Language: English · Auf Deutsch lesen

Privacy Policy

Last updated: April 12, 2026

1. Controller

The controller responsible for processing personal data in connection with the “ApplyBoost” service is:

Roman Camenzind

Eichmatt 28

CH-6034 Inwil

Switzerland

Email: support@apply-boost.com

For privacy-related requests and concerns, you can reach us at support@apply-boost.com. Where applicable law requires the appointment of a privacy officer, that role is performed by Roman Camenzind.

2. Scope

This Privacy Policy explains how we process personal data when you:

  • visit our website;
  • create or use a user account;
  • use paid or free ApplyBoost services;
  • enter or upload documents, text, job ads, URLs, or other content;
  • communicate with us;
  • receive marketing or support communications;
  • use our website with cookies or similar technologies.

3. Data we process

Depending on use, we process in particular the following categories of personal data:

a) Identity and contact data — For example name, email address, billing address, country, language, support requests.

b) Account data — For example login information, authentication data, user ID, settings, plan status, transaction and account history.

c) Application and content data — For example uploaded resumes, cover letters, job descriptions, URLs, text input, template choices, adjustments, and other content you provide to create or optimise documents.

d) Usage and device data — For example IP address, timestamps, log data, browser type, operating system, referrer, interaction data, error messages, and security-related logs.

e) Payment and billing data — For example payment status, order information, invoice data, transaction references, and where applicable the last four digits of a payment instrument. We generally do not receive full card numbers.

f) Communication data — For example support request contents, email correspondence, feedback, and other messages.

g) Marketing and consent data — For example newsletter subscriptions, consent records, cookie preferences, and opt-out information.

4. Sources of data

We obtain personal data:

  • directly from you;
  • automatically when you use our website and services;
  • from integrations you use or payment and identity service providers;
  • from technically necessary security and logging systems.

5. Purposes of processing

We process personal data in particular for the following purposes:

  • providing, operating, and improving ApplyBoost;
  • creating, editing, and outputting documents and text suggestions;
  • account management and authentication;
  • contract handling, invoicing, and payment processing;
  • support, communication, and customer service;
  • IT security, abuse prevention, error analysis, and system stability;
  • compliance with legal obligations, including commercial, tax, and supervisory duties;
  • asserting claims and defending legal disputes;
  • sending service-related communications;
  • sending marketing communications where permitted by law or where you have consented;
  • statistical evaluation, product maintenance, and internal quality improvement.

6. Legal bases

Processing relies on the bases set out below depending on the applicable legal framework.

6.1 Switzerland

Where Swiss data protection law applies, we process personal data in accordance with the Federal Act on Data Protection (FADP). Processing is based in particular on:

  • performance of a contract or pre-contractual measures;
  • your consent;
  • compliance with legal obligations;
  • our overriding private or public interests, where such a basis is legally permissible.

6.2 EEA

Where the GDPR applies, we rely in particular on:

  • Art. 6(1)(b) GDPR for contract performance;
  • Art. 6(1)(c) GDPR for legal obligations;
  • Art. 6(1)(f) GDPR for legitimate interests;
  • Art. 6(1)(a) GDPR for processing based on your consent.

Where special categories of personal data within the meaning of the GDPR are processed, this only occurs if an additional legal requirement is met, in particular your explicit consent or where processing is necessary and lawful for the service you requested.

6.3 United Kingdom

Where the UK GDPR applies, the above principles apply accordingly.

6.4 USA, Australia, New Zealand, and other jurisdictions

Where local privacy laws apply, we process personal data only to the extent and in the manner permitted by the applicable law.

7. Legitimate interests

Where we rely on legitimate interests, these may include in particular:

  • secure and economical operation of our services;
  • protection against misuse, fraud, and unauthorised access;
  • product improvement and further development;
  • consistent customer care and support;
  • assertion or defence of legal claims.

We duly take your rights and interests into account.

8. AI processing

Parts of our services use machine learning, language models, or other automated methods to generate, revise, or structure text, suggestions, drafts, or documents.

In doing so:

  • Content you provide may be transmitted to AI service providers we use and processed there.
  • We use such processing only to provide, secure, and improve our services and for error analysis and quality assurance, as permitted by law.
  • AI-generated outputs may be incomplete, inaccurate, or unsuitable for a particular purpose. You must review generated content before use.
  • Please do not upload content you are not permitted to disclose or whose processing is unnecessary or disproportionate for the intended purpose.
  • Where we have content processed by an external AI provider, we do so on the basis of contractual safeguards and technical and organisational security measures.

Important notice: As a rule, do not upload sensitive or specially protected data unless this is necessary for your requested service and lawful. This may include health data, biometric data, religious or philosophical beliefs, political opinions, trade union membership, or data relating to criminal convictions and offences.

9. Recipients and categories of recipients

We may disclose personal data in particular to the following categories of recipients where necessary for the stated purposes:

  • hosting and infrastructure providers;
  • authentication and identity providers;
  • payment service providers;
  • email and communications providers;
  • analytics, security, and monitoring providers;
  • AI and document processing providers;
  • accounting, tax, and legal advisers;
  • authorities, courts, or other bodies where we are legally required to do so or where necessary for enforcement.

Service providers currently used or envisaged include in particular:

Frontend hosting (website): Netlify, Inc.

Backend API and execution: Render Services, Inc.

Database: MongoDB Atlas (MongoDB, Inc.)

Authentication and user accounts: Auth0 (Okta, Inc.)

Payment processing: Stripe, Inc.

AI and language models (LLM): OpenAI, LLC

Email and transactional notifications: via the respective platforms listed above (in particular Auth0, Stripe) and for support via our stated email address.

This list reflects the current system architecture and may be updated when we make technical changes. Where required, we rely on processing agreements and appropriate safeguards for international transfers.

10. International transfers

We may transfer personal data to countries outside Switzerland, the EEA, or the United Kingdom or have it processed there.

Where required, we ensure that international transfers are based on a valid legal basis, in particular:

  • an adequacy decision or equivalent official recognition;
  • standard contractual clauses;
  • for data from the United Kingdom, additionally using the UK Addendum or another permissible transfer mechanism;
  • statutory exceptions where applicable in the individual case.

11. Storage periods

We store personal data only as long as necessary for the respective purposes or where statutory retention obligations exist.

Typical retention periods or criteria:

  • Account data: for the life of the account and thereafter for up to 12 months to handle enquiries, security, and enforcement;
  • Billing and accounting data: for the statutory period, in Switzerland typically up to 10 years;
  • Support requests: generally up to 24 months after the case is closed;
  • Security and server logs: generally 30 to 180 days unless longer retention is required for abuse investigations;
  • Application and document content: until you delete it, until account deletion, or according to retention and deletion features described in the product;
  • Marketing data: until you withdraw consent or object, unless another legal basis applies.

Afterwards, data is deleted, anonymised, or blocked unless further retention is required.

12. Your rights

Depending on applicable law, you have in particular the following rights:

  • access to information about processing;
  • rectification of inaccurate data;
  • erasure;
  • restriction of processing;
  • data portability;
  • objection to certain processing;
  • withdrawal of consent with effect for the future;
  • complaint to a competent supervisory authority.

12.1 Switzerland

You may contact the Federal Data Protection and Information Commissioner FDPIC.

12.2 EEA

You may contact a data protection supervisory authority in your place of habitual residence, your place of work, or the place of the alleged infringement.

12.3 United Kingdom

You may contact the Information Commissioner’s Office.

12.4 USA

Where applicable US law grants you additional rights, we fulfil these in accordance with the applicable law and statutory thresholds.

12.5 Australia and New Zealand

Where applicable, you may contact the competent privacy authorities.

Exercising your rights

To exercise your rights, it is sufficient to contact us at support@apply-boost.com. We may request reasonable proof of identity.

13. Marketing and communications

We send you service-related communications where necessary to use our services.

We send marketing communications by email or comparable electronic channels only where permitted by law or where you have consented. You may object at any time or withdraw consent.

14. Cookies and similar technologies

We use cookies and similar technologies for:

  • operation and security of the website;
  • login, session management, and fraud prevention;
  • storing preferences;
  • reach measurement, analytics, and improvement;
  • where applicable marketing and performance measurement.

We use necessary technologies where required to operate the website or the requested functionality.

Non-essential technologies, in particular for analytics, personalisation, or marketing, are only used where permitted by applicable law and, where required, on the basis of your consent.

You can adjust your cookie settings at any time via our consent tool.

15. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or unlawful disclosure. Depending on risk, these include access restrictions, role-based permissions, encryption, logging, backups, and security monitoring.

16. Minors

Our service is not specifically directed at children. Persons under 18 should use our services only with the consent of a parent or guardian where required by applicable law.

17. External links and third-party content

Our website may contain links to external websites or third-party services. The respective providers are responsible for their privacy practices.

18. Changes to this Privacy Policy

We may update this Privacy Policy when legal, technical, operational, or regulatory conditions change. The version published on our website at the time applies.

Back to home