This Privacy Policy explains how Ace Enterprises Ltd ("Ace", "we", "us") collects, uses, shares, and protects information when you use the Ace mobile application and related services (the "Service").
This Policy is intended to help you understand your privacy rights and choices, particularly in the United Kingdom, the European Economic Area ("EEA"), and the United States (including U.S. state privacy laws).
Who we are
Ace Enterprises Ltd (registered in England & Wales, company no. 16986252).
Registered office: 9 Norfolk House, 4 Maidstone Buildings Mews, SE1 1GJ, London, England, UK.
Contact: support@aceapp.ai
2. What the Service does
Ace helps users in their job search by finding relevant job listings, generating tailored CVs and cover letters using AI, and automating the submission of job applications through supported third-party applicant tracking systems (ATS) and employer application pages.
The Service is operated from the United Kingdom and the United States and is made available to users worldwide.
3. Information we collect
3.1 Information you provide
Account and profile information: name, email address, phone number (if provided), authentication method (email/password, Apple Sign In, Google Sign In).
CV/resume and documents: uploaded CV/resume files; CVs and cover letters you create or edit in the Service; professional links you provide (optional - e.g., LinkedIn, GitHub, portfolio).
Job preferences and onboarding inputs: job titles/roles, location preferences, salary range, visa sponsorship requirements, what you value in a role, and other job-search context you choose to provide.
Job activity: job listings surfaced to you; jobs you choose to save and apply to; application submissions, application outcomes you record (e.g., interviewing, rejected) and related information you enter.
Age: we may ask your age for eligibility (18+) and analytics (see Section 12).
3.2 Information collected automatically
Device and network data: IP address, approximate location derived from IP, device identifiers, device type, operating system, app version, and time zone.
Usage and diagnostic data: in-app events (e.g., screens viewed, feature usage), performance metrics, and error/crash reports.
Notifications: if you enable notifications, we process the device token and delivery metadata required to send push notifications.
3.3 Information generated as part of the Service
AI outputs and derived content: tailored CV/cover-letter drafts, structured CV parsing outputs, and match indicators/scores (informational).
Application automation records: prompts/instructions and relevant data we send to automation providers for each application, together with the ATS/employer site URL and timestamp.
Important: CVs and job-search content can contain information that is considered "special category" data in the UK/EEA (for example, health information, ethnicity, religious beliefs, trade union membership, or immigration status). We do not ask you to provide special category data, but you may choose to include it in your CV or other inputs.
4. How we use information
We use information to:
Provide and operate the Service (account creation, authentication, job matching, document generation, and feature delivery).
Generate tailored job-application materials and other outputs you request.
Submit job applications on your behalf when you choose to use application automation.
Communicate with you about the Service (service messages, support).
Maintain, protect, and improve the Service (security, fraud prevention, debugging, analytics, and product improvement).
Comply with legal obligations and protect our rights and users.
5. Legal bases for processing (UK GDPR / EU GDPR)
Where UK GDPR / EU GDPR applies, we rely on the following legal bases depending on the context:
Performance of a contract: to provide the Service and features you request (including generating documents and submitting applications you instruct us to submit).
Legitimate interests: to operate, secure, and improve the Service (e.g., preventing abuse, diagnosing issues, measuring performance). We consider and balance these interests against your rights.
Consent: where required (e.g., push notifications via device settings; special category data processing where applicable - see Section 6). You can withdraw consent for push notifications at any time for future processing by editing push notification permissions in system settings.
Legal obligations: where necessary to comply with applicable law and regulatory requirements.
6. AI and automation features
6.1 CV upload consent (special category data)
If you upload a CV/resume, we will ask you to confirm a short consent statement once at the point of upload. This consent covers our processing of information contained in your CV (which may include special category data if you chose to include it) for the purpose of providing the Service, including generating tailored documents and submitting job applications you instruct us to submit using Auto-Apply. We do not ask for a separate consent confirmation each time you use Auto-Apply.
6.2 AI providers and automated tools
We use AI and automation providers to deliver certain features. Depending on the feature, we may share relevant inputs (such as CV content, job preferences, and generated documents) with providers including Vercel AI Gateway, model providers such as OpenAI, Groq, and Cerebras, and a third‑party automation agent provider that may use large language models (e.g., OpenAI and Google/Gemini) to process the request and return results.
These providers may process information in accordance with their own terms and privacy policies. We do not control their independent practices unless and until governed by a separate agreement.
6.3 Automated decision-making
Ace may use generated match indicators, summaries, and other informational scores to help you understand job listings and role fit. These are not used to make decisions that produce legal or similarly significant effects about you. You decide which jobs to apply to, and you remain responsible for the information submitted in applications.
6.4 User review and responsibility for AI-generated content
Where the Service generates or edits CVs, cover letters, application answers, summaries, or other content using AI, the output is generated based on the information you provide and may be incomplete, outdated, or inaccurate. You are responsible for reviewing and approving any generated or edited content before you use it or submit it (including via Auto-Apply). You should not rely on AI-generated output as factual without verifying it, and you remain responsible for the information you choose to submit to third parties. We may keep records of the inputs and outputs associated with an Auto-Apply submission for audit, security, and support purposes.
7. Application automation and third-party ATS/employers
7.1 Application automation
If you use application automation, you authorize Ace to submit job applications on your behalf through supported third-party ATS and employer application pages. Once your application is submitted, the employer and/or ATS provider typically acts as an independent controller of your application data and will handle it under their own policies. We do not control how long employers/ATS retain your application data, whether they share it with other parties, or how they use it once submitted. We recommend reviewing the relevant employer/ATS privacy notice before applying.
7.2 Account creation and email handling
Some applications require account creation or verification steps. Ace generates and stores a dedicated application inbox for you. When required to complete an application, your application inbox address (and verification codes sent to it) may be used to create or verify accounts on third-party ATS platforms. You can view your inbox credentials in the app. Your application inbox addressed is used as the primary email entered in job applications, in order to handle account creation/verification and to receive follow-up emails. With the exception of initial verification codes, all follow-up emails are forwarded to the inbox you created your Ace account with.
7.3 Job search queries
When you search for jobs or set job preferences, we may share role titles (including related/synonym titles) and selected locations with third-party job listings data providers (and, where applicable, their API routing providers) to retrieve relevant job listings and enrichments. We do not send your CV, contact details, or account credentials to job listings data providers for this purpose. These providers may retain API request logs for operational, security, or billing purposes consistent with their terms. We may change or add providers over time to operate and improve the Service.
8. Sharing information
We share information as needed to provide the Service, including with:
Service providers (processors) such as: Google Cloud Platform/Firebase (Auth, Firestore, Storage), Mixpanel (analytics), an email service provider (email routing and delivery metadata), Superwall (paywall/subscription experience), third party job listing data providers, and push notification services (Apple/Google).
Automation and AI providers such as a third‑party automation agent provider, Vercel AI Gateway, and model providers (e.g., OpenAI, Groq, and Cerebras, depending on feature).
App stores and payment processors: Apple and Google handle in-app purchase billing; we receive purchase status and related metadata.
Authorities and advisers where required by law or to protect rights and safety.
A successor entity in connection with a merger, financing, acquisition, or asset sale.
We do not sell personal information and we do not provide recruiter access to user profiles at this time.
9. Tracking technologies, cookies, and advertising
We use in-app analytics and similar technologies to understand usage and improve the Service. We do not use personal information for cross-context behavioral advertising and we do not use IDFA for tracking for advertising purposes.
If we operate a website, it may use essential cookies and similar technologies for basic functionality and security. You can control certain device permissions (e.g., notifications) in your device settings.
10. International transfers
Our primary infrastructure is in the United States. If you are in the UK/EEA, your information may be transferred to and processed in the United States and other countries. Where required, transfers are protected using appropriate safeguards (for example, standard contractual clauses and the UK addendum/IDTA where available through providers).
11. Retention
We keep personal information for as long as needed to provide the Service and for legitimate operational needs.
Account data: retained while your account is active.
Deletion requests: we aim to delete or irreversibly anonymize your account data within 30 days of a verified deletion request, subject to lawful retention for security, legal, or accounting needs.
Application automation records: retained while your account is active and for a limited period after for fraud prevention and support, then deleted or anonymized.
Analytics: we retain analytics in aggregated and de-identified form indefinitely for product improvement, security, and reporting. Where we hold event-level analytics linked to a device or account, we aim to retain it only for as long as needed for troubleshooting and measurement (typically up to 24 months) before it is aggregated/de-identified or deleted.
Email service provider metadata logs: configured to retain delivery metadata for approximately 24 hours in our current setup.
12. Children
The Service is intended for adults aged 18+. We do not permit users under 18 to create an account. If we learn a user is under 18, we will take steps to delete the account and associated personal information.
13. Your rights and choices
13.1 UK/EEA privacy rights
Access, correction, deletion, portability, restriction, and objection (subject to applicable law).
You can delete your account from the app's settings page, or request deletion by emailing support@aceapp.ai (we may need to verify your identity).
You can complain to the UK Information Commissioner's Office (ICO) or your local EEA supervisory authority.
13.2 U.S. state privacy rights
Depending on your U.S. state of residence, you may have rights to access, delete, correct, and obtain a copy of your personal information, and to opt out of certain processing. Ace does not sell personal information and does not share it for cross-context behavioral advertising.
Submitting requests: email support@aceapp.ai. We may need to verify your identity before responding.
Authorized agents: where required by law, you may designate an authorized agent to submit a request; we may require proof of authorization.
Appeals: where required by law, you may appeal a denial by replying to our decision email within 30 days.
Non-discrimination: we will not discriminate against you for exercising privacy rights.
14. Do Not Track
Some browsers and devices offer a "Do Not Track" signal. There is no consistent industry standard for responding to these signals, and we do not respond to Do Not Track signals at this time.
15. Security
We implement technical and organizational measures designed to protect information. No method of transmission or storage is completely secure. Please use the Service in a secure environment and do not reuse passwords across services.
16. Changes to this Policy
We may update this Policy from time to time. We will post updates in the app and/or on our website and update the "Last updated" date.
17. Contact, complaints, and EU/EEA representative
Data controller: Ace Enterprises Ltd (Registered in England & Wales, Company No. 16986252).
Registered office: Apartment 9 Norfolk House, 4 Maidstone Buildings Mews, SE1 1GJ, London, England.
Email: support@aceapp.ai.
Privacy contact (Ace): support@aceapp.ai.
If you are in the UK, you can lodge a complaint with the Information Commissioner's Office (ICO). If you are in the EEA, you can lodge a complaint with your local supervisory authority.
EU/EEA representative (Article 27 GDPR):
Agostilia Milita
Rue du Nord 66, 1000 Bruxelles, Belgium
Email: eu-rep@aceapp.ai