Privacy Policy | Hired EasyApply Chrome Extension

Your Hired session token. When you visit gothired.io while signed in, the dashboard sends your short-lived Supabase access token to the Extension via Chrome’s chrome.runtime.sendMessage API. The Extension stores this token locally in chrome.storage.local and uses it as a Bearer token when calling gothired.io APIs on your behalf.

Your profile, resume, and AI-generated text. The Extension fetches your profile fields, resume file, and AI-generated cover-letter or answer text from the Hired servers when you trigger auto-fill or click the “Generate cover letter / Fill with AI” buttons. This data lives in your Hired account on gothired.io; the Extension only relays it into the form fields you are filling.

Page contents you choose to fill. When you trigger an action on a job application page (or auto-fill runs on a page Chrome has determined looks like a job application), the Extension reads the form field labels and, for cover-letter generation, the job description from the visible page. It does not transmit page contents to any server other than gothired.io.

• It does not browse the web on your behalf or collect data from sites you visit.
• It does not send your page browsing history, cookies, or any third-party site data to Hired or anyone else.
• It does not include analytics, tracking, or advertising SDKs.
• It does not sell, share, or rent your data to third parties.

Supabase: your authentication, profile, and resume storage. US region.

Anthropic (Claude API): when you click “Generate cover letter” or “Fill with AI,” the relevant profile fields and the job description from the current page are sent to Anthropic to generate the text response. Anthropic processes the input under their privacy policy and does not retain it for training.

• Locally in Chrome: your access token, the Extension’s settings (auto-fill on/off, attach resume on/off), and the configured API base. Removed when you uninstall the Extension or clear browser data.
• On Hired’s servers (Supabase / Vercel): the profile and resume you created in your Hired account. Same retention as the main service.

• Remove the Extension from chrome://extensions. This wipes its local storage immediately.
• Delete your Hired account via the dashboard settings or by emailing privacy@gothired.io . This removes the profile data the Extension was reading.

The Extension requests the following Chrome permissions, with reasons:

• storage: to remember your access token and settings between sessions.
• activeTab: to read the active tab’s form fields when you trigger auto-fill, and to attach the resume / cover-letter file.
• scripting: to inject the auto-fill content script that recognises form fields.
• host_permissions for gothired.io: so the Extension can fetch your profile + resume + AI text from the Hired API.
• content_scripts on <all_urls>: to recognise application forms on any ATS (Greenhouse, Lever, Workday, Ashby, SmartRecruiters, LinkedIn, Indeed, and company-hosted boards). The script only acts when it detects an application form and only sends data to gothired.io.

For any privacy questions specific to the Extension or to exercise your rights under POPIA / GDPR, contact privacy@gothired.io.