Privacy Policy
Last updated: June 17, 2026
NexApply ("NexApply", "we", "us", or "our") provides an AI-powered job-application tracker available as a web app and an optional "Save Job" browser extension (collectively, the "Service"). This Privacy Policy explains what we collect, how we use it, and the choices you have. The Service is currently offered only to users in the United States.
By using the Service you agree to this Privacy Policy. If you do not agree, please do not use the Service.
1. Information we collect
Account information
When you create an account we collect the information needed to sign you in:
- Google Sign-In: if you sign in with Google, we receive your name, email address, profile picture, and Google account identifier from Google's OpenID Connect service (the
openid,email, andprofilescopes). We do not request access to your Gmail messages or any other Google data. - Email & password: if you register with an email and password, we collect your email address and a securely hashed version of your password. If you enable two-factor authentication (2FA), we store an encrypted secret or send one-time codes to your email.
Job-search data you provide
Information you enter to use the tracker, such as job applications (company, role, location, salary, status, dates, notes), contacts, companies, reminders, and documents you upload (e.g., résumés and cover letters).
Payment information
If you subscribe to a paid plan, payments are processed by Stripe. We do not see or store your full card number. We store your subscription status and the Stripe customer and subscription identifiers needed to manage your plan.
Usage and technical data
- A session cookie used to keep you signed in.
- Your approximate country, derived from your IP address, which we use to limit the Service to the United States.
- Standard request metadata (IP address, browser/user-agent, timestamps) and counts of AI features used, for security, abuse prevention, and usage limits.
Browser extension
The optional "Save Job" extension reads the URL and page content of the current tab only when you click the extension, in order to extract job details and save them to your NexApply account. It does not run in the background or read other tabs, and it sends data only to NexApply. See the extension listing for its full permission disclosure.
2. How we use your information
- To provide, maintain, and secure the Service and your account.
- To power features you request, including AI drafting of cover letters, résumé bullets, follow-up emails, and application insights.
- To process subscriptions and billing through Stripe.
- To send you service and notification emails (for example, daily digests, reminders, and important account messages).
- To enforce usage limits, prevent fraud and abuse, and comply with legal obligations.
3. AI processing of your content
When you use an AI feature, the relevant text (such as a job description and the background you provide) is sent to Cloudflare Workers AI to generate the requested draft and is returned to you. This processing is performed to deliver the feature you requested. Your content is not used to train third-party foundation models, and we do not sell it. AI-generated output may be inaccurate and should always be reviewed before you rely on it.
4. Google user data & Limited Use
NexApply's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically, data obtained from Google Sign-In is used only to authenticate you and operate your NexApply account. We do not:
- transfer or sell this data to third parties for advertising, market research, or other unrelated purposes;
- use it to serve advertisements; or
- allow humans to read it, except where you have given consent for specific items, where it is necessary for security purposes (such as investigating abuse) or to comply with applicable law, or where the data has been aggregated and anonymized.
5. How we share information
We do not sell your personal information. We share it only with the service providers ("subprocessors") that operate the Service on our behalf:
| Provider | Purpose |
|---|---|
| Cloudflare | Application hosting, database (D1), document storage (R2), AI processing, and transactional email delivery |
| Stripe | Subscription payment processing |
| Sign-in / authentication (only if you choose Google Sign-In) |
We may also disclose information if required by law or valid legal process, to protect our rights or the safety of users, or in connection with a merger, acquisition, or sale of assets (in which case we will continue to protect your information consistent with this policy).
6. Data retention
We keep your information for as long as your account is active. When you delete your account, we delete your personal data and job-search content, and we cancel any active subscription. Some records may be retained for a limited period where required for legal, tax, security, or fraud-prevention purposes, after which they are deleted or anonymized.
7. Your privacy rights
Subject to applicable law, including the California Consumer Privacy Act (CCPA/CPRA), you have the right to:
- Access / portability: request or download a copy of your data. You can export your data at any time from Settings → Danger zone.
- Deletion: delete your account and associated data from Settings → Danger zone.
- Correction: update your information directly in the app.
- Non-discrimination: we will not discriminate against you for exercising these rights.
We do not sell or "share" personal information as those terms are defined under the CCPA. To make a request or ask a question, email support@nexapply.org.
8. Security
We protect your information with industry-standard measures, including encryption in transit (HTTPS), encryption at rest for sensitive secrets such as authentication tokens, hashing of passwords, optional two-factor authentication, and bot protection (Cloudflare Turnstile) on sign-up and sign-in. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
9. Cookies
We use a single essential, first-party session cookie to keep you signed in. We also use Cloudflare Turnstile, which may set a cookie to verify you are not a bot. We do not use third-party advertising or cross-site tracking cookies.
10. Children's privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us and we will delete it.
11. Data location
The Service is operated in the United States on Cloudflare's infrastructure and is intended for U.S. users only.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide additional notice within the Service. Your continued use after an update constitutes acceptance of the revised policy.
13. Contact us
If you have questions about this Privacy Policy or your data, contact us at support@nexapply.org.