Legal

Privacy Policy

Effective date: March 14, 2026

This Privacy Policy explains what information FunderApply collects, how we use it, and what choices you have. We keep this as plain-language as possible.

How It Works

You build a profile

You tell us what kinds of opportunities you're looking for: target keywords (e.g. search fund, SBA lending), preferred locations, skills, and a cover letter template. You upload your resume.

We scrape SearchFunder

Our scraper periodically pulls active listings from SearchFunder.com — the same listings visible to any logged-in user. We store them in our database.

Claude scores each listing

We send your profile + each listing to the Anthropic Claude API. Claude returns a match score (0–100) and a short explanation. This happens server-side; scores are stored in your dashboard.

Auto-apply submits applications (if enabled)

If you've enabled auto-apply and a listing scores at or above your threshold, our system generates a personalized cover letter using Claude and submits the application to SearchFunder via their API — using your stored credentials and resume on file.

Everything is logged

Every application is logged in your Applications dashboard: the cover letter sent, the resume attached, the timestamp, and SearchFunder's HTTP response. You have a complete audit trail.

1. Information We Collect

Information you provide

Account information — your name and email address when you sign up
Profile information — your target keywords, preferred locations, skills, match score threshold, and auto-apply preferences
Resume — the PDF or document you upload for use in applications
Cover letter template — the base text you provide that our AI personalizes for each listing
Academic information — graduation year and GPA, if you provide them (used to personalize cover letters)

Information generated by the Service

Match records — AI-generated match scores and reasoning for each SearchFunder listing against your profile
Application logs — a record of every application submitted on your behalf, including the cover letter sent, the resume used, the timestamp, and the HTTP response from SearchFunder
Generated cover letters — text generated by Claude AI and sent to SearchFunder as part of your application

Information collected automatically

Authentication data — session tokens managed by Supabase Auth (stored in secure cookies)
Billing data — subscription status and Stripe customer ID (we never see or store your card number — payments are handled entirely by Stripe)
Usage data — number of applications submitted per billing cycle (used for plan enforcement)

2. How We Use Your Information

Data	How it's used
Your profile (keywords, location, skills)	To score match fit between you and each SearchFunder listing using Claude AI
Your resume	To attach to applications submitted to SearchFunder on your behalf
Your cover letter template	As a style guide for AI to generate personalized cover letters per listing
Your name and email	To authenticate your account and personalize cover letters
Application logs	To display in your Applications dashboard and for debugging
Match records	To display in your Matches dashboard and determine auto-apply eligibility
Stripe customer ID	To manage your subscription and billing via Stripe's Customer Portal
Notification preferences	To send email digests if you opt in (requires RESEND_API_KEY to be configured)

We do not sell your data. We do not use your data for advertising. We do not train AI models on your personal information.

3. Data Shared with Third Parties

We share data with the following third parties only as necessary to operate the Service:

SearchFunder.com — your name, resume, and cover letter are submitted to SearchFunder when auto-apply fires. This is the core purpose of the Service.
Anthropic (Claude AI) — your profile information and listing details are sent to the Anthropic API to generate match scores and cover letters. Anthropic's Privacy Policy governs their handling of API data.
Supabase — your data is stored in a Supabase (Postgres) database. Supabase is SOC 2 Type II certified. Data is stored in the US region.
Stripe — your billing information is handled by Stripe. We only store your Stripe customer ID; we never see your card details.
Vercel — the application is hosted on Vercel. Request logs may be retained per Vercel's data retention policy.

We do not share your data with any other third parties.

4. Data Retention

Your account data is retained for as long as your account is active.
Application logs are retained indefinitely while your account exists, so you can review your history.
If you delete your account (Settings → Account → Delete Account), all your data — profile, matches, application logs, and resume records — is permanently deleted from our database within 24 hours.
Stripe retains billing records per their own data retention policies, which we cannot control.

5. Your Rights and Choices

Access — your profile, matches, and application logs are visible in your dashboard at any time.
Correction — update your profile, resume, or cover letter template at any time via the Profile page.
Deletion — delete your account and all associated data via Settings → Account → Delete Account.
Opt out of auto-apply — disable auto-apply in your Profile at any time. No further applications will be submitted.
Test Mode — use Test Mode (Settings → Test Mode) to run the full pipeline, including cover letter generation, without submitting real applications to SearchFunder.
Email notifications — manage digest frequency and notification types via Settings → Notification Preferences.

6. Security

We take reasonable measures to protect your data:

All data is encrypted in transit (TLS) and at rest (Supabase encryption).
Row Level Security (RLS) is enforced on all database tables — you can only access your own data.
API keys and service credentials are stored as environment variables and never exposed in client-side code.
Your SearchFunder credentials are stored as server-side environment variables and never stored in your profile or sent to the browser.

No system is perfectly secure. If you become aware of a security issue, please report it through the app.

7. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy with a new effective date. Continued use of the Service after changes are posted constitutes acceptance.

9. Contact

Questions about this Privacy Policy or your data? Reach out via the Settings page or contact us directly through the app.