Privacy Policy

Last updated: 2026-06-09

ResumeClerk is a Chrome extension that scores your résumé against a job posting and rewrites it to match. This policy explains exactly what data the extension and our service handle, why, who else processes it, and how you can have it deleted. We collect as little as possible.

No account, no sign-up

ResumeClerk does not require you to create an account. There is no email, password, or social login. On first run the extension generates a random anonymous device identifier on your device (it is not derived from your Chrome profile, hardware, or any personal data) and registers an anonymous session so we can apply your free weekly quotas, including 3 tailors per week. This identifier is not linked to your name, and we do not use it to track you across other websites.

Information we collect

• Résumé content. The résumé you add in the extension (uploaded as a PDF and parsed into structured fields — name, contact details, experience, education, skills, and any photo you add). This is personal information and is treated as such.
• Job posting data. When you score or tailor against a LinkedIn job you have open, the extension reads that posting (title, company, location, and description text) using your active LinkedIn session and sends it to our service. No LinkedIn credentials are forwarded to our server.
• Anonymous device identifier & session tokens. The device ID described above, and short-lived access/refresh tokens that are stored locally in your browser (chrome.storage.local).
• Optional email. Only if you choose to submit it for product updates. It is never required and never gates any feature.
• Technical data. Standard request metadata (e.g. IP address and timestamps). Your IP is used in hashed form only, as an abuse-prevention cap on free usage; we do not store it in the clear for analytics.

How we use your data

• To compute your ATS match score and the matched/missing keywords.
• To generate a tailored résumé and a clean PDF you can download.
• To enforce the free weekly tailoring quota and prevent abuse.
• To send product updates only if you opted in with an email.

We do not sell your data, use it for advertising, or use it to build profiles about you.

Third-party processing (Google Gemini)

Scoring and tailoring are performed by an AI model. To do this, your résumé content and the job posting text are sent to Google Gemini (Google) through our server for processing. Your API key never lives in the extension — all AI calls go through our backend. We rely on Google's API terms for this processing; the content is sent to generate your results and is not used by us to train models. Review Google's Gemini API terms for how Google handles API data.

Browser permissions we request

• storage — to keep your anonymous device identifier, session tokens, scoring cache, and saved résumés on your device.
• Host access to LinkedIn job pages — a content script runs on linkedin.com/jobs/* pages only to read the job title, company, and description using your active session. Nothing from your LinkedIn session is sent to our servers.
• Host access to our API — so the extension can send scoring/tailoring requests to our server.

We request the minimum permissions needed and do not request access to your browsing history, your Chrome profile, or unrelated sites.

Where data is stored and how long we keep it

• On our server. Your structured résumé, the jobs you scored, and your tailoring history are stored in our database so the product works across sessions. Résumé content, email addresses, and tokens are redacted from our server logs.
• On your device. Session tokens, a short-lived scoring cache, and your generated résumés are stored locally. Generated résumés are automatically deleted after 24 hours, and you can delete any of them sooner from the extension.

Your choices and deletion

• Delete a saved résumé from the extension at any time, or let it expire after 24 hours.
• Resetting the extension's local storage clears your local data and tokens.
• Request deletion of all data associated with your device (résumé, jobs, tailoring history, and any newsletter email) by emailing [email protected].
• Unsubscribe from product updates using the link in any email, or by contacting us.

Security

Data is transmitted over HTTPS. Sensitive fields (résumé content, emails, and tokens) are redacted from logs, and AI requests are proxied through our server so credentials are never exposed to the client. No system is perfectly secure, but we limit what we collect and retain to reduce risk.

Children

ResumeClerk is not directed to children under 16 and we do not knowingly collect data from them.

Changes to this policy

We may update this policy as the product evolves. Material changes will be reflected by the "Last updated" date above.

Contact

Questions or data requests? Email [email protected].