Privacy, in plain language
AI Apply Bot is operated by Zanetti Creative, LLC. A job search is one of the most personal projects there is. This page says what we collect, what we do with it, and — mostly — what we don't do.
What we store
Your account (name, email, hashed password), your professional profile (experience, education, skills, preferences you enter), resumes you upload or build, applications and their timelines, messages you log, watched-job data, and — if billing is enabled — your subscription status. That's the inventory.
What we never do
We never create email addresses on your behalf or intercept employer communication — replies go to your own inbox. We never sell or share your data with recruiters, data brokers, or advertisers. We never store portal passwords or payment card numbers (Stripe processes payments entirely on their systems). The site administrator can see account-level counts, never the content of your applications, resumes, or messages.
What leaves our server
Job discovery queries sent to job APIs contain role keywords and locations only — never your name, email, or documents. Employer hiring boards are fetched without any of your data attached; matching happens on our server. If you connect your own AI agent, it uses a token scoped to adding jobs and reading your target roles — nothing else.
Your rights, no matter where you live
Access and portability: one-click full export of everything, always, subscribed or not. Deletion: delete your account and all its data from Settings, or ask support (bill@billzanetti.com) and it's done. Correction: everything is editable in-app. We apply these to every user rather than lawyering over which privacy statute applies to whom.
Sensitive information
We don't ask for and don't want health information, immigration status, or government ID numbers. Demographic questions that some employers ask (veteran status, disability, ethnicity) live in your profile only if you choose to store answers, are always optional, and are shown to no one but you.
Security
Passwords hashed with bcrypt; sessions in HttpOnly, SameSite cookies; uploaded files stored outside the web root; state-changing requests protected against cross-site forgery; webhooks cryptographically verified; the whole site served over HTTPS.
Accessibility
AI Apply Bot is built to WCAG AA: screen-reader labels, keyboard operability, visible focus, AA contrast, and mobile touch targets. If something's hard to use with your assistive tech, tell us at bill@billzanetti.com and we'll fix it.
Questions about any of this? Write to bill@billzanetti.com.