Privacy policy — Chrome extension
Last updated: 2026-04-22
This page explains exactly what data the Velyq Chrome extension collects, why, and how you can control it. It complements the main Velyq privacy policy at our main policy.
1. What the extension collects
- The text content of the active job offer page, only at the moment you click "Add to Velyq" (title, company, location, description, source URL). Nothing is read in the background.
- Your Velyq auth tokens (access + refresh), stored locally in chrome.storage.local on your device. Never synced across devices.
- When you use Pro autofill: your Velyq profile data (name, email, phone, LinkedIn, primary CV, selected letter) is injected into the application form you're filling.
2. What the extension does NOT collect
- No automatic scraping. No background crawling on LinkedIn, Indeed or anywhere else.
- No browsing data (history, visited sites, clicks) outside of the offer pages you actively clip.
- No information about recruiters, colleagues or third-party profiles.
- No resale to advertisers, data brokers or marketing partners.
3. Chrome permissions requested
- storage — store auth tokens and preferences locally.
- activeTab — read the active tab's content only when you click the extension icon.
- scripting — inject the autofill script into the application form you want to fill.
- alarms — schedule periodic token refresh and reminder scans.
- identity — launch the OAuth flow to velyq.com for sign-in.
- notifications — show Chrome notifications for your follow-ups and deadlines.
- host_permissions — limited to supported job sites (LinkedIn, Indeed, WTTJ, APEC, France Travail, Glassdoor), supported ATS (Greenhouse, Lever, SmartRecruiters, Workday) and velyq.com.
4. Transfers and hosting
Your data is transmitted to the Velyq API (api.velyq.com) over HTTPS. It's hosted on Google Cloud (europe-west1, France) and processed by our FastAPI backend. No primary storage outside the EU.
The LLMs used for offer parsing and letter generation (OpenAI, Google Gemini) may receive the offer text as sub-processors. No personally identifying data beyond what's on the public page is included in those calls.
5. Your rights
Under GDPR you have rights of access, rectification, erasure, portability and restriction on your data. You can:
- Revoke extension access from Settings → Extension (immediate token invalidation).
- Uninstall the extension: right-click the icon → "Remove from Chrome".
- Delete your Velyq account and all associated data from Settings → Account.
- Contact us at privacy@velyq.com for any question or GDPR request.
6. Data retention
Offers you clip remain in your tracker as long as you want. They're deleted immediately and permanently when you remove an application or your account. Extension tokens expire automatically (24h for access, 7 days for refresh) and are wiped on sign-out.
7. Contact
Data controller: Velyq SAS · privacy@velyq.com
This policy may evolve. Every material change is announced via /changelog and by email if you have a Velyq account.