Jobily Privacy Policy

Last updated: April 28, 2026 · Version 2.3.0

Jobily ("we", "our", "us") is developed and operated by Squareone International. This Privacy Policy explains exactly what data we collect, how each piece of data is used, where it is stored, who it is shared with, and your rights regarding your data. This policy applies to the Jobily browser extension (the "Extension") and the Jobily Web Portal at jobily.squareoneinternational.com.

1. Exactly What Data We Collect

We collect only data that you provide directly. We do not collect any data automatically, silently, or in the background. We do not collect web browsing history, website content, or any data from pages you visit. The Extension does not run background scripts that monitor your activity.

1.1 Personally Identifiable Information (provided by you during setup)

Data Field	Where You Enter It	Purpose
Full name	Quick Setup screen / Profile	Auto-fill job application forms
First name, Last name	Derived from full name	Auto-fill forms with separate first/last fields
Email address	Quick Setup screen / Profile	Auto-fill job application forms; account creation
Phone number	Quick Setup screen / Profile	Auto-fill job application forms
Address (line 1, line 2, city, state, postcode, country)	Web Portal profile editor	Auto-fill job application forms
Date of birth	Web Portal profile editor	Auto-fill job application forms that request it
Gender	Web Portal profile editor	Auto-fill job application forms that request it
Nationality	Web Portal profile editor	Auto-fill job application forms that request it
Work authorization status	Web Portal profile editor	Auto-fill job application forms that request it
LinkedIn URL	Profile tab	Auto-fill job application forms
GitHub URL	Web Portal profile editor	Auto-fill job application forms
Portfolio website URL	Profile tab	Auto-fill job application forms

1.2 Professional Information (provided by you)

Data Field	Where You Enter It	Purpose
Resume file (PDF, DOCX, or TXT)	Profile / Resume upload	Parsed by AI to extract structured profile data
Professional summary	Profile tab / extracted from resume	Auto-fill; used by AI to generate cover letters
Work experience (company, title, dates, description)	Onboarding / Profile tab / extracted from resume	Used by AI to generate tailored cover letters and Q&A answers
Education history (institution, degree, field, year)	Onboarding / Profile tab / extracted from resume	Used by AI to generate tailored cover letters and Q&A answers
Skills (free-form tags)	Onboarding / Profile tab / extracted from resume	Used by AI to generate tailored cover letters and Q&A answers
Years of experience	Web Portal profile editor	Auto-fill job application forms
Seniority level	Web Portal profile editor	Auto-fill job application forms
Time zone	Web Portal profile editor	Auto-fill job application forms
Salary expectations	Common questions / Profile	Auto-fill salary fields on job applications
Notice period	Common questions / Profile	Auto-fill notice period fields on job applications

1.3 Application Tracking Data (provided by you)

Data Field	Where You Enter It	Purpose
Job title	Application tracker (manual entry or extracted from URL)	Track your job applications
Company name	Application tracker (manual entry or extracted from URL)	Track your job applications
Application date	Automatically set when you add a job	Track your job applications
Application status (applied, interviewing, offered, rejected)	Application tracker	Track progress of your applications
Job URL	Application tracker	Link back to the original job listing
Expected salary (CTC)	Application tracker	Track and compare compensation across applications

1.4 Authentication Data

Data Field	How It's Handled	Purpose
Email address (for sign-up/sign-in)	Sent to and managed by Supabase Auth	Create and authenticate your account
Password	Sent to and managed by Supabase Auth; we never see, store, or have access to your password	Authenticate your account
Session tokens	Stored in browser localStorage; transmitted to Supabase for authentication	Keep you signed in across sessions

1.5 Job Description Text (provided by you, not stored)

Data	How It's Handled	Purpose
Job description text	You paste it into the Extension. It is sent to our AI provider (Anthropic) along with your profile data to generate a cover letter or Q&A answers. It is NOT stored in our database. It exists only in your browser session and is discarded when you close the tab or paste a new one.	Generate tailored cover letters and Q&A answers for each job

1.6 Data We Do NOT Collect

We want to be explicit about what we do not collect:

We do NOT collect web browsing history or activity.
We do NOT collect website content from pages you visit.
We do NOT collect or access data from any other tabs, windows, or browser activity.
We do NOT collect health information.
We do NOT collect financial or payment information (Stripe handles all payment processing; we never see your card details).
We do NOT collect personal communications (emails, messages, etc.).
We do NOT collect keystroke data, mouse movements, or interaction patterns.
We do NOT run any background data collection when the Extension is not actively in use.
We do NOT collect any data from websites you visit. The content script only activates when you click "Auto Fill" and only writes data TO the page — it does not read or collect data FROM the page.

2. How Each Piece of Data Is Used

2.1 Auto-Fill (Extension Content Script)

When you click the "Auto Fill" button, the Extension reads your profile data from browser localStorage and injects it into the form fields on the current page. This data does not leave your browser during auto-fill — it travels from localStorage to the page's form fields, entirely on your device. No data is transmitted to our servers or any third party during this process.

2.2 AI Cover Letter Generation (Anthropic API)

When you click "Generate Cover Letter," the following data is sent to Anthropic (our AI provider) via our Supabase edge function:

Your professional summary
Your work experience entries
Your education history
Your skills list
Your name, email, phone, and location (for the cover letter header)
The job description text you pasted

This data is sent to Anthropic solely to generate the cover letter. Anthropic does not store this data or use it for model training. The generated cover letter is returned to your browser and displayed in the Extension. We do not store the generated cover letter in our database — it exists only in your browser session.

2.3 AI Q&A Answers (Anthropic API)

When you use the Q&A feature, the same profile data listed above plus your specific question and the job description are sent to Anthropic to generate an answer. The same handling applies — Anthropic does not store or train on this data, and the answer exists only in your browser session.

2.4 Resume Parsing (Anthropic API)

When you upload a resume, the file is:

Uploaded to Supabase Storage (encrypted at rest, accessible only by you via Row Level Security)
Sent to Anthropic via our Supabase edge function to extract structured data (name, experience, education, skills)
The extracted data is returned to your browser and saved to your profile

Anthropic does not store the resume file or the extracted data.

2.5 Job URL Extraction (Firecrawl / Basic Fetch)

When you add a job to the application tracker by URL, the Extension sends the URL to our Supabase edge function, which attempts to fetch the page content to extract the company name and job title. If a Firecrawl API key is configured, Firecrawl is used; otherwise, a basic HTTP fetch is attempted. The page content is sent to Anthropic to extract the company name and job title. No page content is stored — only the extracted company name and job title are returned to your browser and saved to your application tracker.

2.6 Cloud Sync (Supabase Database)

When you are signed in, your profile data, application tracker data, and settings are synced to a Supabase PostgreSQL database so that your data persists across devices and browser sessions. This data is:

Transmitted via HTTPS (encrypted in transit)
Stored in a database with Row Level Security — only your authenticated session can read or write your own data
Not accessible by other users, our team, or any third party

2.7 Subscription Management (Stripe)

When you subscribe, you are redirected to a Stripe-hosted checkout page. We send Stripe your email address to create or find your customer record. All payment information (credit card numbers, billing address, etc.) is entered directly on Stripe's page and is handled entirely by Stripe. We never see, receive, process, or store any payment information.

2.8 Local Storage (Browser localStorage)

Before you create an account, all your profile data is stored in your browser's localStorage. This data never leaves your device unless you sign up and enable cloud sync. You can clear this data at any time by uninstalling the Extension or clearing your browser data.

3. Who We Share Data With

We share data only with the following third parties, and only as described below:

Third Party	What Data They Receive	Why	Their Privacy Policy
Anthropic (AI provider)	Profile summary, experience, education, skills, name, contact info, job description text, and questions — only when you actively trigger cover letter generation, Q&A, resume parsing, job extraction, ATS scoring, or Job Journey insights	To generate AI-powered content for you	anthropic.com/privacy
Supabase (cloud database & auth)	Your profile data, applications, settings, email, and hashed password — only when you create an account	To store and sync your data across devices; to authenticate your account	supabase.com/privacy
Stripe (payment processor)	Your email address — sent to find or create your Stripe customer record. All payment details are entered directly on Stripe's page.	To process subscription payments	stripe.com/privacy
Firecrawl (web scraping, optional)	A job listing URL — only when you add a job to the tracker by URL and Firecrawl is configured	To fetch job page content for company/title extraction	firecrawl.dev/privacy

We do NOT share data with any other parties. We do NOT sell, rent, trade, or transfer your data to advertisers, data brokers, analytics companies, or any other third parties not listed above.

4. Data Storage and Security

4.1 Encryption in Transit

All data transmitted between the Extension, the Web Portal, and our servers uses HTTPS (TLS 1.2 or higher). No data is ever transmitted over unencrypted connections.

4.2 Encryption at Rest

Data stored in Supabase is encrypted at rest using AES-256 encryption, provided by Supabase's underlying infrastructure (AWS).

4.3 Access Control

Our database uses PostgreSQL Row Level Security (RLS). This means every database query is scoped to the authenticated user's ID. No user can read, write, or access another user's data. Our team does not have routine access to individual user data.

4.4 Resume File Storage

Uploaded resume files are stored in a Supabase Storage bucket with RLS policies. Only the user who uploaded the file can access it. Resume files are stored in a folder named with the user's unique ID, preventing cross-user access.

4.5 Local Data

Data stored in browser localStorage is accessible only within the Extension's origin. It is not accessible by other extensions or websites. It is cleared when the Extension is uninstalled or when the user clears browser data.

4.6 Session Tokens

Authentication session tokens are stored in browser localStorage and are scoped to the Extension's origin. When the Web Portal is opened from the Extension, the session token is passed via a URL parameter, used once to establish a session, and immediately cleared from the URL. Tokens are short-lived and automatically refreshed by Supabase Auth.

5. Data Retention

Local data (localStorage): Retained until you uninstall the Extension or clear browser data.
Cloud data (Supabase): Retained for as long as your account exists.
Resume files: Retained in Supabase Storage for as long as your account exists.
AI-generated content (cover letters, Q&A answers): Not retained. These exist only in your browser session and are not stored in our database.
Job description text: Not retained. Exists only in your browser session.
Payment data: We do not retain any payment data. Stripe retains payment records per their own privacy policy.

6. Your Rights and Choices

6.1 Access Your Data

You can view all your stored data at any time within the Extension's Profile tab and the Web Portal.

6.2 Edit Your Data

You can edit any profile field, application entry, or setting at any time within the Extension or Web Portal. Changes sync to the cloud immediately.

6.3 Delete Your Data

You can request complete deletion of your account and all associated data (profile, applications, resume files, settings) by contacting us at the email below. Upon receiving your request, we will permanently delete all your data from our database and storage within 30 days. Local data is deleted immediately when you uninstall the Extension.

6.4 Export Your Data

You can view all your data in the Extension and Web Portal. We are working on a dedicated data export feature for a future release.

6.5 Opt Out of Cloud Sync

You can use the Extension without creating an account. In this case, all data stays in browser localStorage and is never transmitted to our servers.

6.6 Cancel Your Subscription

You can cancel your subscription at any time via the Settings tab, which opens the Stripe billing portal. Cancellation takes effect at the end of your current billing period. Your data is retained after cancellation unless you request deletion.

7. Chrome Web Store Limited Use Compliance

The use of information received from Chrome APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically:

We use Chrome permissions (activeTab, scripting, sidePanel, storage) only to provide the Extension's core functionality: auto-filling job application forms and managing your profile data.
We do not transfer user data to third parties except as described in Section 3 above, and only as necessary to provide the Extension's functionality.
We do not use user data for advertising, analytics, or any purpose unrelated to the Extension's core functionality.
We do not allow humans to read user data except as described in Section 3 (AI processing) or if required by law.

8. Chrome Extension Permissions Explained

Permission	Why We Need It
activeTab	To inject auto-fill data into the current tab's form fields when you click "Auto Fill." We only access the active tab, and only when you explicitly trigger the action.
scripting	To run the content script that fills form fields on job application pages. The script only writes data TO the page — it does not read or collect data FROM the page.
sidePanel	To display the Jobily sidebar interface within Chrome.
storage	To store your profile data in Chrome's local storage so it persists between browser sessions.

9. Children's Privacy

The Extension is not intended for individuals under the age of 16. We do not knowingly collect information from children under 16. If we become aware that we have collected data from a child under 16, we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when changes were made. If we make material changes, we will notify users through the Extension or Web Portal. Your continued use of the Extension after any changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions, concerns, or requests regarding your data or this privacy policy, please contact us at:

Email: support@squareoneinternational.com

Entity: Squareone International