HAMRA Companion privacy

• Your HAMRA account profile (resume, skills, work history) — only when you sign in via the extension token.
• The current page's job-listing content — only on supported job sites (LinkedIn, Naukri, Workday, Greenhouse, Lever, Workable, Ashby, Indeed, SmartRecruiters, iCIMS, Internshala).
• Form fields on application pages — only after the apply dialog matches a known platform playbook.

• Compute your match score against the job (computation happens in the HAMRA backend, not third parties).
• Pre-fill application forms with your profile data — values are written to DOM input elements; we do not transmit form contents back.
• Save jobs you mark "Save" to your HAMRA account.
• Record submission events when you click submit — only the URL/page evidence (not form contents) is sent to /api/auto-apply/queue/[id]/verify.

• Sell, share, or transfer your data to third parties.
• Read pages outside the 11 supported job sites — host_permissions in our manifest are explicit.
• Inject ads, sponsored content, or trackers into any page.
• Click submit on your behalf without your explicit opt-in (auto-submit unlocks at 5 verified submissions and is off by default).
• Read OR transmit form values back to HAMRA at any point during autofill — the data stays between your browser and the job board.

• Profile data: encrypted in chrome.storage.local, scoped to extension origin only.
• Session token: stored as same-site cookie via the HAMRA web app.
• Saved jobs / queue items: stored in your HAMRA account, deletable any time at hamraofficial.com/applications.
• Per-platform rate-limit counters: chrome.storage.local only; never sent to HAMRA backend.

Permissions we request

Each Chrome permission is justified by a specific extension function:

• activeTab: read job-listing DOM on the current tab only.
• storage: cache profile + token + per-platform rate-limit state.
• sidePanel: render the match-score sidebar inside Chrome's side panel surface.
• host_permissions: the 11 explicit job-board domains. Never <all_urls>.

Children

HAMRA Companion is not directed to users under 16. If you believe a minor has used the extension, contact us at the email below and we'll delete the associated account.

Your rights

• Export: download every row HAMRA stores about you at /settings/account → "Download my data".
• Delete: delete your account at /settings/account. Account deletion removes profile + queue + share events within 30 days.
• Disconnect: open the extension popup → click the ⎋ icon. Removes the local token; HAMRA backend data remains until you delete the account.