Chrome Extension Privacy Policy

This privacy policy applies to the SuperpowerResume Autofill Chrome extension ("Extension"). The Extension is published by Superpower Resume ("we," "us," or "our"). For the privacy policy governing our web application, see our main Privacy Policy.

1. Overview

The Extension auto-fills job application forms on Applicant Tracking System (ATS) websites using resume data from your Superpower Resume account. It communicates only with your Superpower Resume account and does not collect, store, or transmit data to any third party.

2. Data Collection

The Extension does not collect, store, or transmit any personal data to third parties. Specifically:

• No analytics or tracking — we do not use any analytics, telemetry, or tracking services
• No data sold or shared — your information is never sold, shared, or disclosed to any third party
• No remote code execution — the Extension does not load or execute any remote scripts

3. Data Stored Locally

The Extension stores the following in your browser's local storage (chrome.storage.local):

This data never leaves your browser except to authenticate with the Superpower Resume API server that you configure.

4. Data Transmitted

When you use the Extension, it communicates only with your Superpower Resume account server (default: app.superpowerresume.com). The Extension fetches:

• Your user profile (name, email, phone, location)
• Your resume data (for auto-filling application forms)
• Job match information (to find the right resume for a job)
• AI-generated answers to custom application questions

All communication uses HTTPS and is authenticated with your API token. No other servers are contacted.

5. Permissions Explained

6. Host Permissions

The Extension requests access to specific ATS (Applicant Tracking System) domains to detect and fill job application forms. These include domains like *.greenhouse.io, *.lever.co, *.myworkdayjobs.com, and others. The Extension only activates on these domains and only interacts with form fields on job application pages.

The optional broad permission (*://*/*) is never requested at install time. It is only requested if you choose to enable "Embedded Forms" scanning, which allows the Extension to detect application forms embedded on company career websites.

7. Your Controls

• Disconnect at any time from the Extension popup to remove your API token from your browser
• Revoke your API token from your Superpower Resume account settings to instantly invalidate it
• Review every field before the Extension fills it — nothing is filled without your confirmation
• Opt-in permissions for embedded forms — you control whether the Extension can scan non-ATS websites
• Uninstall the Extension at any time to remove all locally stored data

8. Data Security

• API tokens are stored only in your browser's local storage
• Tokens are hashed (SHA-256) before storage on the server — a database breach cannot expose raw tokens
• All API communication uses HTTPS encryption
• Tokens can be revoked instantly from your account settings
• The Extension uses Shadow DOM isolation to prevent CSS and JavaScript conflicts with ATS pages

9. Children's Privacy

The Extension is not directed at children under 13 and does not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted at this URL with an updated date. Your continued use of the Extension after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy, contact us at: