Share MassApply AI and get 20% off your first month —unlock my code →
MassApply AI logoMassApply AI

Privacy Policy

Last updated: June 16, 2026

1. Who we are

MassApply AI ('we', 'us', 'our') operates the website and SaaS platform at massapplyai.com. Contact: hello@massapplyai.com.

2. What we collect

(a) Account data: name, email, password hash, OAuth provider IDs. (b) Profile data: resume, work history, target roles, salary expectations, work authorization. (c) Optional job-site credentials, which we store encrypted with AES-256-GCM. (d) Application activity: which jobs we applied to on your behalf, status, match score, and AI-generated resume/cover letter for each. (e) Payment metadata via Stripe (we never see card numbers). (f) Standard log data (IP, user agent, timestamps).

3. How we use it

Solely to operate the service — to find, score, tailor, and submit job applications on your behalf; to bill you; to send transactional and account email; to detect abuse; and to improve the product. We do not sell personal data. We do not use your resume to train any third-party AI model.

4. AI providers

We use third-party AI providers to power tailoring, scoring, and our Massey helper. Your resume text, job descriptions, and message content are sent to these providers solely to generate responses for you; providers contractually prohibit use of this content for training.

5. Credential handling

If you choose to store job-site credentials so we can submit applications on your behalf, they are encrypted at rest with AES-256-GCM and decrypted only inside our submission worker. They are never displayed back to you and not visible to staff in plaintext.

6. Sharing

Subprocessors: Supabase (database, RLS-isolated by user), Stripe (billing), Resend (email), Apify (job scraping), AI/LLM providers (AI generation), Vercel (hosting), Railway (automation). We do not share data with advertisers.

7. Your choices

You can export your data, delete your account, and revoke stored credentials at any time from your settings page. Deletion removes account data within 30 days; aggregated billing records may be retained as required by law.

8. Retention

Application history is kept for as long as your account is active and 90 days thereafter. Encrypted credentials are deleted within 24 hours of credential-revocation or account closure.

9. Security

HTTPS everywhere, Supabase Row Level Security on all per-user tables, AES-256 on stored credentials, rate limiting on all API routes, secrets in environment variables only. We do our best — no system is perfectly secure. If you find a vulnerability, please email hello@massapplyai.com.

10. Children

MassApply AI is not intended for users under 18.

11. International

We process data in the United States. If you sign up from elsewhere, you consent to processing in the US.

12. Changes

When we materially change this policy we'll email account holders and post the updated version here. Continued use after the effective date means you accept the changes.

13. Data deletion

You have the right to delete your MassApply AI account and all personal data associated with it (including any data we received from Facebook Login or other OAuth providers) at any time. There are two ways to request deletion:

  1. In-app (recommended). Sign in, go to Settings, and click“Delete account.” Confirmation requires a 6-digit code sent to your registered email. Account and profile data are removed within 24 hours; encrypted job-site credentials are wiped immediately; derivative data (application history, AI-generated documents) is purged within 30 days.
  2. By email. Send a deletion request from the email address associated with your account to privacy@massapplyai.com with the subject line “Delete my data.” We respond within 5 business days and complete deletion within 30 days. If you signed up via Facebook Login, mention that so we can confirm Facebook ID removal as well.

What deletion removes: your account, profile, resume/cover letters, onboarding answers, application history, stored credentials, OAuth provider identifiers (including Facebook user ID and email scope, if applicable), and Massey chat transcripts. What we may retain: aggregate billing records as required by tax/finance law (no personal profile data), and anonymized usage analytics that cannot be tied back to you.

Facebook users:You can also revoke MassApply AI's access from Facebook Settings → Apps and Websites. Revoking access via Facebook stops further data sharing but does not by itself delete data we have already received — use one of the two methods above to complete deletion.

Questions? Email hello@massapplyai.com.