Skip to content
Trust center

Everything we do with your data — out loud.

A zero-training policy. A 24-hour wipe button with a deletion receipt. A compliance roadmap with real dates, not theatre.

Compliance roadmap

Planned. With honest dates. No invented auditors.

We are pre-SOC 2. Rather than name an auditor we have not yet engaged, every report below shows its real status today and the quarter we plan to start the work. We will update this page the day we sign an audit letter.

  • SOC 2 Type IIPlanned
    Audit window opens Q3 2026 — auditor to be announced when engaged. · Auditor: TBD
  • SOC 3Planned
    Publishable summary will follow the Type II window — earliest Q1 2027. · Auditor: TBD
  • ISO 27001Planned
    Stage 1 readiness assessment scheduled Q3 2026. · Auditor: TBD
  • HIPAANot applicable
    We do not process PHI. · Auditor: n/a
  • PCI DSSDelegated
    Card data handled by Stripe — we never see PANs. · Auditor: Stripe (Level 1)
The non-negotiables

Six promises. Written down.

Zero-training policy — we do not train on your data

It is our policy that your resume bullets, interview transcripts, and emails are not used to train any model — ours or our sub-processors'. We route LLM inference through providers' zero-retention tiers where available. Enterprise customers can request this commitment in writing in a DPA. If we ever change this policy, we will give notice before it takes effect.

Anonymous Mode — redacted by default to the model

When enabled, we strip name, email, phone, address, school, employer and any free-text PII from the payload before it ever touches an LLM. The model sees role / skills / outcomes. You see the final draft un-redacted. This survives across resume, interview copilot, outreach drafting.

24-hour wipe button — real delete, with a receipt

Settings → Privacy Vault → Wipe everything. We start a 24-hour countdown (so accidental clicks are recoverable). At T+24h every row tied to your account is hard-deleted from the primary DB; replicas and encrypted backups roll off within 30 days. You receive a deletion receipt listing what was purged and when. A cryptographically-signed receipt format is on our roadmap — see below for the shape we are building toward.

GDPR posture — single-region today, EU residency planned

Today our application + database run in a single US region. We intend to honour GDPR + UK-GDPR data-subject rights listed below regardless of where you live. A dedicated EU region for EEA / Swiss / UK customers is on the roadmap — we will not claim residency we have not shipped.

Encrypted vault

Sensitive vault contents — resume source profile, interview recordings, and offer letters — are encrypted at rest. We are building toward a per-user key derived from your password so that even our operators cannot read them; until that ships, access is restricted by strict internal controls and audit logging. We will keep this section accurate as we roll it out.

Sub-processors, listed in public

Our hosting provider (compute + storage), our database provider, Anthropic (LLM inference — we use zero-retention tiers where available), Stripe (billing), and our email provider. Anyone who touches your data is on this list, and we keep it current. We aim to give 30 days notice before adding a sub-processor.

24-hour wipe button

One click. Real delete. Signed receipt.

Most “delete my account” buttons just flip a flag. Ours initiates a real, audit-logged purge — with a 24-hour grace window so you don’t lose your search to a fat-fingered tap.

  1. T+0You click Wipe. We freeze the account, mask UI, stop all background workers (outreach, agent auto-applies, weekly emails).
  2. T+0 to T+24hCancel anytime. The countdown is visible in-app and we send 3 emails (T+1h, T+12h, T+23h).
  3. T+24hHard delete from primary DB + read replicas. Job queues drained. LLM provider caches invalidated where the provider supports it.
  4. T+24h to T+30dEncrypted backups roll off naturally — they expire on a 30-day TTL.
  5. T+24hYou receive a deletion receipt: list of purged record_ids and timestamps. A cryptographically-signed format (signature + Merkle root) is on our roadmap.
wipe-receipt.json (target format — roadmap)
{
  "version": "1.0",
  "issued_at": "2026-05-29T14:02:11Z",
  "subject": {
    "user_id": "usr_8XK4...",
    "email_hash": "sha256:f93c..."
  },
  "purged": {
    "users": 1,
    "source_profiles": 1,
    "resumes": 7,
    "applications": 41,
    "contacts": 18,
    "interview_sessions": 6,
    "offers": 2
  },
  "merkle_root": "0x9d7a4f1c...",
  "issuer_pubkey": "ed25519:maxapply-2026",
  "signature": "ed25519:0x4a1b..."
}
Encryption posture

Boring crypto. By design.

  • In transitTLS 1.2+ (HTTPS everywhere)
  • At restAES-256, provider-managed keys
  • Vault contentsPer-user key derivation — on roadmap
  • BackupsEncrypted, 30-day max retention
Your GDPR rights — one-click each

You own your data. We just hold it.

  • Export everything (Article 20)

    Settings → Export. We email you a machine-readable archive of every record we hold on you, typically within 24 hours.

  • Delete everything (Article 17)

    Settings → Privacy Vault → Wipe. 24-hour countdown, then hard-delete + receipt. No 'are you sure' loops.

  • Stop processing (Article 18 / 21)

    Email privacy@maxapply.ai. We acknowledge within 72 hours and action within 30 days, per GDPR.

Privacy policy

What we collect, why, and for how long.

We collect only what we need to run the product: your account email, the resume / interview / offer data you give us, and basic usage telemetry to keep the service up. We never sell it, never use it to train a model (see the zero-training policy above), and never share it with anyone outside the sub-processors listed on this page.

  • Lawful basis. Contract performance for your account data; legitimate interest for security telemetry. EU/UK data subjects have every right listed in the GDPR section above.
  • Retention. Active while your account is open; hard-deleted within 30 days of a wipe. Encrypted backups roll off on a 30-day TTL.
  • Your controls. Export, delete, and stop-processing are one click each — see the rights section above.

Questions or a data-subject request? Email privacy@maxapply.ai.

Terms of service

The deal, in plain language.

Use MaxApply AI to find work, sharpen your materials, and negotiate offers — not to break the law or other people’s terms. We provide the service “as is” while it is in active development and will give notice before material changes.

  • Your content stays yours. You grant us only the limited licence needed to operate the features you use. We claim no ownership of your resume, drafts, or offers.
  • Acceptable use.No scraping that violates a third party’s terms, no misrepresentation in applications, no reselling the service.
  • Billing. Subscriptions renew until cancelled; cancel anytime from your dashboard. Card data is handled entirely by Stripe.

Full terms or an enterprise agreement? Email legal@maxapply.ai.

Security questions? Coordinated disclosure? Auditor RFI?

We respond to every email at security@maxapply.ai within one business day. PGP key on request.