Privacy Policy

AppStride (“we,” “our,” or “us”) operates the AppStride application and website. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. We built AppStride to help you apply for jobs more effectively, and we take the privacy of your career data seriously.

By using AppStride, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the service.

1. Information We Collect

1.1 Information You Provide

When you create an account and use AppStride, you provide us with career-related information including:

• Account information: your name, email address, phone number, and authentication credentials.
• Profile data: work authorization status, demographic information (if voluntarily provided for EEO form-filling), mailing address, and LinkedIn or portfolio URLs.
• Resume content: work experience, education history, skills, certifications, and resume bullet points you upload or create within the application.
• Cover letter content: cover letters you upload or compose using our AI-assisted tools, including individual content blocks (hooks, experience mappings, closings, and other sections).
• Job application data: job listings you save or apply to, application session records, field values entered during form-filling sessions, screening question answers, and application status updates.
• ATS credentials: if you use the Stride co-pilot, you may provide login credentials for applicant tracking system (ATS) platforms such as Workday, Greenhouse, or Lever. These credentials are encrypted and stored in our credential vault.
• AI provider API keys: if you use our Bring Your Own Key (BYOK) feature, you provide API keys for third-party AI providers. These keys are encrypted and stored securely.
• Prompt preferences: custom instructions you configure for how the AI generates content on your behalf.
• Q&A knowledge base: answers to screening questions you provide or approve during application sessions, which are stored to improve future applications.

1.2 Information We Collect Automatically

When you use AppStride, we automatically collect:

• Usage data: pages visited, features used, session duration, and interaction patterns within the application.
• Application session data: screenshots captured during co-pilot sessions (before-fill, after-fill, and review states), field-level logs of values filled by the agent, and intervention records where you corrected the agent.
• Device information: browser type, operating system, and screen resolution.
• Log data: server logs including IP address, request timestamps, and error information.

1.3 Information Collected Through Optional Integrations

Some AppStride features require access to external accounts. These integrations are entirely optional and require your explicit authorization:

• Email integration: if you connect your Gmail or Outlook account, AppStride requests read-only access to your inbox via OAuth. We scan email subjects and sender addresses to detect application-related messages (such as interview invitations, rejections, or status confirmations). Email content is processed in memory to extract status updates but is never stored, indexed, or used for any purpose beyond generating a suggested status update for your review. We do not access drafts, sent mail, or contacts. You can disconnect email access at any time in your settings.

1.4 Information We Do Not Collect

We want to be clear about what we do not do:

• We do not access your email inbox unless you explicitly enable email integration, and even then, access is read-only and limited to application status detection.
• We do not track your browsing activity outside of AppStride.
• We do not collect biometric data.
• We do not purchase data about you from third-party data brokers.

2. How We Use Your Information

We use the information we collect to:

• Provide the core service: parse your resumes, manage your content library, match you with relevant jobs, and operate the Stride co-pilot to assist with form-filling.
• Generate AI content: create tailored resume bullets, compose cover letters, draft screening question answers, and produce ATS-optimized documents using your content and preferences.
• Improve your experience over time: learn from your corrections during application sessions to increase accuracy and reduce interventions in future applications. This learning is specific to your account only.
• Generate embeddings: create vector representations of your resume content, cover letter blocks, skills, and Q&A answers to power semantic search and content matching within your account. These embeddings are stored in your database alongside your other data.
• Score job matches: compare your skills, experience, and preferences against job listings to surface relevant opportunities.
• Provide ATS keyword analysis: evaluate your resume content against job descriptions to identify matched and missing skills.
• Communicate with you: send service-related notifications, respond to support requests, and share product updates (with your consent).

3. How We Store and Protect Your Information

Data Storage

Your data is stored in Supabase, a cloud database platform built on PostgreSQL. All data is subject to row-level security (RLS) policies, meaning you can only access your own data through the application.

Encryption

Sensitive credentials are encrypted using Supabase Vault, which uses libsodium (industry-standard cryptographic library) for encryption at rest. This applies to your ATS platform passwords and any BYOK API keys you provide. These values are never logged, never sent to the frontend application, and are only decrypted at the moment they are needed to perform an action on your behalf.

Security Measures

We implement the following security measures: encrypted data transmission via HTTPS/TLS for all connections, row-level security ensuring data isolation between users, encrypted credential storage via Supabase Vault, parameterized CORS configuration to prevent unauthorized cross-origin requests, and authentication via Supabase Auth with secure session management.

While we use industry-standard measures to protect your information, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.

4. Third-Party Services

AppStride integrates with third-party services to provide its functionality. Your data may be processed by the following services in the course of normal operation:

Infrastructure

• Supabase: database hosting (PostgreSQL), user authentication, file storage, credential vault, and vector search via pgvector. All of your data — including vector embeddings used for semantic search and content matching — resides within your Supabase database, secured by row-level security policies.

AI Providers

AppStride uses AI language models to parse documents, generate content, and interpret form fields. Depending on your configuration, your content may be sent to one or more of the following providers:

• Anthropic (Claude): used for resume parsing, content generation, form interpretation, and screening question drafting.
• Google AI (Gemini): available as an alternative provider for content generation and classification tasks.
• OpenAI: used for generating text embeddings (vector representations of your content for search and matching). If you use BYOK, your chosen provider handles your assigned tasks.

When you use BYOK, your content is sent to your chosen providers using your own API keys. Your usage is subject to each provider’s own terms of service and privacy policies. AppStride does not control how these providers process data sent via your keys.

Job Research

• Serper.dev: used to search for company information during cover letter composition. Only the company name and job title are sent, not your personal information.

Browser Automation

• Browser Use Cloud: provides managed browser instances for the Stride co-pilot. During active application sessions, the browser interacts with ATS platforms on your behalf. Browser Use Cloud processes the visual content of the pages being filled but does not retain your personal data after the session ends.

Email Integration (Optional)

• Google (Gmail): if you connect Gmail, authentication is handled via Google OAuth. AppStride requests read-only inbox access. Google’s privacy policy governs the OAuth connection itself.
• Microsoft (Outlook): if you connect Outlook, authentication is handled via Microsoft OAuth. AppStride requests read-only inbox access. Microsoft’s privacy policy governs the OAuth connection itself.

We do not sell your personal information to any third party. We do not share your data with third parties for their own marketing purposes.

5. Bring Your Own Key (BYOK)

AppStride supports a Bring Your Own Key model, where you can connect your own API keys for AI providers (Anthropic, Google AI, OpenAI, or Azure OpenAI). When you use BYOK:

• Your API keys are encrypted via Supabase Vault and stored server-side. They are never exposed to the frontend, never logged, and only decrypted at the moment of an API call.
• Your content is sent directly to the provider you configure, using your key. The provider’s terms of service and data handling policies apply to that interaction.
• You are responsible for the security of your API keys prior to providing them to AppStride. If you believe a key has been compromised, you should revoke it with the provider and update it in AppStride.
• API keys are validated via a test call before being stored. Invalid or expired keys are not retained.

6. Stride Co-Pilot Sessions

The Stride co-pilot operates a browser on your behalf to assist with filling job application forms. During a session:

• Screenshots of the application form are captured at regular intervals and stored temporarily to enable the real-time supervision view. These screenshots are cached with a short time-to-live and are not retained indefinitely.
• Every field the agent fills is logged, including the value entered, the source of that value (your profile, resume, Q&A history, or AI-generated), and the confidence score.
• If you correct the agent during a session, those corrections are recorded to improve future accuracy within your account.
• ATS credentials used during a session are retrieved from the encrypted vault, used for the session, and never displayed in plaintext in the application interface.
• The agent never submits an application without your explicit review and approval.

7. Email Integration

AppStride offers optional email integration to help you track application status updates from your inbox. This feature is entirely opt-in and is not required to use any other part of the Service.

How It Works

If you choose to connect your Gmail or Outlook account, AppStride authenticates via OAuth and requests read-only access to your inbox. No send permissions are requested. Once enabled, AppStride periodically scans your inbox (approximately every 2 hours) for emails from known ATS platform domains and company career addresses.

What We Process

AppStride examines email subject lines and sender addresses to identify application-related messages. When a match is found, the system generates a suggested status update (for example, “Email from Acme Corp suggests a rejection. Update status?”). You must confirm or dismiss each suggestion — nothing auto-updates.

What We Store

AppStride stores only the metadata needed to present the suggestion to you: the email subject line, the sender address, the suggested status, and whether you accepted or dismissed the suggestion. We do not store the body of any email. Email content is processed in memory and discarded after the status suggestion is generated.

What We Do Not Access

• We do not read email bodies beyond what is necessary to detect application status patterns.
• We do not access your sent mail, drafts, contacts, or attachments.
• We do not use email content for advertising, profiling, or any purpose other than generating status suggestions.
• We do not share any email data with third parties.

Disconnecting

You can disconnect your email account at any time in Settings. When disconnected, the OAuth token is immediately revoked and deleted from our credential vault. Previously generated status suggestions remain in your application history, but no further inbox scanning occurs.

8. Data Retention and Deletion

We retain your data for as long as your account is active. You may request deletion of your account at any time. Upon account deletion:

• All personal data, including your profile, resumes, cover letters, application records, Q&A knowledge base, skills inventory, prompt preferences, and ATS credentials, will be permanently purged within 7 days.
• BYOK API keys are deleted immediately upon account deletion.
• Embeddings associated with your account are deleted along with the rest of your data.
• Application session screenshots and field logs are deleted.
• Email integration OAuth tokens are revoked and deleted. Previously generated status suggestions are deleted with the rest of your application data.
• Anonymized, aggregated usage statistics (such as total application counts) may be retained for service improvement, but cannot be linked back to you.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate personal data.
• Deletion: request deletion of your personal data (subject to the retention schedule above).
• Export: request your data in a portable format.
• Objection: object to certain types of processing.
• Restriction: request that we limit how we use your data.

To exercise any of these rights, contact us at privacy@appstride.io. We will respond within 30 days.

10. Cookies and Analytics

AppStride uses essential cookies required for authentication and session management. These cookies are necessary for the service to function and cannot be disabled.

We plan to implement analytics tools in the future to understand how the product is used and to improve the experience. When we do, this policy will be updated to reflect the specific tools used, the data collected, and any opt-out mechanisms available to you. We will notify you of material changes to this policy.

11. Children’s Privacy

AppStride is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected data from a person under 18, we will delete that information promptly. If you believe a minor has provided us with personal information, please contact us at privacy@appstride.io.

12. International Data Transfers

AppStride is operated from the United States. If you are accessing the service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using AppStride, you consent to this transfer. We rely on standard contractual clauses and other lawful mechanisms for international data transfers where required.

13. Future Features and New Data Practices

AppStride is an actively developed product. As we introduce new features, some may involve collecting, processing, or sharing data in ways not described above. When this happens, we commit to the following:

• Any new feature that collects additional personal data or accesses external accounts will require your explicit opt-in before activation. We will never silently expand our data collection.
• Before launching a feature with new data practices, we will update this Privacy Policy and notify you of the changes through the application and, where appropriate, via email.
• New integrations with third-party services will be disclosed in this policy, including what data is shared and for what purpose.
• Optional features will remain optional. Core functionality will never be gated behind granting access to additional data sources.

We believe you should always know what data AppStride accesses, why, and how to turn it off. If you have questions about an upcoming feature, contact us at privacy@appstride.io.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on our website and updating the effective date at the top. For significant changes, we will provide additional notice through the application or via email.

Your continued use of AppStride after changes are posted constitutes your acceptance of the revised policy.

15. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at: