Privacy Policy

Last updated: February 2026

1. Data We Collect

Glorple collects only what is necessary to provide the service:

  • Account information: Email address (used for authentication via magic link).
  • Profile data: Name, phone, location, LinkedIn URL, and target job title you provide.
  • Resumes: Resume content you upload or create, stored to generate tailored applications.
  • Job data: Jobs you search for, save, and apply to within the platform.
  • Application data: Generated cover letters, customized resumes, and application status.
  • API keys: If you choose Bring Your Own Key (BYOK), your API key is encrypted at rest using AES-256-GCM.
  • Payment information: Processed entirely by Stripe. We store only your subscription tier and Stripe customer ID — never card numbers.

2. How We Use Your Data

  • Generating AI-tailored resumes and cover letters for jobs you select.
  • Calculating job match scores based on your skills and experience.
  • Tracking application status and history.
  • Processing payments and managing subscription tiers.
  • Sending transactional emails (magic links, data export before deletion).

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Data Retention & Auto-Deletion

Your data is automatically deleted after your chosen retention period (30, 60, or 90 days). You can extend your retention at any time from Settings. Before deletion, if you have provided an export email address, we will send a copy of your data to that address.

You can manually export all your data as JSON at any time from Settings, and you can delete your account immediately at any time.

4. Third-Party Services

  • Supabase: Database hosting and authentication (magic link emails).
  • Stripe: Payment processing for subscriptions. Subject to Stripe's Privacy Policy.
  • OpenAI / Anthropic: AI model providers for resume and cover letter generation. When using our hosted AI, your resume and job data are sent to these providers for processing. When using BYOK, requests go directly to your chosen provider under your own API agreement.
  • JSearch (RapidAPI): Job listing aggregation from multiple job boards.
  • Vercel: Application hosting.
  • Sentry: Error monitoring (no personal data is sent — only error stack traces and metadata).

5. BYOK (Bring Your Own Key) Liability

If you provide your own API key, you are responsible for that key's security and usage costs. We encrypt your key at rest using AES-256-GCM, but we recommend setting spending limits in your AI provider's dashboard and rotating keys periodically. Glorple is not liable for charges incurred on your API key.

6. Security

We use industry-standard security practices: encrypted connections (TLS), encrypted API key storage (AES-256-GCM), Row Level Security on all database tables, and token-based authentication with single-use magic links. We regularly review our security practices and address vulnerabilities promptly.

7. Your Rights

  • Access: Export all your data at any time from Settings.
  • Deletion: Delete your account and all data immediately from Settings.
  • Portability: Data is exported in standard JSON format.
  • Correction: Update your profile information at any time.

8. Contact

For privacy questions or concerns, contact us at privacy@glorple.com.