Legal

Privacy Policy

Effective date: April 8, 2026 · Last updated: April 8, 2026

aplo is a job alert service. We take your privacy seriously. This policy explains exactly what data we collect, why we collect it, and what we do with it. We've written it to be readable — not just legally defensible.

1. Who we are

aplo (“aplo”, “we”, “us”, or “our”) operates the job alert platform available at aplo.me. We monitor publicly available job postings from applicant tracking systems (ATS) and notify registered users when a matching role appears.

If you have questions about this policy, you can reach us at privacy@aplo.me.

2. What data we collect

We collect only what we need to provide the service.

Account information

Your first name (used to personalise emails and the dashboard)
Your email address (used to send job alerts and service notifications)
Your hashed password (we never store passwords in plain text)

Job alert preferences

Keywords, job titles, or roles you want to be alerted about
Location preferences and remote work filters
Any other search filters you configure

Usage data

Basic server logs (request timestamps, error logs) for reliability purposes
Email open and click events, used to diagnose delivery issues

We do not collect: payment information, phone numbers, CV or resume data, social media profiles, or any data beyond what is listed above.

3. How we use your data

Delivering job alerts — matching your preferences against new job postings and sending you email notifications.
Account management — authenticating your login, processing password resets, and sending essential account emails.
Service improvement — understanding which alert configurations are most useful so we can improve matching quality.
Security — detecting and preventing abuse, fraud, or unauthorised access.

We do not use your data for advertising, do not build profiles to sell, and do not make automated decisions that affect your rights.

4. Legal basis for processing (GDPR)

If you are in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing are:

Contract — processing necessary to provide the job alert service you signed up for.
Legitimate interests — maintaining security, preventing fraud, and improving the service, where these interests are not overridden by your rights.
Legal obligation — where applicable law requires us to retain or disclose data.

5. Sharing your data

We do not sell, rent, or trade your personal information. We share data with third-party service providers only where necessary to operate the platform:

Resend — our email delivery provider. Your email address is transmitted to Resend solely to deliver messages from us.
Vercel — our cloud hosting provider. Your data is stored on infrastructure operated by Vercel.
Database provider — we store your account data in a managed PostgreSQL database.

Each of these providers is contractually bound to process your data only as instructed and to protect it appropriately. We will share data with law enforcement or regulators only where legally required to do so.

6. Cookies and tracking

aplo uses a single session cookie to keep you logged in. We do not use advertising cookies, third-party tracking pixels, or analytics services that share your data with external parties.

If you block cookies, you will not be able to stay logged in to your account.

7. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal information within 30 days, except where we are required by law to retain certain records for a longer period.

Server logs are retained for up to 90 days for security and diagnostic purposes.

8. Your rights

Depending on where you are located, you may have the following rights:

Access — request a copy of the personal data we hold about you.
Correction — ask us to correct inaccurate or incomplete data.
Deletion — request that we delete your account and associated data.
Portability — receive your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interests.
Restriction — ask us to limit processing in certain circumstances.

To exercise any of these rights, email privacy@aplo.me. We will respond within 30 days. If you are in the EEA or UK and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority.

9. Data security

We implement industry-standard security measures including password hashing (bcrypt), encrypted data transmission (TLS), and access controls limiting who can view account data. No system is completely secure, and we cannot guarantee absolute security, but we take reasonable precautions and will notify you promptly in the event of a breach affecting your data.

10. Children

aplo is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page and, where the changes are material, notify you by email. Continued use of aplo after a policy update constitutes acceptance of the revised terms.

12. Contact

Questions, requests, or concerns about this Privacy Policy:

privacy@aplo.me