Pre-launch disclosure
We are not publishing a residential or full business address yet. A complete German Impressum (name and ladungsfähige Anschrift) is required for many public commercial sites in Germany; we will add those details here in the near future. Contact: [email protected].
Legal
Privacy Policy
Last updated 2026-04-16
Controller and contact
The controller of your personal data within the meaning of the EU General Data Protection Regulation (GDPR) is the operator of ApplyForMe (full statutory name and postal address for Germany will appear in our Impressum before we broadly offer paid services to consumers in the EU; contact until then: [email protected]). We are established in Germany. For all privacy requests and to exercise your rights under the GDPR, contact us at [email protected]. If German law requires a postal address for the controller, it will be published in our Impressum (legal notice) on this website. Please use that address for formal written requests if you prefer not to use email.
Categories of personal data
Depending on how you use ApplyForMe, we process in particular: • Account data — e.g. username, email address, and authentication secrets (we do not store your password in plain text). • Profile and job-search data — resumes, CVs, cover-letter templates, skills, preferences, and similar information you choose to provide. • Activity and service data — job search history, match results and scores produced by our smart system, application status information you see in the product, and related usage data necessary to run the Service. • Automation data — if you enable automated applications, information you provide so the Service can act on your behalf (only as needed for that feature). • Technical data — e.g. IP address, device/browser type, timestamps, and security logs, as required for security, abuse prevention, and stable operation. We do not use this policy to advertise specific vendors by name; details of processors may be available upon request or in separate documentation where appropriate.
Purposes and legal bases (GDPR)
We process personal data for the purposes below, relying on these legal bases under Art. 6 GDPR: • Providing the Service, including account management, matching, resume storage and adaptation, and optional automated applications — performance of a contract (Art. 6(1)(b) GDPR) and, where necessary, our legitimate interests in operating a secure SaaS product (Art. 6(1)(f) GDPR: IT security, service improvement). • Billing and payment-related handling where you subscribe to paid plans — performance of a contract (Art. 6(1)(b) GDPR) and compliance with tax/commercial retention rules where applicable (Art. 6(1)(c) GDPR). • Support and communication with you — performance of a contract and/or legitimate interests in assisting users (Art. 6(1)(b) or (f) GDPR). • Security, fraud prevention, and abuse detection — legitimate interests (Art. 6(1)(f) GDPR) and, where required, legal obligations (Art. 6(1)(c) GDPR). • Product analytics that does not rely on intrusive tracking — typically legitimate interests (Art. 6(1)(f) GDPR), or consent where we use non-essential cookies or similar technologies that require it under ePrivacy rules (Art. 6(1)(a) GDPR). • Direct marketing to existing customers about similar products, where permitted under applicable law — legitimate interests or consent as required. Where we ask for consent for a specific processing activity, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
International transfers
Where we transfer personal data to countries outside the European Economic Area (EEA), we do so only with appropriate safeguards under GDPR Chapter V — for example Standard Contractual Clauses approved by the EU Commission — unless an adequacy decision applies or another permitted ground exists. You may request more information about such safeguards by contacting us at [email protected].
Storage periods
We retain personal data only as long as necessary for the purposes above, unless longer retention is required by law. Typically: account and job-search data are kept while your account is active; after closure, we delete or anonymise data within a reasonable period except where we must retain limited records for legal, tax, or security reasons. Exact periods may depend on your plan and mandatory retention (e.g. invoicing).
Security
We implement appropriate technical and organisational measures under Art. 32 GDPR. No method of transmission or storage is completely secure; we cannot guarantee absolute security. If we become aware of a personal data breach that likely entails a high risk to your rights, we will notify you and the supervisory authority as required by law.
Your rights under the GDPR
If the GDPR applies to you, you have the right to: • Access your personal data (Art. 15 GDPR). • Rectify inaccurate data (Art. 16 GDPR). • Erase data in certain cases (Art. 17 GDPR). • Restrict processing in certain cases (Art. 18 GDPR). • Data portability, where applicable (Art. 20 GDPR). • Object to processing based on legitimate interests, including profiling in certain situations (Art. 21 GDPR). • Withdraw consent where processing is based on consent (Art. 7(3) GDPR). • Lodge a complaint with a supervisory authority — in Germany, the Federal Commissioner for Data Protection and Freedom of Information (BfDI) or your state authority; a list of EU authorities is available from the European Data Protection Board. To exercise these rights, write to [email protected]. We will respond within one month where the GDPR applies, subject to any lawful extension.
Matching and scoring
Our smart system scores job listings against your profile to show relevant opportunities. This involves automated processing, but it does not replace human review of whether a job suits you, and it does not produce legal effects concerning you in the sense of solely automated decision-making under Art. 22 GDPR. You remain responsible for deciding which roles to pursue and what to submit.
Children
The Service is not directed at individuals under 16. We do not knowingly process personal data of children below that age. If you believe we have done so, contact us at [email protected] and we will delete the information.
Changes and contact
We may update this Privacy Policy when our processing or the law changes. The “Last updated” date at the top will reflect the current version. Material changes will be brought to your attention where required (e.g. by email or in-product notice). Questions or requests: [email protected].