Privacy Policy

Last updated: April 5, 2026

Fitted ("we", "our", "the extension") is a Google Chrome browser extension that analyzes job descriptions against your resume to show match scores and generate tailored resume suggestions. We are committed to protecting your privacy. This policy explains what data we collect, why, and how we handle it.

Data We Collect

Data	Purpose	Stored where
Email address	Account identification via Google sign-in	Firebase (server)
Usage counts	Enforce free-tier limits (detections/day, refactorings/month)	Firebase (server)
Account plan	Determine feature access (free vs. pro)	Firebase (server)
Analysis metadata	Role title, company, match grade for your history	Firebase (server)

Data We Process but Do NOT Store

When you analyze a job listing, the following data is sent to our API server (hosted on Railway) for real-time processing:

Job description text — extracted from the web page you are viewing, or fetched from the public job listing page.
Your resume content — parsed from the DOCX file you uploaded.

This data is forwarded from our Railway-hosted API server to the LLM provider (Groq) for analysis, and immediately discarded after the response is returned. We do not log, store, or retain your resume content or job description text on our servers.

Groq does not retain API inputs by default. Groq may temporarily log inputs for up to 30 days solely for troubleshooting platform reliability issues or investigating abuse, per their data policy.

Data Stored Locally (Your Browser)

The following data is stored in chrome.storage.local on your device and never leaves your browser unless you initiate an analysis:

Your parsed resume (structured sections extracted from your uploaded file)
Cached analysis results (match scores, requirement maps)
Your refactoring decisions (accepted/rejected suggestions)
Extension preferences and settings

Data We Do NOT Collect

Browsing history or URLs visited (we only read the current page when you open the side panel on a job listing)
Cookies or tracking identifiers
Personal data beyond your email address
Data from pages that are not job listings

How the Extension Accesses Web Page Content

Fitted uses a content script that runs on supported job listing sites (LinkedIn, Indeed, Naukri, Glassdoor, Greenhouse, Lever, Ashby, Instahyre). This script:

Detects whether the current page is a job listing (via URL pattern matching)
On LinkedIn: reads the job ID from the URL; the side panel then fetches the public job page to extract the description
On other job boards: reads the job description text and title directly from the page
Does not modify the page content in any way
Does not track your browsing across sites
Only activates on pages matching job listing URL patterns

Permissions and Why We Need Them

Fitted is a Chrome extension (Manifest V3) that requests the following permissions:

Permission	Why it's needed
`sidePanel`	Display the match analysis and refactoring UI in Chrome's side panel alongside job pages
`storage`	Save your resume, preferences, and cached results locally in your browser
`activeTab`	Read the current tab's URL to detect when you're viewing a job listing page
`scripting`	Inject the content script into job listing pages to extract job description text
Host permissions (8 job sites)	Auto-detect job listings on LinkedIn, Indeed, Naukri, Glassdoor, Greenhouse, Lever, Ashby, and Instahyre. Required to run content scripts and fetch job page content on these sites

Third-Party Services

We use the following third-party services to provide the extension's functionality. Data is only shared with these services as described below:

Service	Purpose	Data shared
Groq	LLM provider for job analysis and resume refactoring	JD text + resume text (not retained by Groq by default; may be temporarily logged for up to 30 days for reliability/abuse monitoring)
Railway	Hosts our API server that processes analysis requests	JD text + resume text (passed through to Groq, not stored on our server)
Firebase Auth	Google sign-in for account management	Email, display name
Firebase Firestore	Usage tracking and account data	Email, usage counts, plan tier, analysis metadata
Dodo Payments	Payment processing for Pro plan subscriptions	Email address (all payment and billing data is handled directly by Dodo Payments; we do not receive or store credit card numbers or financial details)

Data Sharing

We do not sell your data to third parties.
We do not use your data for advertising.
We do not share your data for purposes unrelated to the extension's functionality.
Data is only shared with the third-party services listed above, solely to provide the extension's features.

Data Retention

Server data — account info and usage counts are retained as long as your account exists. You can request deletion at any time.
Local data — stored in your browser until you uninstall the extension or clear it via Settings.
Processing data — resume and JD text are discarded immediately after each analysis completes. They are not logged or stored on our servers.
Groq — does not retain inputs by default. May temporarily log for up to 30 days for platform reliability, per their data policy.

Data Security

All communication between the extension and our server uses HTTPS/TLS encryption. Authentication uses secure session tokens. Your resume is parsed and stored locally in your browser — it is only transmitted when you actively request an analysis.

Children's Privacy

Fitted is not intended for use by anyone under 13 years of age. We do not knowingly collect data from children.

Your Rights

You may at any time:

Request access to the personal data we hold about you
Request correction or deletion of your data
Delete your local data by uninstalling the extension
Delete your resume from the extension via Settings

Changes to This Policy

We may update this policy from time to time. Changes will be reflected by updating the "Last updated" date at the top. Continued use of the extension after changes constitutes acceptance.