Skip to main content

Privacy Policy

Last updated: 7 May 2026

1. Who we are

Arden ("we", "us", "our") is a sole-trader business operated from Churchmoore Barn, Martin Street, Baltonsborough, BA6 8QT, United Kingdom. We run the service at applywitharden.com. We are the data controller for the personal data described in this policy. You can contact us at support@applywitharden.com.

2. What we collect

  • Account data: email address, hashed password, and authentication tokens required to sign you in.
  • Profile data: CV content, work history, skills, location, salary expectations, and any other details you add to tailor your job matches.
  • Usage data: jobs you view, apply to, or dismiss; AI documents you generate; application notes. This powers our matching and recommendation features.
  • Payment data: if you subscribe, Stripe processes your card details on our behalf. We never see or store full card numbers — we hold only the subscription identifier Stripe gives us.
  • Technical data: IP address, browser type, and error-log fingerprints, used only to keep the service running and diagnose problems.

3. Why we collect it (legal basis)

  • Contract (Art. 6(1)(b) UK GDPR): delivering the matching, document-generation, and application-tracking features you signed up for.
  • Legitimate interests (Art. 6(1)(f)): preventing abuse, detecting fraud, and improving the quality of our service.
  • Consent (Art. 6(1)(a)): where we ask explicitly, such as for marketing emails outside the contract scope. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): keeping records required by UK tax and accounting law.

4. Who we share it with

We use a small number of third-party processors under written data processing agreements. We do not sell your data.

  • Supabase — database and authentication (EU region).
  • Vercel — application hosting and edge CDN.
  • Stripe — subscription billing and card processing.
  • Anthropic — AI document generation (US); prompts are retained per Anthropic's enterprise retention rules and not used to train models.
  • SendGrid / Postmark — transactional email delivery.
  • Adzuna, Reed, and similar job boards — job-listing data fetched via their public APIs. We send them search queries but not your identity.

5. International transfers

Some of our processors (notably Stripe, Anthropic, and Vercel) are based outside the UK. Transfers are covered by the UK's International Data Transfer Addendum to the EU Standard Contractual Clauses, which require the recipient to maintain UK GDPR-equivalent safeguards.

6. How long we keep it

We keep account and profile data for as long as your account is active, plus six years after closure to meet UK statutory retention requirements (tax, accounting, limitation of actions). Usage data used for matching and model quality is retained for up to two years after your last activity, then anonymised. You can request earlier deletion — see section 8.

7. Security

We use TLS in transit, encryption at rest via our database provider, scoped service credentials, and row-level access controls. No system is perfectly secure, but we work to reduce the risk and will notify you and the ICO within 72 hours of any breach likely to affect your rights.

8. Your rights

Under UK GDPR you have the right to:

  • Access the data we hold about you.
  • Correct inaccurate data (you can also edit profile data directly).
  • Request erasure ("right to be forgotten").
  • Restrict or object to processing.
  • Portability — receive your data in a structured, machine-readable format.
  • Withdraw consent for anything based on consent, at any time.
  • Complain to the UK Information Commissioner's Office (ico.org.uk, 0303 123 1113).

To exercise any of these rights, email support@applywitharden.com. We respond within one month.

9. Cookies

We use only strictly necessary cookies for sign-in and session security. We do not use third-party advertising or cross-site tracking cookies. See our Cookie Policy for the full list.

10. Browser extension and email add-ons

Arden ships three optional surfaces that integrate with the email clients you already use: a Gmail add-on (Google Workspace Marketplace), an Outlook add-in (Microsoft AppSource), and a browser extension (Chrome, Edge, Firefox). Each is optional; you only grant access if you install it.

Gmail add-on

When you open a specific email in Gmail and click "Draft reply", the add-on sends us the sender address, subject line, and message body of that one message, together with any one-line intent you typed. We do not read messages you have not explicitly opened the add-on on. We do not read other folders, labels, or messages. We do not retain the contents of the email after the draft is returned to you — nothing is written to our database beyond a usage log of "this user generated a draft at this time".

Specific Google OAuth scopes we request, and why:

  • gmail.addons.current.message.readonly — read the single email the user has opened the add-on on. No broader mailbox access.
  • gmail.addons.current.action.compose — insert the drafted reply into Gmail's native compose window when the user taps "Insert into reply".
  • gmail.addons.execute— required by Google to run the add-on's UI within Gmail.
  • script.external_request — let the add-on call our own API at applywitharden.com. No other hosts are contacted.

We never use your Gmail data to train AI models, and we do not share it with anyone outside the processors listed in section 4 (notably Anthropic, which returns the drafted text to us and does not retain prompts under our enterprise agreement).

Outlook add-in

The add-in runs inside Outlook and reads only the message you currently have open or are replying to. The same data-handling rules as the Gmail add-on apply: the email body is sent to us on request, used to produce a draft, and not retained beyond a usage log. The Microsoft permission we request is ReadWriteMailbox — necessary so the drafted reply can be inserted into your compose window. Scope narrower than that is not available in the Office Add-ins permission model; we only use this permission for the described purposes.

Browser extension

The extension runs only on Gmail and Outlook domains (mail.google.com, outlook.live.com, outlook.office.com, outlook.office365.com) and only when those tabs are open. It reads the compose window you are currently interacting with, plus the message you are replying to, and forwards that to our API on your explicit click. It does not read other tabs, other sites, or anything in Gmail/Outlook you have not actively engaged with. We do not receive any data from the extension unless you press the "Draft with Arden" button.

Personal access tokens

The Gmail add-on authenticates to our API using a long-lived personal access token you generate at /account/addon-token. We store only a SHA-256 hash of the token, never the raw value. You can revoke tokens at any time from that page; a revoked token stops working on its next call.

Uninstalling

Removing any of these surfaces is enough to stop them accessing your mail. You can additionally revoke the Google OAuth grant at myaccount.google.com/permissions or the Microsoft app grant at myaccount.microsoft.com/permissions.

11. Connected inboxes (linked email accounts)

You can optionally link an external email account — Gmail, Outlook / Microsoft 365, iCloud, or any other IMAP mailbox — to Arden through /account/inboxes. This is separate from the Gmail Add-on and Outlook Add-in described in section 10; those touch a single open message, while linking lets Arden pull job mail into your /mail tab and send replies and speculative applications from your real address. Linking is opt-in. If you do not link any inbox, nothing in this section applies to your account.

What we ask for, and why

When you connect Gmail, you grant Arden these Google OAuth scopes (chosen as the minimum needed for the feature):

  • https://www.googleapis.com/auth/gmail.readonly — read your inbound mail so the message list, classifier (job alert / interview / rejection / offer / etc.), and application-thread linking work.
  • https://www.googleapis.com/auth/gmail.send — send a message you composed inside Arden through your own Gmail account, so the recipient sees a normal email from your real address rather than from an Arden domain.
  • openid email profile — identify which Google account you connected so we can show it on the inboxes page and route mail correctly.

When you connect Outlook / Microsoft 365, you grant the equivalent Microsoft Graph scopes: Mail.Read, Mail.Send, User.Read, and offline_access (the last issues a refresh token so Arden can keep syncing without re-prompting you each session).

When you connect via IMAP — iCloud, Yahoo, Fastmail, custom domains — you supply an app-specific password generated by the provider. Arden uses that password to read mail from the folder you nominate (default: INBOX) and to send via the provider's SMTP server.

Limited Use — Google API Services User Data Policy

Arden's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In plain language, that means we promise the following about data we receive through Google APIs (and we apply the same promises to Microsoft Graph and IMAP for consistency):

  • We do not use your mail for advertising, retargeting, or profiling.
  • We do not sell, license, or trade your mail or contact data — to anyone, ever.
  • We do not let other apps or third parties access the contents of your mail. Sub-processors listed in section 4 handle infrastructure (database, hosting, AI inference) but only to the extent strictly required to deliver the feature, under written data processing agreements.
  • We do not use your mail or message bodies to train, improve, or fine-tune any AI or machine-learning model — ours or anyone else's. Anthropic, our AI inference provider, contractually does not retain or train on prompts under our enterprise agreement.
  • Humans do not read your mail, except where you explicitly ask us to (e.g. you raise a support ticket and attach a screenshot), where we're investigating a security issue, or where the law compels us.

How we store credentials

OAuth refresh tokens (Gmail, Outlook) and IMAP / SMTP passwords are encrypted at rest using AES-256-GCM with an authenticated cipher and a per-row random initialisation vector. The encryption key is held in a server-side environment variable that the database itself does not have access to — so an unauthorised read of the Postgres backup would not yield your credentials.

Tokens are kept only as long as the linked account is connected. Disconnecting wipes them; revoking the OAuth grant on Google or Microsoft's side immediately invalidates them.

How to disconnect

Visit /account/inboxes and click Disconnect on the account you want to remove. We immediately wipe stored credentials and stop pulling mail. For full belt-and-braces removal, also revoke the OAuth grant at:

Folder filter (optional)

When you connect an inbox you can nominate a specific folder (Gmail label, Outlook category, or IMAP folder) to scope what Arden ingests. Setting up a server-side rule that moves recruiter mail into a "Jobs" folder and pointing Arden at that folder is the cleanest way to keep personal mail entirely outside Arden.

12. Children

Arden is not intended for anyone under 18. We do not knowingly collect data from children. If you believe a child has signed up, please contact us and we will delete the account.

13. Changes to this policy

We will post material changes here and update the "Last updated" date. If a change materially reduces your rights, we will notify you by email before it takes effect.

14. Contact

Questions, complaints, or requests about your data: support@applywitharden.com. See the Contact page for post. Security issues: security@applywitharden.com (see also our Security page).

Arden uses only strictly-necessary cookies to keep you signed in and process payments. We don't use analytics or advertising cookies. See our cookie policy.