50% off first month for the first 50 sign-ups —claim FOUNDING50 →
MassApply AI logoMassApply AI

Privacy Policy

Last updated: May 26, 2026

1. Who we are

MassApply AI ('we', 'us', 'our') operates the website and SaaS platform at massapplyai.com. Contact: hello@massapplyai.com.

2. What we collect

(a) Account data: name, email, password hash, OAuth provider IDs. (b) Profile data: resume, work history, target roles, salary expectations, work authorization. (c) Optional job-site credentials, which we store encrypted with AES-256-GCM. (d) Application activity: which jobs we applied to on your behalf, status, match score, and AI-generated resume/cover letter for each. (e) Payment metadata via Stripe (we never see card numbers). (f) Standard log data (IP, user agent, timestamps).

3. How we use it

Solely to operate the service — to find, score, tailor, and submit job applications on your behalf; to bill you; to send transactional and account email; to detect abuse; and to improve the product. We do not sell personal data. We do not use your resume to train any third-party AI model.

4. AI providers

We use third-party AI providers to power tailoring, scoring, and our Massey helper. Your resume text, job descriptions, and message content are sent to these providers solely to generate responses for you; providers contractually prohibit use of this content for training.

5. Credential handling

If you choose to store job-site credentials so we can submit applications on your behalf, they are encrypted at rest with AES-256-GCM and decrypted only inside our submission worker. They are never displayed back to you and not visible to staff in plaintext.

6. Sharing

Subprocessors: Supabase (database, RLS-isolated by user), Stripe (billing), Resend (email), Apify (job scraping), OpenAI (AI generation), Vercel (hosting), Railway (automation). We do not share data with advertisers.

7. Your choices

You can export your data, delete your account, and revoke stored credentials at any time from your settings page. Deletion removes account data within 30 days; aggregated billing records may be retained as required by law.

8. Retention

Application history is kept for as long as your account is active and 90 days thereafter. Encrypted credentials are deleted within 24 hours of credential-revocation or account closure.

9. Security

HTTPS everywhere, Supabase Row Level Security on all per-user tables, AES-256 on stored credentials, rate limiting on all API routes, secrets in environment variables only. We do our best — no system is perfectly secure. If you find a vulnerability, please email hello@massapplyai.com.

10. Children

MassApply AI is not intended for users under 18.

11. International

We process data in the United States. If you sign up from elsewhere, you consent to processing in the US.

12. Changes

When we materially change this policy we'll email account holders and post the updated version here. Continued use after the effective date means you accept the changes.

Questions? Email hello@massapplyai.com.