Privacy Policy

We collect only the information needed to operate the Service:

• Account information — email address and, if you sign up with email, a hashed password. If you sign in with Google or LinkedIn we receive your name, email, and provider user ID from the OAuth provider.
• Profile information you choose to provide — name, phone, address, work history, education, skills, languages, personal website, and optional demographic data for EEO questions.
• Resume file you upload (PDF / DOC / DOCX / TXT).
• Job tracker entries — URLs, titles, statuses, and notes for jobs you choose to track.
• Extension activity — which ATS platform a page belongs to and which form fields were filled, used only to run autofill on that page.

We do not collect browsing history, passwords from other sites, keystrokes, screenshots, or analytics about sites you visit.

• Authenticate you and keep you signed in via session cookies.
• Fill application forms on job sites with the profile data you provided.
• Show you the jobs you’ve saved and their statuses.
• Parse your resume to pre-fill profile fields when you upload it.
• Respond to support requests.

We do not sell your information, and we do not use it for advertising or behavioral tracking.

We rely on a small set of third parties to run the Service. Each receives only the data needed for its function:

• Vercel — hosts the website, API, and resume files (Vercel Blob).
• Neon — PostgreSQL database hosting user, profile, and job records.
• Google & LinkedIn — OAuth sign-in providers. Used only if you choose “Continue with Google/LinkedIn”.
• Cloudflare — DNS and email routing for support@jobautofill.com.
• OpenAI / Anthropic — used to parse uploaded resumes and answer freeform application questions. Prompts contain only the resume text or the application question, never your password or session.
• Nominatim (OpenStreetMap) — location autocomplete for address fields.

The Chrome extension requests the following permissions, each only to run the stated feature:

• activeTab, tabs, webNavigation — detect when you are on a supported job-application page and run autofill there.
• host_permissions: *://*/* — fill forms on whichever ATS site you are applying through.
• cookies — read the csrf cookie from jobautofill.com to authenticate your API calls.
• storage, offscreen — cache your profile locally and parse PDFs in an offscreen document.

We keep your data for as long as your account is active. You can:

• Deactivate your account from Settings — your data is hidden and you can reactivate anytime.
• Delete your account from Settings — your user record, profile, resume, and job entries are permanently removed.

Passwords are stored using bcrypt hashing. Sessions use httpOnly cookies with a JWT, protected by a CSRF double-submit token for state-changing requests. All traffic to jobautofill.com and the API is encrypted with HTTPS.

You can access and update your personal data at any time from the Profile and Settings pages. If you are in the EU, UK, or California, you also have the right to request a copy of your data or its deletion — contact us at the address below.

The Service is not directed to children under 13, and we do not knowingly collect their information.

If we make material changes, we will update the “Last updated” date above and notify registered users by email where appropriate.

Questions or privacy requests: support@jobautofill.com.