Privacy Policy

• Sign-in identity — when you sign in with Google, we receive your email address and a unique account identifier from Google. We never see your Google password.
• Profile information you enter — resume, contact info, work-authorization status, calendar link.
• Campaigns and outreach you create — companies you target, people you message, drafts you compose, replies you receive.
• Question-answer bank — answers you save while filling LinkedIn Easy Apply forms, so the next form pre-fills.
• LinkedIn-derived metadata — public information about people you choose to add to a campaign (name, headline, company, profile slug). We never store messages from people who haven't replied to you.
• Reply text — when someone replies to an email or LinkedIn message you sent through Job Compass, we store the reply so you can see it in the activity feed.

• Your LinkedIn password or session cookies (the extension reads your existing browser session — it never sees the credentials).
• Your full LinkedIn inbox or messages from people you didn't contact through Job Compass.
• Anything from sites other than linkedin.com.
• Your full Gmail inbox. The Gmail OAuth scope we request isgmail.sendonly — it permits sending emails on your behalf and grants no read access to your existing inbox.

• Supabase Postgres (US-East region) — campaigns, targets, outreach attempts, profile, answer bank, replies. Per-user row-level security ensures your data is only readable by your authenticated session.
• chrome.storage.local on your device — UI preferences, cached search results, sign-in tokens. Wiped if you uninstall the extension.

Limited Use disclosure. Job Compass's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Job Compass does not transfer Google user data to third parties for advertising, does not use Google user data for credit-worthiness or lending purposes, and does not allow humans to read Google user data unless we have your affirmative consent for specific messages, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for Job Compass's internal operations and only when the data has been aggregated and anonymized.

4.1 Google data we access

Job Compass requests two Google OAuth scope groups, only when you choose to enable the corresponding feature:

• Identity scopes (always requested at sign-in) — openid, email, profile. Used to look up which Job Compass account you are signing into. We receive your email address, a unique Google account ID (sub), your name, and your profile picture URL. We never receive your Google password.
• Gmail send scope (only when you connect Gmail as a sender) — https://www.googleapis.com/auth/gmail.send. Used to compose and send outreach emails from your real Gmail address so replies land in your inbox. This scope grants send-only access — Job Compass cannot read your existing emails, list threads, search your inbox, modify labels, or delete messages. We deliberately do not request gmail.readonly, gmail.modify, or any other Gmail scope.

4.2 How we use it

• Identity— match your Google sign-in to your existing Job Compass account (or create a new one) and pre-fill your profile name + email on first launch so you don't have to retype them. Your profile picture URL is rendered as your avatar in the extension UI; the image is fetched lazily from Google's CDN at render time and is not redownloaded server-side.
• Gmail send— send outreach emails you have explicitly composed and approved through Job Compass's campaign / queue UI. We construct the MIME message client-side and call users.messages.send with the access token you authorized. Job Compass never auto-sends an email you didn't explicitly queue; every send is initiated by a user click.

4.3 How we share it

Job Compass does not sell Google user data, does not share Google user data with advertisers or analytics platforms, and does not use Google user data to train any AI/ML model. Specific data flows:

• Email + name + sub are sent only to our own backend (Supabase Postgres, hosted on AWS App Runner US-East) for account authentication. Not sent to any third party.
• Gmail access token is stored encrypted at rest in the same Supabase Postgres row that owns your account, scoped per visitor. The token is never logged, never sent to a third party, and never shared with another Job Compass user. It is used only by our backend to call users.messages.send on your behalf.
• Email body content you compose may pass through OpenAI or Anthropic when you ask Job Compass to draft outreach copy. Both providers have data-processing agreements that prohibit training on submitted content. The body is never logged with any third party other than the chosen LLM provider for the duration of the request.

4.4 How we store and protect it

• Storage location — Supabase Postgres in AWS US-East-1. Backups encrypted at rest (AES-256). All transport is HTTPS / TLS 1.2+.
• Access control — Postgres row-level security ties every row to your user_id or visitor ID. The Job Compass backend enforces an authorization check on every read and write. No engineer has direct access to user OAuth tokens; access is gated behind audit-logged break-glass tooling.
• Token lifecycle — the Gmail access token is short-lived (1 hour); the refresh token is rotated by Google. We revoke our copy of both tokens immediately when you disconnect Gmail from the extension or delete your Job Compass account.
• Incident response — if we detect or are notified of a security incident affecting Google user data, we will notify affected users within 72 hours by email and via an in-extension banner.

4.5 How long we keep it + how to delete it

• Retention — Google identity data (email, name, sub, picture URL) is retained for the lifetime of your Job Compass account. Gmail OAuth refresh tokens are retained until you disconnect Gmail or delete your account. We do not retain the bodies of sent emails server-side beyond the attempt log row, which records a hash of the sent content + the recipient + the timestamp for delivery auditing — no full body.
• Disconnect Gmail — open Outreach Settings → Senders → click Remove on your Gmail row. Job Compass immediately revokes its copy of your refresh token and stops being able to send. You can also visit myaccount.google.com/permissions to revoke Job Compass's access from Google's side independently.
• Delete all data — email support@insightron.ai and we will permanently delete every row keyed to your account — including all Google identity fields and the encrypted refresh token — within 7 days. We will email confirmation when the deletion completes. You can also uninstall the extension to wipe local-device storage immediately.

Job Compass uses the following non-Google services. Each is contacted only when required for a feature you actively use:

• Hunter.io — verifies the format of email addresses before you send to them. We send the email address being validated.
• AgentMail — sends emails on your behalf when you choose AgentMail (instead of Gmail) as a sender, and notifies us when replies arrive. We send the recipient address, subject, and body of emails you choose to send.
• OpenAI and Anthropic — generate AI-suggested answers to job-application questions, draft outreach copy, and parse resume text. We send the prompt for each request; we do not train any model on your data.
• Coresignal — provides salary and headcount benchmarks for the jobs you view. Anonymous job IDs only.
• Browser Use — drives a headless browser to recover when LinkedIn changes its private API. Triggered automatically when searches return empty results; no per-user data is sent.

• storage, alarms — save your data and run the weekly LinkedIn-sync background job.
• tabs, scripting — open LinkedIn pages and inject the floating overlay so you can search and apply without leaving LinkedIn.
• downloads — let you export prospect lists as CSV.
• identity — power the Google sign-in flow.
• linkedin.com host access — read your existing LinkedIn session so you can search, view profiles, and send messages without manually copying anything.

• See all your data — every screen in Job Compass is a view of your data. Nothing is hidden.
• Delete your data — email support@insightron.ai and we'll delete every row keyed to your account within 7 days. You can also uninstall the extension to wipe local storage.
• Export your data — same email; we'll send a JSON dump within 7 days.
• Revoke Google access at the source — myaccount.google.com/permissions.

Job Compass uses LinkedIn's user-facing surfaces (the same APIs your browser already calls). We respect rate limits and a quiet-hours window. You are responsible for using the extension within LinkedIn's User Agreement.

Job Compass is built and operated solely by 4UGUSTA Systems. We are not affiliated with, endorsed by, or sponsored by Google or LinkedIn.

Material changes will be announced via an in-extension banner and an email to your sign-in address. The "Last updated" date above reflects the most recent revision.

Questions, requests, or concerns: support@insightron.ai