Privacy Policy for Resume Assistant

Effective Date: 2025-10-03
Version: 1.0.0



Overview

Resume Assistant is a Firefox extension that helps you manage resumes, generate cover letters, and autofill job applications. This privacy policy explains what data we collect, how we use it, and your rights.

Our Commitment: Your privacy is our priority. All data is stored locally in your browser by default. External data transmission only occurs when you explicitly use AI features and provide consent.



1. Data We Collect and Store

1.1 Local Data (Stored in Your Browser Only)

All of the following data is stored locally in your Firefox browser using browser.storage.local. This data never leaves your device except as described in Section 2.

| Data Type | What We Store | Purpose | Your Control |
|-----------|---------------|---------|--------------|
| Resumes | Your uploaded resume files (PDF, DOCX, TXT, RTF) converted to text | Display, manage, and use your resumes | Delete anytime from extension |
| Cover Letters | Cover letters you generate or write | Store and manage cover letters | Delete anytime from extension |
| Autofill Profiles | Name, email, phone, address, skills, education, work experience | Autofill job application forms | Edit or delete anytime |
| Application Tracking | Job applications you track (company, position, status, dates) | Help you manage job applications | Delete individual items or clear all |
| API Key | Your OpenRouter API key (if you provide one) | Authenticate with AI service for optional features | Stored locally, remove anytime |
| Settings | Your preferences (dark mode, keyboard shortcuts, etc.) | Customize extension behavior | Reset to defaults anytime |
| Custom Mappings | Form field mappings you create | Improve autofill accuracy on specific sites | Clear anytime |
| Usage History | Autofill usage statistics (domain, count, timestamp) | Show usage stats (last 100 entries) | Automatically limited, clear anytime |

Important: This data is stored in your browser's local storage and is:
- ✅ Never transmitted to our servers (we don't have servers)
- ✅ Only accessible by this extension
- ✅ Cleared if you uninstall the extension
- ✅ Cleared if you clear browser data



2. External Data Transmission (Optional AI Features)

2.1 When Does Data Leave Your Browser?

Data is only transmitted to external services when you explicitly use AI features and provide consent:

1. Cover Letter Generation - When you click "Generate Cover Letter"
2. Resume Review - When you click "Review Resume"

Before first use: You will be presented with a consent dialog explaining what data will be sent.

2.2 What Data Is Sent to OpenRouter AI?

When you use AI features, the following data is sent to OpenRouter AI:

| Feature | Data Sent | Purpose |
|---------|-----------|---------|
| Cover Letter Generation | • Your resume text<br>• Job title<br>• Company name (optional)<br>• Job description | Generate a personalized cover letter |
| Resume Review | • Your resume text<br>• Job title<br>• Job description | Analyze your resume against job requirements |

Additional headers sent:
- Authorization: Bearer [your-api-key] - For authentication
- HTTP-Referer: https://resume-assistant.extension - To identify the source
- X-Title: Resume Assistant - Application identifier

What is NOT sent:
- ❌ Your browsing history
- ❌ Data from private browsing sessions
- ❌ Information from other websites
- ❌ Your autofill profile (unless you explicitly select a resume)
- ❌ Your application tracking data
- ❌ Any persistent user identifiers

2.3 OpenRouter AI's Data Practices

OpenRouter AI is a third-party service. We recommend reviewing their privacy policy at https://openrouter.ai/privacy.

What we know about OpenRouter:
- They process your data to generate AI responses
- They may log requests for service improvement
- Refer to their privacy policy for data retention and usage

Your API Key:
- You must create your own OpenRouter account and API key
- Your API key is stored locally in your browser only
- We never receive or store your API key on any server
- You can revoke your API key anytime at OpenRouter.ai



3. Data You Control

3.1 Using the Extension Without AI Features

You can use Resume Assistant completely offline without any external data transmission:

✅ Features that work locally (no internet required):
- Upload and manage resumes
- Create and manage cover letters manually
- Autofill job application forms
- Track job applications
- Use custom field mappings
- All settings and preferences

❌ Features that require external connection:
- AI-powered cover letter generation (requires OpenRouter API)
- AI-powered resume review (requires OpenRouter API)

You can decline AI features and still use all local functionality.



4. Permissions Explained

This extension requests the following browser permissions:

| Permission | Why We Need It | How We Use It |
|------------|----------------|---------------|
| storage | Store your resumes, settings, and data locally | Save all extension data in browser.storage.local |
| activeTab | Detect and autofill forms on current page | Only when you click autofill or use keyboard shortcut |
| https://openrouter.ai/* | Connect to OpenRouter AI API (optional) | Only when you use AI features with consent |

Permissions we DO NOT request:
- ❌ <all_urls> - We don't access all websites automatically
- ❌ cookies - We don't read your cookies
- ❌ history - We don't access your browsing history
- ❌ downloads - We don't manage downloads
- ❌ webRequest - We don't intercept network requests



5. Form Detection and Autofill

How It Works:

1. You activate autofill - Click extension icon or use keyboard shortcut (Ctrl+Shift+F)
2. Extension scans current page - Looks for input fields matching common patterns (name, email, etc.)
3. You choose what to fill - Select which fields to autofill from your profile
4. Data is filled locally - No data is sent anywhere; it's inserted directly into the form

What Field Data Is Analyzed:

• Field names (e.g., name="firstName")
• Field IDs (e.g., id="email")
• Placeholder text (e.g., placeholder="Your email")
• ARIA labels (accessibility attributes)

Important:
- Field detection happens locally in your browser
- We do not collect information about which websites you visit
- We do not transmit form field data to any server
- We only fill fields you explicitly select



6. Private Browsing / Incognito Mode

We respect private browsing:
- ❌ Extension does not store data from private browsing sessions
- ❌ Does not track activity in private windows
- ✅ Autofill works in private mode using your saved profile
- ✅ AI features work if you have an API key configured



7. Data Security

Local Storage Security:

• Data is stored using Firefox's browser.storage.local API
• Protected by browser's built-in security
• Isolated from other extensions and websites
• Encrypted by browser if device encryption is enabled

API Key Security:

• Stored locally only - Never sent to our servers (we don't have any)
• Transmitted securely - Only sent to OpenRouter AI via HTTPS
• Your responsibility - Treat your API key like a password
• Recommendation - Create a restricted API key with spending limits

Data Transmission Security:

• All API requests use HTTPS encryption
• No data is transmitted without your explicit action
• No background data collection

8. Third-Party Libraries

This extension uses the following open-source libraries for local file processing:

| Library | Purpose | Source | Privacy Impact |
|---------|---------|--------|----------------|
| PDF.js | Parse PDF files locally | Mozilla Foundation | Runs locally, no data transmission |
| JSZip | Parse DOCX files locally | Stuart Knightley | Runs locally, no data transmission |

All file parsing happens in your browser. No files are uploaded to any server.



9. Children's Privacy

This extension is not directed at children under 13. We do not knowingly collect information from children.



10. Your Rights and Choices

You Have the Right To:

✅ View Your Data
- All data is visible in the extension interface
- Inspect browser storage: about:debugging → Storage Inspector

✅ Delete Your Data
- Delete individual resumes, cover letters, or applications
- Clear all data: Extension Settings → "Clear All Data"
- Uninstall extension to remove all data

✅ Export Your Data
- Copy resumes and cover letters from the extension
- Manually export before uninstalling

✅ Decline AI Features
- Use extension without connecting to external services
- All local features remain available

✅ Revoke Consent
- Remove API key to stop all external transmission
- Clear consent in extension settings



11. Data Retention

| Data Type | Retention |
|-----------|-----------|
| Local data (resumes, etc.) | Until you delete it or uninstall extension |
| Autofill history | Last 100 entries (older entries automatically deleted) |
| API key | Until you remove it |
| Consent preferences | Until you revoke or uninstall |

When you uninstall: All local data is permanently deleted from your browser.



12. Changes to This Policy

We may update this privacy policy. Changes will be indicated by:
- Updated "Effective Date" at the top
- Version number increment
- Notice in extension updates (for major changes)

Your continued use after changes constitutes acceptance.



13. International Users

This extension can be used worldwide. Data storage is local to your device.

For AI features: Data is transmitted to OpenRouter AI (US-based). By using AI features, you consent to international data transfer necessary for the service.



14. Do Not Track

We respect Do Not Track signals. Since we don't track users by default, DNT settings don't change our behavior.



15. Contact Information

For privacy questions or concerns:
- GitHub Issues: [Your GitHub repository URL]
- Email: [Your contact email]

For data deletion requests:
- Simply uninstall the extension
- Or use "Clear All Data" in settings

For security issues:
- Report via GitHub Issues (mark as security)
- Or email [security contact]



16. Legal Compliance

This extension complies with:
- ✅ Mozilla Firefox Add-on Policies
- ✅ Mozilla Add-on Distribution Agreement
- ✅ General Data Protection Regulation (GDPR) principles
- ✅ California Consumer Privacy Act (CCPA) principles



17. Transparency Commitment

We believe in full transparency:
- 📖 This extension is open source (source code available)
- 🔍 All data practices are disclosed in this policy
- 🔒 No hidden data collection
- 🚫 No tracking or analytics
- 💯 No ads or monetization

Your trust is our priority.



Summary (TL;DR)

✅ All data stored locally in your browser by default
✅ No external transmission except AI features (with consent)
✅ You control everything - view, edit, delete anytime
✅ No tracking - we don't monitor your activity
✅ Open source - code is auditable
✅ Privacy-first - designed with your privacy in mind

Questions? Contact us anytime.



Last Updated: 2025-10-03
Version: 1.0.0