preferences.
  • Application answers: responses to application questions, including free-text responses you provide or approve, and any documents you upload (cover letters, attachments).
  • Support data: messages, screenshots, logs, and other information you send to support.

4.2 Data we collect automatically

  • Usage data: interactions with the Services, pages viewed, feature usage, clicks, timestamps, and diagnostic events.
  • Device & technical data: IP address, browser type, operating system, approximate location derived from IP, and identifiers required to operate the Services.
  • Cookies and similar technologies: session cookies and other necessary storage mechanisms used for authentication, security, and functionality (see Section 12).

4.3 Data generated by automation

  • Job match data: matching scores or relevance indicators, filtering decisions, and job metadata (e.g., title, company, URL, location, required skills) associated with matches.
  • Application activity logs: queued/attempted/applied/skipped/failed states, timestamps, and failure reasons (e.g., form errors, site issues, captcha, authentication errors).
  • Automation artifacts (limited): field mappings, form metadata, and screenshots or HTML snippets if you enable enhanced troubleshooting or provide them to support.

4.4 Browser extension data

Our browser extension is used to enable application automation and/or user-controlled review workflows. Depending on your configuration, the extension may access the active page to read and fill form fields, detect application steps, and report outcomes back to your account.

  • Page interaction data: form field labels, input types, validation messages, step progression indicators, and DOM context required to fill forms.
  • Authentication/session data (limited): cookies or session tokens may be accessed solely to perform actions you initiate or authorize within the extension (e.g., staying logged in to a job portal).
  • Downloads (if enabled): the extension may initiate downloads of files you request (e.g., a replay log or diagnostic export).

The extension does not intentionally collect your browsing history as a standalone dataset. Access to pages is used to perform the automation features you enable.

4.5 Email data (optional integration)

If you connect your email account (e.g., Gmail) to receive updates about recruiter communications or application follow-ups, we may process limited email metadata and, where you authorize, message content.

  • Email metadata: sender, recipient, subject line, timestamps, message IDs, labels/folders.
  • Email content (if authorized): message body excerpts needed to classify or summarize recruiter updates and application outcomes.

We only access email data within the scope of the permissions you grant, and only for the purposes described in this Policy and the relevant consent screen.

4.6 Payment data

We use third-party payment processors (e.g., Stripe) to process payments. We do not store your full payment card numbers. We may receive and store limited billing details such as subscription status, billing address (if provided), and transaction identifiers.

5) How We Use Personal Data

We use personal data to:

  • Provide, operate, and maintain the Services
  • Create and manage your account
  • Match you with jobs and surface relevant roles
  • Automate job applications based on your instructions and settings
  • Generate and display application activity, timelines, and outcomes
  • Detect, prevent, and investigate fraud, abuse, and security incidents
  • Provide customer support and troubleshoot technical issues
  • Send service-related communications (e.g., confirmations, security alerts, plan usage updates)
  • Process payments, subscriptions, invoices, and tax-related obligations
  • Comply with legal obligations and enforce our terms
  • Improve the Services, including feature performance and reliability

6) Legal Bases (GDPR/UK GDPR)

Where GDPR/UK GDPR applies, we rely on the following legal bases:

  • Contract: to provide the Services you request and to perform our contractual obligations.
  • Legitimate interests: to secure, improve, and operate the Services, prevent fraud, and provide support (balanced against your rights).
  • Consent: for optional integrations (e.g., email access), certain cookies where required, and other specific processing where we ask for your permission.
  • Legal obligation: to comply with applicable laws (e.g., accounting and tax rules, lawful requests).

7) Automated Decisions and "Auto-Apply"

The Services may include automated steps, such as selecting which job matches to queue for applying based on your preferences, plan limits, and matching signals. The automation may also fill forms and submit applications where you have enabled such behavior.

You remain in control of your preferences, can pause automation, and can review outcomes in your dashboard. If you believe an automated outcome is incorrect, you can adjust your settings or contact us for assistance.

8) How We Share Personal Data

We do not sell personal data. We may share personal data in the following circumstances:

8.1 Service providers (processors)

We use third-party vendors to operate the Services, such as hosting, databases, analytics, customer support tools, and payment processors. These vendors process data on our behalf under contractual obligations.

  • Hosting & infrastructure: cloud hosting, storage, networking, monitoring
  • Payments: subscription billing and transaction processing
  • Email delivery: sending service emails (e.g., verification, notifications)
  • Analytics: product usage and performance measurement (where enabled)

8.2 Job boards, applicant tracking systems, and employers

When you apply to jobs using the Services, we transmit application information to the relevant job board, applicant tracking system (ATS), recruiter, or employer as part of the application process. This may include your resume, contact details, and answers to application questions.

Those third parties process your data under their own privacy policies. We encourage you to review those policies.

8.3 Legal and safety

We may disclose information if we believe it is reasonably necessary to:

  • Comply with applicable law, regulation, legal process, or lawful requests
  • Protect the rights, property, and safety of ApplyGhost, our users, or others
  • Investigate fraud, security, or technical issues
  • Enforce our agreements and policies

8.4 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction, subject to this Policy and applicable law.

9) Data Retention

We retain personal data only for as long as necessary to provide the Services and for legitimate and essential business purposes, such as maintaining logs for security, complying with legal obligations, and resolving disputes.

  • Account data: retained while your account is active; deleted or anonymized after account deletion, subject to legal retention requirements.
  • Application logs and match history: retained to provide your dashboard history and reporting; you may request deletion as described in Section 14.
  • Support records: retained as needed to resolve issues and maintain quality of support.
  • Billing records: retained as required by accounting and tax laws.

10) International Data Transfers

We may process and store information in countries other than your country of residence. When transferring personal data internationally, we use appropriate safeguards as required by law, such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.

11) Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include access controls, encryption in transit where applicable, and least-privilege internal access.

No method of transmission or storage is 100% secure. You are responsible for keeping your credentials confidential and for using the Services on trusted devices.

12) Cookies and Similar Technologies

We use cookies, local storage, and similar technologies to operate the Services. These may include:

  • Strictly necessary: authentication, session management, security, and core functionality
  • Preferences: saving settings and configuration choices
  • Analytics (optional): understanding feature usage and improving performance

You can control cookies through your browser settings. If you disable certain cookies, some features may not work properly.

13) Third-Party Sites and Services

The Services may link to or interact with third-party websites and services (e.g., employer sites, job boards, ATS providers). Your interactions with those third parties are governed by their privacy policies. We are not responsible for third-party privacy practices.

14) Your Rights and Choices

14.1 GDPR/EEA/UK/Swiss rights

Depending on where you live, you may have rights to:

  • Access your personal data
  • Correct inaccurate or incomplete personal data
  • Delete personal data ("right to be forgotten"), subject to certain exceptions
  • Restrict or object to certain processing
  • Data portability
  • Withdraw consent where processing is based on consent (without affecting prior processing)
  • Lodge a complaint with a supervisory authority

To exercise your rights, contact us using the details in Section 1. We may need to verify your identity before fulfilling requests.

14.2 Managing your data in the Services

  • You can update profile and preference information in your dashboard.
  • You can pause or adjust automation behavior in your settings.
  • You can disconnect optional integrations (e.g., email integration) where available.

15) Email Integration (Gmail) — Additional Notices

If you connect a Gmail account, Google may provide data to us according to the permissions you grant. We use that access to support features such as identifying recruiter messages, tracking application outcomes, and notifying you about important updates.

  • We only request scopes that are necessary for the features you enable.
  • We do not use Gmail data to serve third-party ads.
  • We do not allow humans to read your email content except (a) when you ask us for support and provide specific messages, or (b) where necessary for security or legal compliance.

If required by applicable Google API policies, we will provide additional disclosures and obtain your consent through Google's consent screen.

16) Children's Privacy

The Services are not intended for children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will take appropriate steps to delete it.

17) Changes to This Privacy Policy

We may update this Policy from time to time. If we make material changes, we will provide notice through the Services or by other appropriate means. The "Last updated" date above indicates when the Policy was last revised.

18) Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact: ApplyGhost

19) California Privacy Notice (If Applicable)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know, delete, and correct certain personal information, and the right to opt out of "sale" or "sharing" of personal information (as defined by law).

ApplyGhost does not sell personal information. If you have questions or wish to exercise applicable rights, contact us using the details in Section 18.

20) Glossary

  • Personal data means information relating to an identified or identifiable natural person.
  • Controller means the entity that determines the purposes and means of processing personal data.
  • Processor means an entity that processes personal data on behalf of the controller.