Skip to content

Privacy Policy

Last updated: June 28, 2026

CareerPilot (“we”, “the app”) provides free AI career tools. This policy covers both the web app at careerpilot.appfinitylabs.com and the CareerPilot Companion browser extension. We aim to collect as little as possible and never sell your data.

What we collect

  • Account — when you sign in with Google, we store your name, email and avatar to identify your account.
  • Your content — resumes, cover letters, interview answers, study material, roadmaps, career plans and job applications you create. Stored per-user and isolated by row-level security.
  • Career Brain — a profile (skills, target roles, goals) you build or that is derived from your own content, to personalize the tools.
  • Usage events — lightweight, privacy-respecting counts (e.g. “an interview was completed”) used for product analytics. Guests are counted with a random anonymous id, not a personal identity.

The browser extension

  • Access token — you paste a personal access token (created in the app) which is stored only in your browser's extension storage and sent to our API as a Bearer credential. It is never shared with third parties.
  • Job page content — when you click the extension on a job posting, it reads that page's visible text (job title and description) only at that moment and sends it to our API to match and tailor your resume. We do not run in the background, do not track your browsing, and do not read other pages.
  • The extension requests access only to careerpilot.appfinitylabs.com (our API) and the job sites it supports.

How AI is used

To generate resumes, answers, matches and similar outputs, the relevant content is sent to AI providers (e.g. Groq, and optionally OpenAI for embeddings) solely to produce your result. We do not use your content to train our own models.

Data sharing

We do not sell your personal data. We share content with infrastructure providers strictly to operate the service: Supabase (database & authentication) and our AI providers. If you create a public share link or a Skill Passport, only the content you explicitly choose to share is made viewable.

Your controls

  • Edit or delete any saved item, and your Career Brain, at any time.
  • Revoke API tokens from the Developer page; disconnect the extension to remove its stored token.
  • Notifications and Job Radar are opt-in and can be turned off.
  • Request account deletion by contacting us; this removes your account and associated data.

Security

Data is isolated per user via row-level security. API keys live only in our server environment. Skill Passports are cryptographically signed so they can be verified without exposing your account.

Contact

Questions or deletion requests: [email protected].