Last updated: April 7, 2026
This Privacy Policy explains how Durn Studio UG ("Applyd", "we", "us", "our") collects, uses, discloses, and protects your personal data when you use our job application tracking platform, browser extension, and related services (collectively, the "Service"). By using the Service, you acknowledge that you have read and understood this Privacy Policy.
We collect and process only the personal data necessary to provide, maintain, and improve the Service:
Email address, encrypted password (or third-party authentication token if you sign in via Google), and optionally your phone number for WhatsApp integration.
Job titles, company names, locations, URLs, application statuses, notes, and any documents (CVs, cover letters, portfolios) that you voluntarily upload to the Service.
If you choose to connect your email account, we access email subjects, sender addresses, and short preview snippets solely to identify job-related correspondence. We do not access, read, store, or process the full content of your emails.
Aggregated, anonymous usage analytics (page views, feature usage frequency) collected for the purpose of improving the Service. This data cannot be used to identify individual users.
Payment transactions are processed entirely by our payment processor (Stripe, Inc.). We do not receive, store, or have access to your credit card numbers, bank account details, or other financial instrument data. We retain only a customer reference identifier for the purpose of managing your subscription.
We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):
| Purpose | Legal Basis |
|---|---|
| Providing and maintaining the Service (account management, job tracking, document storage) | Performance of contract (Art. 6(1)(b) GDPR) |
| Processing payments and managing subscriptions | Performance of contract (Art. 6(1)(b) GDPR) |
| Email inbox synchronisation and analysis | Explicit consent (Art. 6(1)(a) GDPR) |
| AI-assisted features (match scoring, CV generation) | Performance of contract (Art. 6(1)(b) GDPR) |
| Anonymous analytics and service improvement | Legitimate interest (Art. 6(1)(f) GDPR) |
| Non-essential cookies | Consent (Art. 6(1)(a) GDPR; § 25 TDDDG) |
| Compliance with legal obligations (e.g. tax records) | Legal obligation (Art. 6(1)(c) GDPR) |
We do not sell, rent, or trade your personal data. We share data only with the following categories of service providers, each of which is contractually bound to process data solely on our behalf and in accordance with applicable data protection law:
Where data is transferred to processors located outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or processor certification under the EU-US Data Privacy Framework.
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:
| Data Category | Retention Period |
|---|---|
| Account and application data | Until account deletion by the user |
| Email metadata (inbox sync) | 90 days from collection, then permanently deleted |
| AI feature usage records | 30 days (for rate-limiting), then permanently deleted |
| Payment and billing records | 10 years (as required by German commercial and tax law, §§ 147 AO, 257 HGB) |
| Analytics data | Collected in anonymous, aggregated form only — no personal data retained |
Upon account deletion, all personal data is permanently removed within 30 days, except where retention is required by law (e.g. tax and accounting records).
As a data subject under the General Data Protection Regulation, you have the following rights with respect to your personal data. You may exercise any of these rights by contacting us at hi@durn.io.
You may request confirmation of whether we process your personal data and, if so, obtain a copy of that data.
You may request correction of inaccurate or incomplete personal data.
You may request deletion of your personal data where there is no compelling reason for its continued processing.
You may request to receive your personal data in a structured, commonly used, machine-readable format.
You may request that we limit the processing of your data under certain circumstances.
You may object to processing based on legitimate interests at any time.
Where processing is based on consent (e.g. email inbox sync, non-essential cookies), you may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.
You have the right to lodge a complaint with a supervisory authority. In Germany, you may contact the competent data protection authority of your federal state (Landesdatenschutzbeauftragte).
We will respond to all valid requests within one month, as required by Art. 12(3) GDPR. In complex cases, this period may be extended by a further two months, in which case we will inform you of the extension and the reasons for the delay.
We use the following categories of cookies:
Authentication session cookies required for the Service to function. These cookies cannot be disabled and do not require consent under § 25(2) TDDDG.
Anonymous, aggregated analytics to understand how users interact with the Service. These are activated only with your explicit consent.
We do not use advertising cookies, retargeting cookies, or any form of cross-site tracking. You may manage your cookie preferences at any time via the cookie banner displayed on first visit, or by clearing your browser cookies.
Our browser extension accesses publicly visible page metadata (such as page titles, meta tags, and structured data) on websites you visit, solely for the purpose of detecting and extracting job posting information when you choose to save a listing. The extension:
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including but not limited to:
While we take reasonable precautions, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data.
Our primary data infrastructure is located within the European Union. Certain third-party processors may be located outside the EEA, including in the United States. In all cases, we ensure that transfers are covered by:
The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that a child under 16 has provided us with personal data, please contact us immediately at hi@durn.io, and we will take steps to delete such data.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Where changes are material, we will notify you via email and/or a prominent notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after such notice constitutes acceptance of the updated policy.
We encourage you to review this page periodically for the latest information on our privacy practices.
Durn Studio UG (haftungsbeschränkt)
Data Protection Enquiries
Email: hi@durn.io
Registered in Germany. Company details available upon request.