Privacy Policy

Last updated: 2026-05-17

JobTrail is a Chrome extension that helps you score job postings against your resume and save the ones worth applying to into a Google Sheet you own. It has no backend and collects no telemetry. This page describes exactly what data the extension touches, where it goes, and what controls you have.

Default mode is on-device. Resume text never leaves your machine when you use the default Chrome built-in AI path. The cloud AI path is opt-in and only activates when you paste your own provider API key in settings.

Limited Use compliance. JobTrail's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

1. What we store on your device

Resume text you paste into the settings page.
Optional API key for OpenAI, Anthropic, or Google Gemini, only if you choose to use the bring-your-own-key path.
Google OAuth token after you connect Google so JobTrail can write rows to the Sheet you select.
The Google Sheet you connected (spreadsheet ID and tab name) so the tracker follows you across signed-in Chrome instances.
Recent score results (up to 150) so revisiting a posting doesn't repeat the work.

2. What we send to AI providers

On-device path (default, free). Scoring runs locally via Chrome's built-in Gemini Nano. No network request to any AI provider is made. Your resume and the job description never leave the browser.

Cloud path (opt-in, bring-your-own-key). If you paste an API key in settings, scoring requests go directly from your browser to the provider you chose (OpenAI, Anthropic, or Google Gemini) under your account and the provider's terms. JobTrail does not proxy the request through any server.

Before any cloud AI request, the extension strips the following from the resume text as a defense-in-depth measure:

Phone numbers
Email addresses
Street addresses and ZIP codes
City and state lines
LinkedIn personal URL
Personal website URL

Names are not stripped (no reliable automatic way to do so for arbitrary names). The settings page shows a visible note above the resume textarea reminding you to remove your name and contact info from the resume itself if you plan to use the cloud path.

3. What we send to Google Sheets

When you click Save on a scored posting, the extension appends one row to the Sheet you connected. The row captures the posting's identifying details (company, title, location, source URL), the scoring result, a short rationale, and a timestamp — the information you need to track an application end-to-end. Your resume text is never written to Sheets.

4. What we never collect

No browsing history.
No analytics, telemetry, or error reports back to a JobTrail server. There is no JobTrail server.
No advertising identifiers.
No usage data of any kind.

5. How sensitive data is protected

No backend, no telemetry. All processing happens in your browser. No JobTrail server exists, so there is nothing to breach or subpoena.
On-device by default. The free scoring path uses Chrome's built-in AI on your machine. Resume and job description text never reach a network.
PII stripped before any cloud AI request. If you opt into the bring-your-own-key cloud path, the extension strips phone numbers, email addresses, street addresses, ZIP codes, city/state lines, LinkedIn personal URL, and personal website URL from the resume before the request is sent. This is defense-in-depth — you remain in control of what you paste.
OAuth token storage. The Google OAuth token is stored using Chrome's extension storage and is scoped to your Chrome profile. JobTrail never reads, exports, or transmits the token anywhere except to Google's own API endpoints.
Narrow Google Drive scope. JobTrail requests the drive.file scope, which only grants access to files JobTrail itself creates. JobTrail creates exactly one tracker spreadsheet on first save and only ever writes to that one file. It cannot see, list, or open any other file in your Drive.
API key storage. If you provide a cloud AI key, it is stored only in Chrome's local extension storage on your device. It is never synced to other devices and never sent anywhere except the provider's own API endpoint.

6. Data sharing and third parties

We do not share, sell, transfer, or disclose Google user data to any third party for advertising, analytics, profiling, training AI models, or any other purpose. JobTrail has no backend server, no analytics pipeline, and no business relationships that involve user data.

Data only ever moves between:

Your browser and Google Sheets / Google Drive, using the OAuth token you granted, so the extension can read and write the tracker sheet JobTrail created on your behalf.
Your browser and Chrome's built-in on-device AI (Gemini Nano). This runs locally inside Chrome. No data leaves the device.
Your browser and the cloud AI provider you chose (OpenAI, Anthropic, or Google Gemini), only if you pasted your own API key in settings. The request goes directly from your browser to that provider under your account.

When you use the cloud AI path or save to Sheets, those services apply their own privacy terms:

Google (Sheets API, Drive API, OAuth): policies.google.com/privacy
OpenAI: openai.com/policies/privacy-policy
Anthropic: anthropic.com/legal/privacy
Google Gemini API: ai.google.dev/gemini-api/terms

7. How to delete everything

Two steps:

Open JobTrail settings and click Disconnect Google. This revokes the OAuth token with Google and clears it locally.
Right-click the JobTrail icon in Chrome and choose Remove from Chrome. This deletes all extension storage, including the resume, API key, sheet pointer, and scoring cache.

Rows you saved to your Google Sheet are yours. Delete them in Google Sheets if you want them gone.

8. Contact

Questions about this policy or how JobTrail handles data: jobtrail@ascentreon.com.

9. Changes

If this policy changes, the new version will be posted here with an updated date. Material changes will be called out in the extension's update notes.