Privacy Policy

1. Introduction

Leveo ("the Extension", "we", "us", or "our") is a browser extension that helps job seekers track opportunities, leverage their network, and use AI-powered tools to land interviews faster. We are committed to protecting your privacy and being transparent about how your information is handled.

2. Data Collection & Storage

We collect only the data necessary to provide Leveo's features. Here is what we store and where:

• Account Data (Google Auth): Leveo uses Google Sign-In for authentication. We access your name, email address, and profile photo from your Google account. No password is stored by Leveo. Your account is managed through Supabase.
• Cloud-Synced Data (Supabase): Your saved opportunities, pipeline status, contacts, notes, user settings (profile, resume text, templates), and subscription status are stored securely in Supabase and tied to your account. All data is protected by row-level security (RLS), meaning only you can access your data.
• Resume Data: Your resume is stored securely in your account and synced across devices. Resume text is sent to OpenAI only when you use AI features like fit checks and cover letters. OpenAI does not store your data under standard API usage.
• CSV Import (LinkedIn Connections): When you import your LinkedIn connections via CSV, contact data is uploaded to Supabase and associated with your account. This powers network intelligence features. You can delete imported contacts at any time.
• Local Storage (Chrome): Session tokens, preferences, and pending data are cached locally in Chrome storage. This data is cleared when you sign out.
• Anonymous Usage Data: We collect anonymized analytics events (such as extension opened or feature used) to understand product usage and improve functionality.

3. How AI Features Work

• All AI requests are sent from your browser to Leveo's secure backend, which forwards them to OpenAI.
• Resume processing: Resume text is sent to OpenAI for fit checks, cover letter generation, and profile extraction. OpenAI does not store this data under standard API usage.
• Generate Reply (context menu): When you right-click and select "Generate Reply," the text you have selected is sent to OpenAI to generate a response. You explicitly select and trigger this action.
• Your prompts are not logged or stored by Leveo beyond what is needed to process the request and track usage for free/paid tier enforcement.

4. Page Data Access

• Schema.org / Structured Data: On job posting pages (LinkedIn, Indeed, Greenhouse, and others), the extension reads publicly available structured data (schema.org markup) to extract job details for saving. No private data is accessed on these pages.
• LinkedIn Profiles: Name, headline, and company are accessed only when needed to auto-fill templates, and are not stored on our servers.
• Messages: Message content is accessed only when you explicitly request AI-generated replies.

5. Analytics

We use PostHog to collect anonymous usage analytics.

• Analytics data is aggregated and anonymized.
• No personally identifiable information is collected via analytics.
• No message content, resume data, or API keys are included.
• No advertising networks are used.
• Your data is never sold or shared with third parties.

6. Use of Permissions

• scripting: Read page content for user-triggered features (job saving, template auto-fill).
• tabs: Detect relevant pages for activation.
• storage: Cache session and preferences locally.
• contextMenus: Provide the right-click "Generate Reply" action.
• sidePanel: Display the Leveo interface.
• activeTab: Interact with the current page when triggered by the user.
• alarms: Schedule reminder notifications.
• notifications: Display follow-up and priority reminders.

7. Third-Party Services

OpenAI: AI features are processed via Leveo's backend, which forwards requests to OpenAI. OpenAI does not store data sent via API under their standard usage policy. View OpenAI Privacy Policy.

Google: Used for authentication (Google Sign-In). View Google Privacy Policy.

Supabase: Used for authentication, data storage, and cloud sync. Data is encrypted at rest and protected by row-level security.

PostHog: Used for anonymous analytics tracking.

8. Data Security

• All cloud-stored data (opportunities, contacts, resume, settings) is held in Supabase with row-level security — only your account can access your data.
• Data is encrypted at rest and in transit.
• Local Chrome storage data is cleared on sign out.
• No platform data is transmitted to our servers beyond what you explicitly trigger.
• Your data is never sold or shared with third parties for advertising or marketing.

9. Data Deletion

You can delete your account and all associated data at any time. This removes your opportunities, contacts, resume, templates, settings, and all other data stored in Supabase. To request account deletion, contact us at the email below or use the account settings in the extension.

10. Changes to This Policy

We may update this policy from time to time. Continued use of the extension constitutes acceptance of updates.

11. Contact

If you have questions, please contact us at levelupaisupport@gmail.com.

By using Leveo, you agree to this privacy policy.