Privacy Policy.

Account data: your email address, display name, and a hashed and salted version of your password. We never store passwords in plain text.

Job application data you put into InRepply: company names, role titles, salary ranges, application stages and dates, notes, contact details for recruiters, CV / résumé files, cover letters, screenshots of job listings, tags and reminders. This data is yours. We process it to give you the service and for nothing else.

Usage data:

• Pages and screens visited within InRepply and the features you used.
• Device and browser information: OS, browser type and version, screen size, language.
• Your IP address. We anonymize the last octet after 30 days.

Payment data: payments are processed by Apple App Store, Google Play Billing, and Stripe, with subscription management by RevenueCat. We never see or store your card number, CVC or full bank details. We receive only the information we need to fulfil and account for the order.

We use your personal data for the following purposes:

• Providing the service — storing and syncing your applications, running AI features you trigger, generating statistics and reminders.
• Improving the product — analysing aggregated, non-identifying usage patterns to decide what to build next, fix bugs, and improve performance.
• Transactional emails — account confirmation, password resets, renewal reminders (sent 7 days before any subscription renewal), invoices, and security alerts.
• Marketing emails — product updates and tips. Only if you've opted in, and only until you opt out.
• Processing payments — billing, refunds, fraud prevention, accounting.
• Complying with the law — keeping accounting records, responding to lawful requests from authorities, defending legal claims.

We process your personal data on one of these legal bases:

• Contract performance (Art. 6(1)(b)) — to deliver the service you signed up for: storing your applications, running AI on your request, processing payments, sending account-related emails.
• Legitimate interest (Art. 6(1)(f)) — to keep the product secure, prevent abuse, and improve InRepply with aggregated analytics that don't identify you individually. You can object at any time.
• Consent (Art. 6(1)(a)) — for marketing emails and for non-essential cookies (analytics, marketing). You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)) — to keep accounting and tax records as required by Polish law.

We share personal data only with the processors we need to run InRepply. We do not sell your data. We do not share it with advertising networks. We do not share it with recruiters or employers.

Our processors are:

• Google Cloud (US / EU regions) — Gemini API for AI features.
• Google Firebase (US / EU regions) — authentication and transactional emails.
• Apple App Store, Google Play Billing, Stripe, RevenueCat — payment processing and subscription management.
• Google Firebase Analytics, Cloudflare Web Analytics — product analytics. Only when you consent to analytics cookies.

We may also share data with our accountants and lawyers when needed to run the company, and with public authorities if a valid legal request requires it.

You have the following rights over your personal data:

• Right of access — get a copy of the data we hold about you.
• Right to rectification — correct anything that's wrong.
• Right to erasure — have your data deleted ('right to be forgotten').
• Right to data portability — receive your data in a machine-readable format and move it elsewhere.
• Right to restriction — ask us to stop using your data while a dispute is sorted out.
• Right to object — object to processing based on legitimate interest, or to direct marketing.
• Right to withdraw consent — for anything that relies on consent, you can take it back at any time.

To exercise any of these, email us from the address on your account. We respond within 30 days.

You also have the right to lodge a complaint with the Polish data protection authority (UODO, uodo.gov.pl) or the supervisory authority in your country of residence.