Privacy Policy

Last updated: 13 June 2026

AI Job Hunter is a local-first desktop app with an optional companion browser extension. We don't track you — honestly, we can barely track ourselves. There are no accounts to sign up for, nothing here phones home for analytics, and most of what the app does never leaves your computer. The parts that do leave your computer are spelled out plainly below, because store reviewers read this against the actual code, and so should you.

The short version #

No accounts. Nothing to register. We never see your data because there is no "we" server to see it.
No analytics, no telemetry, no tracking. No Sentry, no Google Analytics, no PostHog — nothing.
The browser extension is loopback-only. It talks to your own running desktop app on 127.0.0.1 and nowhere else.
The desktop app talks to a third-party AI provider only when you set one up and run an AI feature — using your own API key (or your own local model). That content is governed by that provider's privacy policy.
Your data lives on your machine — résumés, job history and settings are stored locally in your OS application-data directory. Secrets (API keys, board passwords) go in your operating system's keychain, not plain files.

Browser extension #

The AI Job Hunter — Job Importer extension (Chrome and Firefox) exists to do one thing: take the job posting you're looking at and hand it to the desktop app running on the same machine. It is inert unless that app is running and you've paired it.

What it sends — and where

Loopback only. The extension opens a WebSocket to ws://127.0.0.1:<port> — your own desktop app, on your own machine. It has no remote backend and contacts no third-party server. Its only host permission is 127.0.0.1 (loopback); it grants no access to any public or LAN address.
Import via URL sends just the current tab's job URL to the local app, which fetches and parses it.
Scan page captures the current page's rendered DOM only when you click "Scan page", and sends that HTML only to the local app (for logged-in pages a headless fetch can't reach). Nothing is captured in the background or on page load.

Permissions, and why each is there

activeTab — read the URL and (in Scan mode) the DOM of the tab you clicked, only on that click. No standing access to any site.
storage — store the pairing token locally so you only pair once.
scripting — MV3 requires this to inject the Scan-mode capture on demand; its reach stays limited to the active tab.

No broad host access (<all_urls>), no tabs permission, no webRequest, no remotely-hosted code, no eval. Everything is bundled at build time.

What it stores

The only value the extension persists is the pairing token — a one-time secret you copy from the app's Settings — kept in chrome.storage.local. It is used solely to authenticate to your local desktop app and is never sent to any remote server. No telemetry, no analytics, no external API.

Desktop app #

The desktop app is local-first: it stores your data on your machine and does its work there. But it is an AI job-hunting tool, so some features do reach out over the network — by design, and only when you ask. Here is exactly what goes where.

AI providers — your text, your key, their servers

When you run an AI feature (tailoring a résumé, analysing a job, writing a cover letter), the app sends the relevant résumé / job-posting / cover-letter text to the AI provider you choose and configure, authenticated with your own API key.

Local models — Ollama runs models on your own machine (default; keyless, nothing leaves the computer).
Cloud providers — OpenAI, Anthropic, Google Gemini, Ollama Cloud, and any OpenAI-compatible endpoint (LM Studio, OpenRouter, Groq, Together, DeepSeek, Azure, etc.) via a base URL you set.
Local CLI agents — Claude Code, Codex, and the Gemini CLI, run as child processes under your own logged-in CLI.

When you pick a cloud provider, the content you generate over is sent to that provider and is governed by that provider's own privacy policy and terms — not by us. We are not a party to that exchange; the request goes straight from your machine to the provider you chose, under your key. If you stay on a local model (Ollama), that text never leaves your computer.

Embeddings

To rank job matches the app computes embeddings for your résumé and the postings. By default these are computed locally with Ollama (nomic-embed-text), so the text stays on your machine. If you explicitly configure a cloud provider for embeddings, the same "your text → your chosen provider, under your key" disclosure above applies.

Job scraping — fetching job-board pages

To find and import jobs, the app makes outbound requests to the job boards you search. Most boards (e.g. Greenhouse, Lever, Workday) are fetched over plain HTTP; aggregators that need a real browser session (e.g. LinkedIn, Indeed, Glassdoor) are driven through a local Chromium instance using a per-board profile so your login persists on your machine. These requests go to the job boards themselves — not to us. We run no proxy or intermediary; there is no AI Job Hunter server in the path.

Where your data is stored

Résumés, job and application history, embedding vectors, and settings are stored locally on your machine, in the operating system's standard per-application data directory. Secrets — AI provider API keys and saved board passwords — are kept in your operating system's keychain / credential store, never in plain-text files. None of this is uploaded anywhere by the app.

No telemetry. No analytics. The desktop app contains no analytics or telemetry SDK (no Sentry, Google Analytics, PostHog, Segment, Mixpanel, Amplitude, Datadog — none). AI Job Hunter checks for application updates by contacting its update server; this transmits only your current app version and operating system / architecture — no personal data. Other than that, the only network calls are the AI-provider and job-board requests described above, which you trigger; nothing about your usage is collected or sent to us.

Your control #

Rotate the pairing token any time from the app's Settings → Browser extension. Re-pairing invalidates the old token.
Uninstall the extension to remove its stored pairing token — it lives only in the browser's extension storage.
Delete your local app data by removing the app's data directory and clearing the saved secrets from your OS keychain. Because there's no server-side copy, deleting locally deletes it everywhere.
Stay fully local by choosing a local model (Ollama) for AI and embeddings — then nothing leaves your machine except the job-board fetches you initiate.

Changes to this policy #

If this policy changes, we'll bump the "Last updated" date at the top of this page and publish the revised version here. Material changes will be reflected in the app's store listings. There are no accounts, so there's no mailing list to notify — checking this page is the source of truth.

Contact #

Questions about privacy, or a data request? Email [email protected].