vøiddo

jobmeta privacy.

specific to the jobmeta browser extension. read in plain language exactly what stays on your device, what touches our servers, and what never leaves your browser.

last updated: 2026-04-23

overview

this policy describes the data practices of jobmeta, a browser extension built by vøiddo. it complements the global vøiddo privacy policy with extension-specific detail required by chrome web store, firefox add-ons, and microsoft edge add-ons.

what we collect

nothing personal. jobmeta runs only on the supported ATS pages (Workday, Greenhouse, Lever, Ashby, BambooHR). on every other site it is silent. it reads only the fields it autofills and the job description text on the role page; it never reads the rest of the page or any other tab. we do not collect names, browsing history, page contents, form contents, keystrokes, mouse movements, screenshots, or any analytics events. we do not have a third-party analytics sdk in this extension. there is no telemetry endpoint.

what we store locally on your device

the extension uses your browser's chrome.storage.local and IndexedDB APIs to remember:

  • your candidate profile (name, contact, summary, skills, experience, links) — kept only in chrome.storage.sync, never on our servers
  • your license key, if you have entered one
  • your cover-letter language and tone defaults
  • for paid plans: a daily counter of letters generated, used only for the daily-cap check; auto-expires after 24 hours
this data never leaves your machine. uninstalling the extension deletes all of it.

network endpoints we contact

the extension makes outbound network requests only to:

  • scrb.voiddo.com/api/v1/ext/license/jobmeta — only when you enter or recheck a license key. request body is your key + literal string "jobmeta". response is {valid, plan, quota_remaining, expires_at}. nothing else sent.
  • scrb.voiddo.com/api/v1/ext/jobmeta/cover-letter — only when you click the cover-letter button. request body is the role + your profile (first/last name, contact, summary, skills, experience). this is the data you wrote into the options page. response is the generated letter. we keep no copy of the letter or the inputs once the request returns.
we do not contact any other server. we do not load remote scripts. we do not bundle a tracking pixel.

license keys

if you upgrade to a paid tier, the jobmeta api receives your license key (a short opaque string like JM-XXXX-XXXX-XXXX) and the timestamp of the check. this is used solely to verify entitlement and to bump an activation counter we use to detect key sharing. we do not log your ip on these requests beyond the standard nginx access log (rotated, 30-day retention, not joined to any user table).

payments

purchases go through paddle.com, our merchant of record. paddle collects payment data (card number, billing address) directly — that data never touches our servers. we receive only the transaction id, subscription id, customer email, and the price tier you purchased.

permissions and what we use them for

see the dedicated jobmeta page for the full permissions table. each permission is justified by a single concrete feature; nothing is requested speculatively.

children

our extensions are designed for developers, marketers, and power users. they are not intended for children under sixteen.

changes

the date at the top of this page reflects the current version. when we change what jobmeta does on your device or which servers it talks to, the date updates and we publish a release note in the extension's store listing.

contact

questions about this policy or anything else about the extension: support@voiddo.com. expect a reply within one business day.