1. Overview
JobPilot AI is a Chrome extension that helps job seekers generate tailored resumes, cover letters, and interview answers from job descriptions. This policy explains what data the extension collects, how it is used, and how it is protected.
2. Data We Collect
Account Information
When you register or sign in, we collect:
- Email address and password (for authentication)
- First name, last name
- Location, phone number, LinkedIn URL, mailing address (optional)
Resume & Career Data
- Resume text you paste for parsing (professional overview, skills, experience, education)
- Job descriptions and job posting URLs you provide
- Interview questions you enter
- Generated content: tailored resumes, cover letters, and Q&A answers
Configuration Data
- Your OpenAI API key (stored locally and on our server)
- Preferred AI model selection
- File format and filename preferences
- Keyboard shortcut settings
- Custom AI prompt configurations
- Website selectors for auto-detecting job descriptions
Browsing Data
- URL of the active tab (used to associate generated content with a job posting)
- Highlighted text on a page (only when you trigger content generation)
3. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Generate tailored resumes, cover letters, and answers | Job description, resume, job URL, questions |
| Parse and structure your resume | Resume text |
| Track your application history | Job URL, generated content, timestamps |
| Auto-detect job descriptions on supported sites | Current page URL, CSS selectors |
| Auto-fill resume into application forms | Generated resume file, form selectors |
| Authenticate your account | Email, password, auth token |
| Download generated documents | Resume/cover letter content, filename preferences |
4. Where Data Is Stored
| Data | Storage Location |
|---|---|
| UI preferences, hotkeys, session data | Local only Chrome Storage API |
| OpenAI API key | Chrome Storage (local) + Server |
| Account profile, resume, selectors | Chrome Storage (local) + Server |
| Generated resumes, cover letters, answers | Chrome Storage (local) + Server (as history) |
| Application history | Server |
Local data is stored using Chrome's Storage API and persists only within your browser profile. Server-side data is stored in a secured database.
5. Third-Party Services
Our Backend Server
The extension communicates with our backend API to process AI-powered content generation, store your profile and application history, and manage authentication. All communication is encrypted via HTTPS.
OpenAI API
Your OpenAI API key is used on the server side to generate resume content, cover letters, and interview answers. The extension also contacts the OpenAI API directly to validate your API key and retrieve available models. We do not share your API key with any other party.
No Analytics or Tracking
JobPilot AI does not use Google Analytics, Segment, Mixpanel, or any other tracking or analytics service. We do not track your browsing behavior, collect telemetry, or use cookies for advertising.
6. Chrome Permissions
| Permission | Why It's Needed |
|---|---|
storage | Save your settings, resume, and session data locally |
sidePanel | Open the JobPilot side panel interface |
downloads | Download generated resume and cover letter files |
host_permissions (all URLs) | Read job descriptions and auto-fill application forms on any job site |
7. Data Sharing
We do not sell, rent, or share your personal data with third parties. Your data is only transmitted to:
- Our backend server — for content generation, history, and account management
- OpenAI — resume and job data are sent to OpenAI's API (via our server) for AI processing
8. Data Retention & Deletion
- Local data is cleared when you log out or uninstall the extension.
- Server data (profile, history, resume) is retained while your account is active.
- You can delete individual history entries from the History page.
- To request full account and data deletion, contact us at the email below.
9. Security
- All data in transit is encrypted using HTTPS/TLS.
- Authentication uses Bearer tokens with configurable expiration.
- Passwords are hashed with bcrypt before storage.
- Your OpenAI API key is stored in plaintext locally; keep your device secure.
10. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data via the Profile page
- Delete your data (locally by logging out; server-side by contacting us)
- Export your generated content via the download feature
11. Changes to This Policy
We may update this privacy policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page. Continued use of the extension after changes constitutes acceptance of the updated policy.