Privacy Policy

Version 2.1 • Last updated: March 9, 2026

1. Who We Are & Contact

Plushly is the controller for the personal data processing described in this Policy.

Contact: support@plushly.ai

2. Scope

This Policy covers personal data processed via:

The Plushly website (plushly.ai)
The Plushly desktop application for macOS and Windows
The Plushly mobile application for iOS
Job application automation features
AI resume builder
Marketing communications

3. Data We Collect

Account & Contact Data

Name, email address, phone number, country/location, zip code, and account preferences. We may also collect your LinkedIn profile URL and portfolio URL if you choose to provide them.

Profile & Job Search Data

Resume/CV content (work history, education, skills, certifications)
Job preferences (titles, locations, salary range, remote preference, experience level)
Work authorization status
LinkedIn profile URL
Application answers and cover letter content

Optional EEO Data

If you choose to provide it: gender, veteran status, disability status, and ethnicity. This data is only used for applications that request it and is stored securely.

Technical & Usage Data

Device information and operating system
IP address (for security, geolocation, and fraud prevention)
Application usage statistics (jobs applied, jobs swiped, features used)
Error logs and diagnostics
Session and authentication tokens
Push notification device tokens (iOS) for delivering application status updates and other service notifications

Payment Data

Payment processing is handled by Stripe (web and desktop) and Apple via in-app purchase (iOS). We do not store your full credit card number or Apple Pay details. We receive and store subscription status, billing dates, transaction identifiers, and purchase receipts for the purpose of provisioning your plan.

4. How We Use Your Data & Legal Bases

Provide and Operate the Services

(Contractual necessity)

Create and manage your account
Process job applications on your behalf
Generate AI-powered resumes and application answers
Track application history and statistics

Job Application Automation

(Contractual necessity)

When you enable automation features, we perform automated job searching, matching, and form-filling at your direction. In manual review mode, applications are queued for your approval. In automatic mode (Pro), applications may be submitted automatically based on your preferences.

AI Processing

(Contractual necessity)

We use AI services to generate resume content, cover letters, and application answers. See Section 5 for details on AI providers.

Service Improvement

(Legitimate interests)

We may use aggregated, anonymized, or de-identified data to improve service quality, fix bugs, and develop new features.

Security & Fraud Prevention

(Legitimate interests; legal obligations)

We process technical data to detect and prevent fraud, abuse, security threats, and violations of our Terms. This includes monitoring for suspicious activity, unauthorized access, and account sharing.

Marketing Communications

(Consent)

With your opt-in consent, we may send promotional emails about Plushly features and updates. You can unsubscribe at any time.

5. AI Providers & Processing

When you request AI-generated content (resumes, cover letters, application answers), we send the minimum necessary data to our AI model providers to generate the requested output.

Current providers: We use AI services including but not limited to Groq and similar LLM providers. Providers may change over time based on quality, reliability, and cost considerations.

Data handling:

We instruct providers not to use your data to train their models
AI-generated content is stored in your account only as long as you keep it
Providers act as subprocessors under appropriate data protection terms

Your choice: If you do not want your data processed by AI providers, do not use AI-powered features (resume builder, AI form filling).

6. Automated Decision-Making

When you enable automation features, Plushly performs automated job searching, matching, and form-filling based on your preferences. This automation:

Executes tasks you would otherwise perform manually
Does not produce legal or similarly significant effects by us
Can be controlled through manual review mode (you approve each application)

To avoid automated submissions, keep manual review mode enabled and review each application before approval.

7. "As-Provided" Data Transmission

Application data is transmitted to third-party job platforms (e.g., LinkedIn) exactly as you provide it. We do not automatically redact or mask fields on your behalf.

Avoid including: Payment card data, bank details, government ID numbers (SSN, etc.), health information, or other sensitive data unless a job application form explicitly requests it and you choose to provide it.

8. Data Sharing

We do not sell or rent your personal data.

We share data with:

Service providers: Hosting (Supabase, AWS), payment processing (Stripe; Apple via in-app purchase on iOS), subscription management (RevenueCat), email delivery (Amazon SES), push notification delivery (Apple Push Notification service), AI services, and analytics—all acting on our instructions under appropriate agreements
Job platforms: LinkedIn and other platforms where you direct us to submit applications
Legal requirements: Authorities where required by law, or where necessary to protect rights, enforce terms, or prevent fraud/security issues

9. International Data Transfers

Our servers are primarily located in the United States. If you are located outside the US, your data will be transferred to and processed in the US.

For transfers from the UK/EEA, we rely on Standard Contractual Clauses or other lawful transfer mechanisms where applicable.

10. Data Retention

Account data: Retained for the life of your account
Resume and application data: Retained until you delete it or close your account
Security logs: Up to 24 months
Backups: Purged within 30 days after primary data deletion

We may retain certain data longer if required by law or for legitimate business purposes (e.g., fraud prevention, resolving disputes).

11. Your Rights

All Users

Access: Request a copy of your personal data
Correction: Update inaccurate information
Deletion: Delete your account and personal data
Portability: Export your data in a common format

UK/EEA Residents (GDPR)

You additionally have the right to:

Restrict processing in certain circumstances
Object to processing based on legitimate interests
Withdraw consent at any time (where processing is based on consent)
Lodge a complaint with a supervisory authority (e.g., the UK ICO)

California Residents (CCPA)

You have the right to:

Know what personal information we collect and how it is used
Delete your personal information
Opt out of the sale of personal information (we do not sell your data)
Non-discrimination for exercising your rights

To exercise any of these rights, contact us at support@plushly.ai.

12. Cookies & Similar Technologies

Website: We use cookies for session authentication, preferences, and analytics. You can manage cookie preferences through your browser settings.

Desktop application: We use local storage for authentication tokens and user preferences. We collect anonymized usage analytics to improve the service.

iOS application: We use secure on-device storage (Keychain) for authentication tokens and UserDefaults for user preferences. We collect a push notification device token solely for delivering service notifications. We do not use any third-party analytics or advertising SDKs in the iOS application.

We do not use third-party advertising trackers on any platform.

13. Marketing Communications

Transactional emails: We send service-related emails (account verification, subscription confirmations, important updates) without requiring opt-in consent.

Marketing emails: Require your opt-in consent. You can unsubscribe at any time via the link in any email or through your account settings.

We maintain records of consent as required by applicable law.

14. Security

We implement reasonable technical and organizational measures to protect your data, including:

Encryption of data in transit and at rest
Secure authentication with hashed passwords
Access controls and row-level security
Regular security monitoring

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Services at your own risk.

15. Children's Privacy

Plushly is not intended for users under 18 years of age. We do not knowingly collect personal data from children under 18 (or 13 in the US, 16 in the UK/EU).

If you believe a child has provided us with personal data, please contact us immediately at support@plushly.ai so we can delete it.

16. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices or content of external sites. We encourage you to review the privacy policies of any site you visit.

17. Changes to This Policy

We may update this Policy from time to time. We will post changes with a new "Last updated" date. For material changes, we will provide additional notice via email or through the application.

Your continued use of Plushly after changes become effective constitutes acceptance of the revised Policy.

18. Complaints

If you have concerns about how we handle your data, please contact us first at support@plushly.ai so we can try to resolve your concern.

You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO). In the EU, contact your local supervisory authority.

19. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@plushly.ai