Privacy Policy

Last updated: May 16, 2026

This page describes how the AutoApply web application (auto-resume-application-frontend.vercel.app) and the AutoApply LinkedIn Connector Chrome extension handle personal data. We are committed to collecting the minimum necessary, storing it securely, and giving you full control to disconnect or delete at any time.

What we collect

• Account information. Your name, email address, and a hashed password used to sign in to AutoApply.
• LinkedIn session cookie (li_at).When you connect your LinkedIn account, we receive your existing li_at session token from your browser. This token authenticates the automation worker to apply for jobs on your behalf. We never request your LinkedIn email or password.
• Application activity. Records of jobs your account has applied to via AutoApply (company, role, status, timestamp) so you can review and audit activity.
• Resume / profile data. Files and information you upload for use during applications.

What the Chrome extension does

The AutoApply LinkedIn Connector extension has exactly one job: when you click Connect with extension on the AutoApply web app, the extension reads your existing LinkedIn li_at cookie from your browser and passes it to the AutoApply web page so it can be sent to our server over HTTPS.

• The extension only requests the cookies permission, and only for linkedin.com.
• The extension only communicates with the AutoApply frontend (the domain listed in its manifest). It cannot be triggered by any other page.
• The extension does not read tabs, browsing history, page content, form data, or any other cookies.
• The extension does not contact any server directly — the cookie value passes only through the AutoApply web page in the user's own browser session, which forwards it to the AutoApply server.

How data is stored

• Passwords are hashed with Argon2id.
• The LinkedIn session cookie is encrypted at rest with AES-256-GCM using a server-side master key. Plaintext cookies are never written to disk or logs.
• All traffic to and from AutoApply is served over HTTPS / WSS.
• Data is hosted on Aiven (MySQL) and Cloudflare R2 (object storage) in the regions of those providers.

How data is used

• To sign you in to AutoApply.
• To authenticate the automation worker as you on LinkedIn so it can submit applications.
• To show you which jobs you have applied to and surface errors.

We do not sell or share your data with third parties for marketing, analytics aggregation, or any non-essential purpose.

How data is shared

The only third party that ever sees your LinkedIn cookie is LinkedIn itself — as a normal LinkedIn API call from the automation worker. We do not transmit your cookie to any other service.

Your controls

• Disconnect LinkedIn at any time from the AutoApply settings page. We immediately overwrite the encrypted cookie record.
• Delete your account by emailing vashkar@hypernorm.ai. All account, cookie, and application records are permanently removed within 7 days.
• Uninstall the extension from chrome://extensions at any time. Uninstalling immediately revokes the extension's access; existing automation runs continue using the cookie already on file until you disconnect.

Retention

We keep account and application data for as long as your account is active. We delete it within 7 days of an account deletion request. Server access logs are retained for up to 30 days for security and abuse investigation.

Children

AutoApply is not directed to anyone under 18. We do not knowingly collect data from minors.

Changes to this policy

If we materially change how we handle data, we will update this page and notify users by email at least 14 days before the change takes effect.

Contact

Questions or concerns? vashkar@hypernorm.ai