Back to the extension

Extension Privacy Policy

Last updated 2 July 2026

This policy covers the Gradux browser extension specifically. It works alongside, and should be read together with, the main Gradux Privacy Policy, which covers the web app the extension connects to. Everything the extension does is in service of one goal: letting you save a role, some company research, or assessment evidence into your Gradux account without leaving the page you're on.

What the extension can access

The page you're currently viewing.When you open the extension popup and choose to save something, it reads the URL and title of the active tab so it knows what you're looking at. It never reads any other open tab, and it never reads the current tab unless you interact with the popup first. The page's content itself (the job description, company page, etc.) is fetched and read by Gradux's own servers from that URL, not by the extension.

A screenshot, only when you ask for one.The “capture evidence” action takes a screenshot of the currently visible tab and uploads it to the assessment you choose. No screenshot is taken automatically or in the background.

Your Gradux sign-in.Signing in to the extension creates a session with the same account system as the Gradux web app (Supabase Auth). The session tokens are stored in the browser's local extension storage, on your device only, and are never synced to Google, Mozilla, or any third party.

What the extension sends, and where

The extension only talks to two places: your browser's own storage, and Gradux's own backend at gradux.app. It does not include analytics, advertising, or any third-party tracking SDK, and it does not sell or share data with anyone outside the services listed below.

  • The job page's URLis sent to Gradux's extraction endpoint, which fetches and reads that page server-side to identify the company, role, location, and deadline. The extracted text is processed by Anthropic's Claude API to perform the extraction, in the same way described in the main Privacy Policy's “AI processing” section, and is not used to train models.
  • Company research page URLsyou choose to capture are sent the same way, to populate that company's intelligence profile in your account.
  • Screenshots you capture are uploaded directly to the assessment record you select, stored in your Gradux vault exactly like evidence uploaded through the web app.
  • Applications, STAR entries, and assessment lists you view or create through the popup are read from and written to your existing Gradux account.

Why the extension asks for these permissions

activeTab.Used only to read the URL and title of the tab you're on, and to take a screenshot when you ask for one, at the moment you open the popup and choose to save something. There is no content script and nothing runs in the background across your browsing, the extension does not log which sites you visit, and it takes no action unless you click something in the popup.

tabs.Used to identify the currently focused tab so the popup knows which page's URL and title to read.

storage. Used to keep you signed in between popup sessions, on your device only.

Data retention and deletion

Anything saved through the extension becomes part of your regular Gradux account data (applications, vault entries, company profiles) and is retained and deletable exactly as described in the main Privacy Policy. Signing out of the extension clears the session tokens stored on your device immediately. Deleting your Gradux account deletes everything saved through the extension along with everything saved through the web app.

Changes to this policy

If the extension starts requesting new permissions or sending data anywhere new, we'll update this policy first and note the change in the extension's store listing.

Contact us

Questions about this policy or the extension's data handling can be sent to privacy@gradux.app.