SubmitX
Sign inGet Started

SubmitX Autofill — Privacy Policy

Last updated: May 3, 2026

The SubmitX Autofill browser extension is published by SubmitX, a product of YEMYEL (OPC) Private Limited. This document explains exactly what data the extension reads, what it sends, and where it sends it. For install steps see Install SubmitX Autofill. For our broader product privacy practices (web app, dashboard, account data) see the main Privacy Policy.

1. What the extension reads from the pages you visit

The extension's content script runs automatically on the explicit job-board host list declared in its manifest:

  • *.greenhouse.io (covers boards.greenhouse.io, job-boards.greenhouse.io, and any company-hosted subdomain)
  • *.lever.co
  • *.linkedin.com
  • *.workday.com, *.myworkdayjobs.com
  • *.ashbyhq.com
  • *.indeed.com
  • *.workable.com
  • *.smartrecruiters.com

On company career pages outside the host list (for example, stripe.com/jobs/.../apply), the extension uses the activeTab permission: after you click the SubmitX toolbar icon or open the side panel, it may inject scripts into that tab only via scripting.executeScript. Nothing is read until you click Autofill or Tailor resume.

On any of the above pages the content script reads form field labels, names, IDs, placeholders, autocomplete hints, and the visible text of the job description. It does not read other open tabs, browsing history, cookies for unrelated sites, passwords, or anything else.

2. What the extension sends

  • GET /me to the SubmitX users API — to load your saved profile. Sent only after you sign in.
  • POST /resume/build to the SubmitX resume API — only when you click Tailor my resume for this job. Sends the job description text extracted from the active page.
  • POST /extension/answer to the SubmitX users API — only when you click Draft answer. Sends the question you typed, the JD you extracted (if any), a hint type, and a summary of your saved profile fields. Our backend forwards this to Groq's LLM API and returns the draft.

The extension does not send any page content to a third party without an explicit user click.

3. What the extension stores locally

  • A Clerk session token in chrome.storage so you don't have to sign in on every page load.
  • The most recently generated tailored resume (DOCX or PDF, base64) in chrome.storage.session, so it can be attached to the next application form. Cleared when the browser session ends.
  • The most recent page detection result, only in side-panel memory.

Local data is cleared when you sign out or uninstall the extension.

4. Sensitive fields are never auto-filled

The extension explicitly skips any form field whose label, name, or ID matches one of:

  • SSN, social security number
  • Passport number, driver's license, national ID, tax ID / TIN
  • Salary expectations, current compensation, desired pay
  • Date of birth (DOB)
  • Passwords

These are skipped even when they would otherwise score above the heuristic confidence threshold. You enter those values yourself.

5. Diversity / EEO data

On /dashboard/autofill you may optionally save answers to standard EEO questions (gender, pronouns, ethnicity, veteran status, disability status) so the extension can pre-fill the matching dropdowns on US job applications. SubmitX does not use this data for any other purpose. "Decline to self-identify" is always offered and is a valid answer to leave saved.

6. Third parties

  • Clerk — authentication. See clerk.com/legal/privacy.
  • Groq — LLM inference, used only when you click Draft answer. See groq.com/privacy.
  • Amazon Web Services — hosts the SubmitX API gateways and stores your saved profile and tailored resumes.

7. Permissions used

  • storage — cache the user's profile and tailored resume across side-panel reloads.
  • activeTab — read the job-application form on the tab the user explicitly opens SubmitX on.
  • sidePanel — render the SubmitX UI in Chrome's side panel.
  • scripting — inject the autofill content script on demand into the active tab when the user clicks Autofill.
  • cookies — required by @clerk/chrome-extension to sync the user's existing SubmitX login session.
  • host_permissions — the explicit job-board and SubmitX/Clerk host list above. Other career pages use activeTab plus scripting after a user gesture, not broad host access.

8. Single-purpose statement

The SubmitX Autofill extension exists for one purpose: to auto-fill job applications using the user's saved SubmitX profile and a job-description-tailored resume. It is not used to track browsing, harvest contacts, inject ads, or modify any pages other than the explicit application forms the user chooses to fill.

9. Data retention & deletion

Profile data and tailored resumes are retained on SubmitX's servers for the lifetime of your account. You can request deletion of your account and all associated data via our Contact page. Local extension storage is wiped when you sign out or uninstall.

10. Contact

Questions or requests: support@submitx.ai.