Appliqu.
Automated Applications.
appliqu

How Appliqu Protects Your Data: Privacy, Encryption, and Transparency

7 min read

Before we get to features, marketing, and case studies, there's a more important question we want to answer up front: what does Appliqu do with your data?

When you sign up, you're handing over your CV, your work history, your location, your email, and eventually your permissions to submit applications in your name. That's a lot of sensitive information to trust to any product — especially a product from a company you've just met.

Here's exactly what we do with it, what we don't, and what rights you have. No legal jargon where we can avoid it.

The Short Version

  • We encrypt your data in transit and at rest.
  • We collect only what we need to run your job search. We never share or sell your personal data to third parties for marketing or advertising.
  • You can export or delete your data at any time, end-to-end, through the product.
  • We comply with GDPR, including the right to access, the right to portability, the right to erasure, and the rights around automated decision-making (Article 22).
  • We don't read your CV for purposes unrelated to running your job search. No training our general-purpose AI models on your personal data. No selling your profile to recruiters or data brokers.
  • Every application you send through Appliqu has a full audit log you can access.
  • We disclose our subprocessors — the third-party services we use for infrastructure, payments, and analytics.

What Data We Collect

To run a job search, Appliqu needs:

Account data:

  • Email address
  • Password (hashed, never stored in plain text)
  • Account preferences

Job search profile data:

  • Your CV content (or the information you provide through the CV builder Q&A)
  • Target roles, locations, industries
  • Salary expectations
  • Application preferences (auto-approve settings, excluded companies, etc.)

Operational data:

  • Applications generated and submitted
  • Employer responses and status updates
  • Your interactions with the product (Review & Approve actions, edits, approvals)

Technical data:

  • Login events
  • Device and browser information (for session management)
  • Error logs (for product reliability)

What we don't collect:

  • Social Security / tax ID numbers (we have no use for them)
  • Payment details (handled exclusively by our payment processor, Stripe)
  • Data beyond the job search context

How the Data Is Stored and Protected

Encryption in transit. All data moving between your device and Appliqu's servers is encrypted using TLS 1.3 (HTTPS). This means no one intercepting your internet connection can read the contents.

Encryption at rest. All sensitive data in our databases is encrypted at rest. Even someone with physical access to our servers couldn't read it without the decryption keys, which are managed separately.

Access controls. Internal access to user data is tightly restricted. Engineers and support staff can only access user data when necessary for debugging or support, with access logged and audited.

Infrastructure. We use EU-based cloud infrastructure (Vercel, Cloudflare, and AWS/R2 for storage) so that your data stays on EU soil under EU law. We've chosen providers that offer explicit GDPR compliance and the standard contractual data processing agreements.

Security testing. We run regular security reviews and vulnerability scans. Critical security issues get patched on an expedited timeline.

How We Use AI on Your Data

Appliqu uses AI language models to generate CVs, cover letters, and match roles to your profile. Here's how that works, specifically:

  • Your personal data is processed by AI models to perform your requested actions (e.g., writing a cover letter for a specific role).
  • Your personal data is not used to train our general-purpose AI models or the underlying LLMs we use. We contract with AI providers specifically for infrastructure that doesn't train on customer data.
  • The outputs generated from your data are stored in your account for your review and for audit purposes. You can delete them at any time.
  • Our AI subprocessors are bound by data processing agreements that limit their use of your data to providing the service to Appliqu.

We're specific about this because it's where many AI products get handwavey. The short version: your data is used to run your job search, not to build our general AI capabilities.

Your GDPR Rights

Under the GDPR, you have several rights over your personal data. Appliqu exposes all of them through the product:

Right to access (Art. 15). You can request a full copy of all personal data we hold about you, at any time. Available through account settings — one click, full export.

Right to rectification (Art. 16). If any of the data we have is wrong, you can correct it directly in the product or request correction.

Right to erasure / "right to be forgotten" (Art. 17). You can delete your account and all associated data at any time. Deletion is permanent within 30 days (during which time data may exist in backups for operational reasons, after which it's purged).

Right to restriction of processing (Art. 18). You can pause Appliqu's processing of your data without deleting the account — e.g., if you want to stop the agent from running temporarily.

Right to data portability (Art. 20). You can export your data in a standard, machine-readable format for use elsewhere.

Right to object (Art. 21). You can object to specific types of processing.

Right not to be subject to automated decision-making (Art. 22). This one deserves its own section.

Article 22: Review & Approve Explained

GDPR Article 22 gives you the right not to be subject to decisions "based solely on automated processing" that produce legal or similarly significant effects. A job application is clearly in this category — it affects your career, your earnings, your professional reputation.

Appliqu's architecture is designed around this from day one. The Review & Approve step means every application goes through your explicit human approval before being submitted. This satisfies Article 22's requirement for human involvement in the decision loop.

For users who later choose to enable auto-approve (because they've reviewed enough outputs to trust the agent's judgment), this operates under Article 22's consent pathway: you're giving explicit, informed consent to automated processing, with the right to revoke that consent at any time and return to manual review.

Either way, you're in control. Either way, the architecture is built to keep you in control.

What We Tell Employers

When Appliqu submits an application on your behalf, the employer sees the CV and cover letter just as they would if you submitted them yourself. We don't:

  • Tell employers the application was AI-generated unless legally required or specifically relevant
  • Share your preferences or search history with the employers you apply to
  • Provide employers with any information about other applications you've made
  • Include any tracking or identifiers in your applications that would give the employer information beyond what you intended to share

Your applications go out under your name, from your email (or an Appliqu-managed email with forwarding to you, depending on setup), with your content. The employer's experience is the same as if you'd applied manually — cleaner, probably, because the formatting and content quality are consistent.

Subprocessors and Third Parties

Running a product like Appliqu requires a small number of third-party services. We disclose all of them, and all of them are bound by data processing agreements compliant with GDPR. Our current subprocessors:

  • Vercel (hosting and infrastructure)
  • Cloudflare (content delivery, DDoS protection)
  • AWS / R2 (file storage)
  • PostgreSQL-compatible database provider (data storage)
  • Stripe (payments — Stripe holds payment data, not Appliqu)
  • Anthropic / OpenAI (AI model providers, under non-training commercial terms)
  • PostHog or Mixpanel (product analytics — anonymized)
  • Sentry (error logging)

This list is kept up to date in our privacy policy. If we change subprocessors, we notify users.

What We Don't Do

A few things we specifically do not do, to be crystal clear:

  • We don't sell your data. Ever. Not to advertisers, not to recruiters, not to data brokers, not to employers.
  • We don't scrape public profiles of other people using your account. If you share contact details for references or connections, those are used for your benefit only.
  • We don't use your CV or cover letters to train models that serve other customers. Your application materials are your own.
  • We don't provide employers with a back-channel to Appliqu users. There's no "Appliqu-sourced" database employers can buy access to. If an employer wants to contact you, they do it through the normal application/recruiting channels.
  • We don't retain data we don't need. We have retention policies in place, and your data is actively deleted when you request deletion.

The EU AI Act Layer

Beyond GDPR, Appliqu is building for compliance with the EU AI Act's obligations for high-risk AI systems, which apply to employment-related AI by December 2027. We take the prudent position of assuming our product falls under high-risk requirements and building compliance from day one.

This means:

  • Documented human oversight (Review & Approve)
  • Documented data governance and quality standards
  • Risk management system identifying and mitigating potential harms
  • Record-keeping of AI decisions and operations
  • Transparency about how the AI works and what data it uses
  • Accuracy and robustness standards for the AI-generated content

Our EU AI Act deep-dive covers this in more detail. The short version: we're ahead of the compliance curve on purpose, because building a trustworthy product is the whole point.

How to Contact Us About Data

If you have questions about your data, want to exercise any GDPR right, or want to report a potential privacy issue:

  • Most requests can be handled through account settings — export, delete, restrict, etc.
  • For everything else: email our privacy team (address listed in our privacy policy on the product site).
  • Our supervisory authority (for German users) is the relevant Landesdatenschutzbeauftragte. You have the right to lodge a complaint there if you're not satisfied with how we handle a privacy concern.

The Full Legal Version

This post is the plain-English summary. For the legally binding version, see our Privacy Policy (Datenschutzerklärung) on the product site, which covers everything in full legal detail in both English and German.

What this post is: a clear explanation of what you're signing up for.

What the privacy policy is: the binding contract.

If anything in this post and the privacy policy appears to conflict, the privacy policy governs. We try hard to keep them consistent, and we update this page whenever the policy changes.

The Underlying Principle

We designed Appliqu's data handling around one idea: your job search is yours. The data is yours. The decisions are yours. The outputs are yours. Our job is to make it work, not to harvest it.

This isn't a marketing claim — it's architectural. The product is built so that you could walk away tomorrow with all your data in hand and no remaining traces in our systems. That's a good baseline for anyone handing sensitive career information to software.

Transparent, compliant, built in Europe. Start free at appliqu.com →

Stop applying manually.Appliqu handles the pipeline. You show up for interviews.
Try Appliqu free

Keep reading