Privacy Policy

1. Introduction

ByeByeApply ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered career guidance platform.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using ByeByeApply, you consent to the data practices described in this policy.

2. Data We Collect

2.1 Information You Provide

• Account Information: Email address, password (encrypted)
• Career Preferences: Work style preferences, industry interests, location preferences, company size/maturity preferences
• Skills & Experience: Your professional skills, achievements, and career goals
• Company Interactions: Notes about companies, outreach messages, follow-up tasks
• Conversation History: Your interactions with our AI agents (Discovery, Match, Outreach, Progress)

2.2 Automatically Collected Data

• Usage Data: Pages visited, features used, time spent on platform
• Technical Data: IP address, browser type, device information, session data
• Timestamps: When you create, update, or access data

3. How We Use Your Data

We use your personal data for the following purposes:

• Provide Our Service: Match you with companies, generate outreach strategies, track your progress
• AI Processing: Our AI agents analyze your preferences to provide personalized recommendations
• Communication: Send you follow-up reminders, platform updates, and support messages
• Improvement: Analyze usage patterns to improve our platform and AI agents
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with legal obligations and enforce our terms

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

• Consent: You explicitly consent to our data processing when you sign up
• Contract Performance: Processing is necessary to provide our service to you
• Legitimate Interests: We have legitimate interests in improving our service and preventing fraud
• Legal Obligations: We must comply with applicable laws and regulations

5. Data Sharing & Third Parties

We share your data with the following third parties:

• Groq AI: We use Groq's AI models to power our conversational agents. Your messages are processed by Groq to generate responses. Groq does not store your data permanently.
• Supabase: Our database and authentication provider. Data is stored securely in EU data centers.
• Vercel: Our hosting provider. Data is processed in accordance with their privacy policy.
• Brreg.no: We access public Norwegian company registry data to match you with companies. No personal data is shared with Brreg.

We never sell your personal data to third parties. We only share data with service providers necessary to operate our platform, and they are contractually obligated to protect your data.

6. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your account and all associated data
• Right to Data Portability: Receive your data in a machine-readable format (JSON)
• Right to Restrict Processing: Limit how we use your data
• Right to Object: Object to certain types of data processing
• Right to Withdraw Consent: Withdraw your consent at any time

To exercise any of these rights, visit your Privacy Settings or contact us at privacy@byebyeapply.com.

7. Data Retention

We retain your personal data for the following periods:

• Active Accounts: Data is retained while your account is active
• Inactive Accounts: After 24 months of inactivity, we will send a reminder. If no response within 30 days, your account will be archived.
• Deleted Accounts: When you delete your account, all personal data is permanently deleted within 30 days, except for:
• Anonymized usage statistics (no personal identifiers)
• Data required for legal compliance (e.g., financial records for 7 years)
• Audit logs showing deletion occurred (for compliance verification)

8. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Row-Level Security (RLS) ensures users can only access their own data
• Authentication: Secure password hashing (bcrypt) and session management
• Monitoring: Continuous monitoring for security threats and unauthorized access
• Regular Audits: Periodic security audits and vulnerability assessments

9. International Data Transfers

Your data is primarily stored in EU data centers (Supabase EU region). When data is transferred outside the EU (e.g., to Groq AI for processing), we ensure adequate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements (DPAs) with all third-party processors
• Encryption during transfer and processing

10. Children's Privacy

ByeByeApply is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@byebyeapply.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our platform. Your continued use of ByeByeApply after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

13. Supervisory Authority

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority. For users in Norway, this is: