Privacy Policy

Effective Date: March 23, 2026 — Last updated: March 23, 2026

Introduction

Welcome to Careerbase. This Privacy Policy explains how Careerbase ("we," "us," or "our") collects, uses, handles, stores, shares, and protects your personal and sensitive user data when you use the Careerbase Chrome Extension (the "Extension") and our website at careerbase.tech (the "Service").

This Extension handles personal and sensitive user data. Specifically, it collects Website content, Authentication information, Personally identifiable information, and job application data as described in detail below.

We are committed to protecting your privacy and ensuring your data is handled securely and transparently. By installing or using the Extension or Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not install or use the Extension.

Data Controller

The data controller responsible for your personal data is:

User Data Collection

The Careerbase Chrome Extension collects specific categories of user data to provide its core functionality of tracking job applications directly from your email and LinkedIn. This includes exactly: Personally identifiable information, Authentication information, and Website content.

The table below summarizes all data we collect, the purpose, and when it is collected:

Data Type What We Collect Purpose When Collected
Website content Text, job titles, and company names visible on the active LinkedIn or Gmail page Extract and save job application details to your dashboard Only when you click the "Track" button
Authentication information A JWT (JSON Web Token) for session authentication Keep you securely logged in across browser sessions When you sign in to the Extension
Personally identifiable information Email address and name Associate tracked applications with your personal account When you create an account or sign in
Job Application Data Company name, job title, application date, application source, application status Populate and maintain your application tracking dashboard Only when you click the "Track" button

Data We Do NOT Collect

  • We do not collect your browsing history or web browsing activity.
  • We do not read or store the full content of your emails or messages.
  • We do not collect financial or payment information.
  • We do not collect health information.
  • We do not collect location data or device identifiers.
  • We do not collect data in the background — all data collection requires your explicit action (clicking the "Track" button).
  • We do not use cookies, tracking pixels, or any tracking technologies in the Extension.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: By clicking the "Track" button, you provide explicit, affirmative consent for the Extension to collect the website content and job application data displayed on the active page. You may withdraw consent at any time by uninstalling the Extension or deleting your account.
  • Performance of a Contract: Processing your account information (email, name) and authentication information is necessary to provide you with the Careerbase service you signed up for.
  • Legitimate Interest: We may process limited data as necessary for our legitimate interests in maintaining, securing, and improving the Service, provided such interests are not overridden by your data protection rights.

User Data Handling

We handle your data strictly to enable our service. Here is exactly how your data is processed and used:

  • Data Flow: When you click the "Track" button, the Extension reads the relevant job details (company name, role, date, source) from the visible page content. This data is transmitted over a secure, encrypted HTTPS connection (TLS 1.2 or higher) to the Careerbase backend API, where it is stored in your personal account database.
  • Dashboard Population: We use the collected job application data exclusively to populate your personal job application tracking dashboard.
  • No Background Reading: We do not read your entire emails or messages automatically or in the background. The Extension only extracts specific, visible fields (like subject lines and sender names) when you actively click the "Track" button.
  • No Secondary Use: We do not use your data for advertising, analytics, profiling, creditworthiness determinations, or lending purposes.
  • No Sale of Data: We do not sell, license, or transfer user data to third parties, data brokers, or information resellers under any circumstances.
  • Limited Use: Your data is used solely to provide and improve the Extension's single purpose: tracking your job applications. No other use is permitted.

User Data Storage

We prioritize the security of your data in storage and transit:

  • Local Storage: Your authentication information is securely stored locally on your device within Chrome's storage API (chrome.storage.local), ensuring you remain logged in without repeated sign-ins. This data never leaves your device except for authentication purposes.
  • Remote Storage: Job application data and account information are stored on servers hosted by Microsoft Azure in the France Central region (EU). Data at rest on our servers is protected using industry-standard encryption (AES-256) provided by our cloud hosting infrastructure.
  • Data Retention: We retain your data for as long as your account is active and you continue to use the Service. If you delete your account, all associated personal data and application records will be permanently deleted from our servers within 30 days of the deletion request.
  • Inactive Accounts: Accounts that have been inactive for more than 12 months may be flagged for deletion. We will attempt to notify you via email before deleting any data associated with an inactive account.

Security Measures

We implement the following security measures to protect your personal data:

  • Encryption in Transit: All data transmitted between the Extension and our servers is encrypted using HTTPS with TLS 1.2 or higher.
  • Encryption at Rest: Data stored on our servers is encrypted at rest using AES-256 encryption provided by Microsoft Azure.
  • Access Controls: Access to user data on our servers is restricted to authorized personnel only and is limited to what is necessary for debugging, responding to support requests, or complying with legal obligations.
  • Authentication Security: User passwords are hashed using industry-standard algorithms and are never stored in plaintext.
  • Breach Notification: In the unlikely event of a data breach affecting your personal data, we will notify affected users via email within 72 hours of becoming aware of the breach, as required by applicable law.

User Data Sharing

We are committed to transparency about how your data is shared:

  • We do not sell, rent, or trade your personal data or user data to any third parties whatsoever.
  • We do not share your information with any third-party marketing, advertising, analytics, or data brokerage companies.
  • We do not transfer your data to third parties for purposes unrelated to the Extension's core functionality.
  • We do not use your data for personalized advertising or to determine creditworthiness or for lending purposes.
  • Service Providers: We share data only with the following service provider, strictly as necessary to operate the Service:
    • Microsoft Azure — cloud hosting infrastructure (France Central region, EU) where your application data is securely stored and processed. Microsoft Azure is bound by their own privacy and security obligations and acts as a data processor on our behalf.
  • Legal Requirements: We may disclose your data if required to do so by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

International Data Transfers

Your data is stored on servers located in the France Central region (European Union) hosted by Microsoft Azure. If you access the Service from outside the European Union, please be aware that your data may be transferred to, stored, and processed in the EU.

We ensure that any international transfer of personal data is carried out in compliance with applicable data protection laws. Microsoft Azure provides appropriate safeguards for international data transfers, including compliance with GDPR requirements and standard contractual clauses where applicable.

Cookies and Tracking Technologies

The Careerbase Chrome Extension does not use cookies, tracking pixels, web beacons, or any other tracking technologies. We do not track your browsing behavior, and the Extension does not set or read any cookies.

The Extension only stores a single authentication token in Chrome's local storage API (chrome.storage.local) to keep you logged in. This is not a cookie and is not used for tracking purposes.

Prominent Disclosure and User Consent

In accordance with Chrome Web Store policies, we provide prominent disclosure of our data practices:

  • In-Product Disclosure: Before any personal or sensitive user data is collected, the Extension presents a clear, prominent disclosure within the Extension's user interface describing what data will be collected and how it will be used.
  • Affirmative Consent: Users must take an explicit, affirmative action (such as logging in and clicking the "Track" button) before any data is collected or transmitted. No data is collected passively, automatically, or in the background.
  • Opt-In Only: The Extension does not collect any data until the user explicitly chooses to track a job application. You are always in control of when and what data is shared with Careerbase.

Permissions Justification

The Extension requests only the minimum permissions necessary to function. Below is a justification for each permission:

  • storage permission: Used to securely store your authentication information locally on your device via Chrome's storage API, so you remain logged in between browser sessions. No other data is stored using this permission.
  • Host permission (https://api.careerbase.tech/*): Required to send your tracked job application data to the Careerbase backend API over a secure HTTPS connection. This is the only external server the Extension communicates with.
  • Content Scripts (Gmail & LinkedIn): The Extension injects content scripts on mail.google.com and www.linkedin.com to display the "Track" button and extract job details when you click it. These scripts only activate on these two specific websites and do not run on any other sites.

Chrome Web Store User Data Policy Compliance

Careerbase's use and transfer to any other app of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use data to provide or improve the Extension's single purpose (job application tracking).
  • We do not transfer data to third parties unless necessary to provide the service, comply with law, or as part of a merger/acquisition with prior user notice.
  • We do not use or transfer user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • We do not use data for creditworthiness determinations or any purpose unrelated to the Extension's core functionality.
  • Human access to user data is restricted to debugging, responding to support requests, or complying with legal obligations, and only with the user's explicit consent where applicable.

Your Rights

You have the following rights regarding your personal data:

  • Right to Access: You can view all your stored job application data at any time through your Careerbase dashboard.
  • Right to Correction: You can edit any application data (company name, role, status, etc.) directly from your dashboard.
  • Right to Deletion: You can delete individual applications or your entire account at any time. Account deletion will result in permanent removal of all your data within 30 days. Deleting your data may result in loss of access to the Service's features.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data.
  • Right to Data Portability: You may request an export of all your stored data in a commonly used, machine-readable format by contacting us at careerbase.support@gmail.com.
  • Right to Object: You have the right to object to the processing of your personal data where we rely on legitimate interest as the legal basis for processing.
  • Right to Withdraw Consent: You can stop using the Extension at any time by uninstalling it from Chrome. You may also log out to prevent any further data transmission. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
  • Right to Lodge a Complaint: If you believe your data rights have been violated, you may contact us or lodge a complaint with the relevant data protection authority in your jurisdiction.

To exercise any of these rights, please contact us at careerbase.support@gmail.com. We will respond to your request within 30 days.

13. Automated Decision-Making

The Careerbase Extension and Service do not engage in any automated decision-making or profiling that produces legal effects or similarly significantly affects you. All data processing is limited to storing and displaying the job application information you explicitly choose to track.

14. Third-Party Links

The Extension operates on third-party websites (Gmail and LinkedIn) to provide its functionality. However, we are not responsible for the privacy practices of these third-party websites. We encourage you to review the privacy policies of Gmail (Third-Party Links

Our Extension interacts with third-party websites (specifically, Gmail and LinkedIn) solely to extract information at your command. We are not responsible for the privacy practices or the content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under the age of 16 without verification of parental consent, we will take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this document.

If we make material changes to how we treat our users' personal data, we will attempt to notify you by email to the primary email address specified in your account or through a notice in the Extension. Changes are effective immediately upon posting to this page.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact our Data Protection Officer at:

We will respond to your inquiry within 30 days of receipt.