JobOnTop

Privacy Policy

Last updated: March 2026

JobOnTop ("we", "our", or "the extension") is a Chrome browser extension that helps users autofill job application forms and generate AI-powered answers. This Privacy Policy explains what data we collect, how we use it, and your rights over it.

1. Data We Collect

Profile data you provide:

Personal details: first name, last name, email address, phone number
Location: city and country/region
Professional info: job title, current company, LinkedIn URL, GitHub URL
Job preferences: visa/work authorisation status, notice period, salary expectation, relocation willingness
CV/Resume: stored as a PDF file and extracted plain text
Any custom fields you add to your profile

Account data (via Google Sign-In):

Google account email address, display name, and profile picture
A Google OAuth access token (used to verify your identity — never stored on our servers)

Usage data:

Number of autofills performed and AI answers generated (used to enforce plan limits)

Payment data:

Subscription plan status (free, trial, premium). Payment details (card numbers, billing address) are handled exclusively by Stripe and are never seen or stored by us.

2. How We Store Your Data

Your profile data (name, email, phone, CV, etc.) is stored locally on your device using Chrome's chrome.storage.local API. It is not uploaded to our servers.

Your account information (email, name) and subscription status are stored in a secure database (Neon Postgres) to manage your account across devices. This data is associated with your Google account ID.

3. How We Use Your Data

Autofill: Your profile data is read locally from your device to fill form fields. It is not sent to our servers during autofill.
AI answers: When you click "Suggest Answer", the question text, job context from the page, and relevant parts of your profile are sent to our backend, which calls the Google Gemini API to generate a response. This data is used only to generate the answer and is not stored.
CV extraction: When you upload your CV, the extracted text is sent to our backend to parse your profile fields using AI. The text is not stored after extraction completes.
Authentication: Your Google OAuth token is sent to our backend once to verify your identity and create/link your account. It is not stored.
Usage tracking: We count autofills and AI answers to enforce plan limits.
Payments: Subscription management is handled by Stripe. We store only your Stripe customer ID and subscription status.

4. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data is only shared with the following services to operate the product:

Google Gemini API — to generate AI answers and extract CV data (question/profile text only, not stored by Google per their API terms)
Stripe — to process subscription payments (payment details never touch our servers)
Neon (Postgres) — our database provider for storing account and subscription records
Vercel — our backend hosting provider

5. Data Retention

Profile data stored on your device remains until you uninstall the extension or clear it from the options page. Account data on our servers is retained while your account is active. You may request deletion at any time by contacting us.

6. Your Rights

Access & portability: You can view all your stored profile data in the extension's options page at any time.
Deletion: You can clear your profile data from the options page, or contact us to delete your account and all associated server-side data.
Correction: You can edit your profile data at any time from the options page.

If you are in the European Economic Area (EEA), you also have rights under GDPR including the right to object to processing, the right to restriction, and the right to lodge a complaint with your local data protection authority.

7. Security

All communication between the extension and our backend is encrypted via HTTPS. Authentication tokens are short-lived (7 days) and stored locally. We do not log request bodies containing personal data.

8. Children's Privacy

JobOnTop is not directed at children under 13. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the extension after changes constitutes acceptance of the updated policy.

Contact

For privacy questions or data deletion requests, contact us at: myron@pde-solutions.com