Privacy Policy

Last updated: February 22, 2026

ApplySmith ("we", "us", "our", "the extension") is a Chrome browser extension that helps users tailor resumes, cover letters, and screening question answers to Government of Canada job postings using AI. This policy explains what data we collect, how we use it, who we share it with, and your rights.

1. Data We Collect

Account information: When you sign in, we collect your email address (via Google OAuth or email verification). This is used to identify your account, track usage, and manage subscriptions.

Profile data: Your candidate profile (name, contact info, work experience, education, skills, references, cover letter preferences) is stored locally in your browser using Chrome's storage API. This data is sent to our API only when you explicitly use an AI feature (e.g., tailor resume, generate cover letter, generate screening answer).

Job posting content: When you use AI features, the text of the job posting you are viewing is sent to our API for processing. This data is not stored on our servers after the request completes.

Usage data: We track the number of AI generations per account per month to enforce plan limits. We do not track which specific jobs you apply to, your browsing history, or the content of generated results.

Payment information: Payments are processed by Stripe. We do not store credit card numbers. We store your Stripe customer ID to manage subscriptions.

Data we do NOT collect: We do not collect your browsing history, web activity on sites other than GC Jobs, cookies, IP addresses, device identifiers, or analytics data. We do not monitor keystrokes, clicks, or mouse movements.

2. How We Use Your Data

• To provide AI-powered resume tailoring, cover letter generation, and screening question answering
• To authenticate your account and manage usage limits
• To process payments and manage subscriptions via Stripe
• To send verification codes when signing in via email

We do not use your data for advertising, marketing, or any purpose unrelated to the extension's core functionality.

3. Data Sharing and Third-Party Services

We do not sell, trade, or rent your personal data to anyone. We only share data with the following service providers, strictly as needed to operate the extension:

• Anthropic (Claude AI): Job posting text and your profile data are sent to Anthropic's API to generate tailored content. Data is sent only when you explicitly trigger an AI feature. Anthropic's privacy policy applies to their processing.
• Google OAuth: If you sign in with Google, we receive your email address from Google. We do not access any other Google account data.
• Stripe: Payment processing is handled by Stripe. We transmit your email to create a customer record. See Stripe's privacy policy.
• Resend: Email verification codes are sent via Resend. Only your email address is shared. See Resend's privacy policy.
• Cloudflare: Our API is hosted on Cloudflare Workers. Account data (email, plan, usage count) is stored in Cloudflare Workers KV. See Cloudflare's privacy policy.

4. Data Storage and Security

Your profile data is stored locally in your browser using Chrome's storage API and is not uploaded to our servers except during AI requests that you initiate. Account data (email, subscription plan, usage count) is stored in Cloudflare Workers KV, a secure edge storage service.

All communication between the extension and our API is encrypted using HTTPS/TLS. Authentication uses JSON Web Tokens (JWT) with HMAC-SHA256 signing. We do not store passwords — authentication is handled through Google OAuth or one-time email verification codes.

5. Data Retention

• Account data (email, plan, usage count) is retained on our servers as long as your account exists.
• Job posting text and AI-generated content are processed in memory and not persisted on our servers.
• Profile data and application tracking data are stored locally in your browser only and are never retained on our servers.
• Payment records are retained by Stripe in accordance with their data retention policies.

6. Your Rights

• You can view, edit, or delete your local profile data at any time from the extension's options page.
• You can delete all local data by clearing the extension's storage or uninstalling the extension.
• You can sign out to disconnect your account at any time.
• To request deletion of your server-side account data (email, plan, usage records), contact us at the email below. We will process deletion requests within 30 days.
• Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to access, correct, and request deletion of your personal information held by us.

7. Chrome Web Store Limited Use Disclosure

ApplySmith's use and transfer of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically:

• We only use data for the extension's single stated purpose: helping users tailor job application materials using AI.
• We do not transfer user data to third parties except as described in this policy to operate core features.
• We do not use user data for advertising or marketing purposes.
• We do not use user data to determine creditworthiness or for lending purposes.
• We do not allow humans to read user data unless we have your affirmative consent, it is necessary for security purposes, or it is required by law.

8. Children's Privacy

ApplySmith is not intended for use by children under 13 (or under 16 in the European Economic Area). We do not knowingly collect data from children. If we learn that we have collected personal data from a child, we will delete it promptly.

9. International Users

Our servers are located globally via Cloudflare's edge network. By using ApplySmith, you consent to your data being processed in Canada and other jurisdictions where Cloudflare operates. We comply with Canada's PIPEDA and applicable privacy laws.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated revision date. If we make material changes to how we handle your data, we will notify users through the extension.

11. Contact

For privacy questions, data access requests, or data deletion requests, contact: privacy@applysmith.ca