Privacy Policy

Effective Date: December 28, 2024

1. Introduction

MatchRole ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome browser extension and web application (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: When you create an account, we collect your email address and name.
  • Resume and Professional Data: Information you enter or upload including work history, job titles, employers, education, skills, certifications, and contact information (phone number, location).
  • Uploaded Documents: PDF resume files you upload to our service.

2.2 Information Collected Automatically

  • Job Description Content: When you use our Chrome extension, we extract text content from job posting pages to generate tailored resumes. This includes job titles, requirements, and company information visible on the page.
  • Generated Resumes: PDF resumes generated by our service are stored to provide you with download and history features.
  • Usage Data: We may collect information about how you access and use our Service, including timestamps of resume generations.

2.3 Information Stored Locally

  • Authentication Tokens: Secure access tokens are stored in your browser's local storage to maintain your session. These tokens do not contain your password.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Resume Generation: To analyze job descriptions and generate tailored resumes matching specific job requirements.
  • Service Delivery: To provide, maintain, and improve our Service.
  • Account Management: To create and manage your user account.
  • Storage and History: To store your resume data and generation history for future access.
  • Communication: To send you service-related notifications and respond to inquiries.
  • Security: To detect, prevent, and address technical issues and abuse.

4. Third-Party Services

We use the following third-party services to operate our Service:

4.1 AI Processing Services

  • OpenAI: We send your resume data and job descriptions to OpenAI's API to generate tailored content. OpenAI processes this data according to their Privacy Policy. Per OpenAI's API data usage policy, data sent via their API is not used to train their models.
  • Google (Gemini): We use Google's Gemini API for document processing. Google processes this data according to their Privacy Policy.

4.2 Infrastructure Services

  • Supabase: We use Supabase for authentication, database, and file storage. Your data is stored securely in Supabase's infrastructure with encryption at rest and in transit.
  • Vercel: Our web application is hosted on Vercel's platform.

5. Data Retention

  • Account Data: Retained for as long as your account is active.
  • Resume Data: Retained until you delete it or close your account.
  • Generated Resumes: Stored in your history until you delete them or close your account.
  • Job Descriptions: Processed in real-time and not permanently stored after resume generation.

Upon account deletion request, we will delete your personal data within 30 days, except where we are required to retain it for legal obligations.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest
  • Secure authentication using industry-standard protocols
  • Regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in these circumstances:

  • Service Providers: With third-party vendors who assist in operating our Service (as described in Section 4), bound by confidentiality obligations.
  • Legal Requirements: If required by law, regulation, legal process, or governmental request.
  • Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users or the public.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

8. Chrome Extension Permissions

Our Chrome extension requests the following permissions:

  • activeTab: Allows the extension to read content from the current tab only when you click the extension icon. We use this to extract job description text.
  • scripting: Enables the extension to run scripts that parse job posting content from web pages.
  • storage: Stores authentication tokens locally in your browser to keep you signed in.
  • Host Permissions (all URLs): Required because job postings exist across thousands of different websites (LinkedIn, Indeed, company career pages, various ATS platforms). The extension only activates when you explicitly click it.

Important: The extension does not run in the background, does not track your browsing history, and does not collect data from pages unless you explicitly click the extension icon.

9. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request a copy of your data in a portable format.
  • Objection: Object to certain processing of your personal data.
  • Withdraw Consent: Withdraw consent where processing is based on consent.

To exercise any of these rights, please contact us at ifetilayoade@gmail.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our Service, you consent to such transfers. We ensure appropriate safeguards are in place to protect your data in compliance with applicable laws.

11. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by businesses
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). Our legal basis for processing your data includes:

  • Contract: Processing necessary to provide our Service to you.
  • Consent: Where you have given consent for specific processing.
  • Legitimate Interests: Processing necessary for our legitimate business interests, balanced against your rights.

14. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Effective Date" at the top. We encourage you to review this policy periodically.

15. Contact Us

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us: