Your data is yours.

Offer Max (the "Service") is an AI-powered job-application assistant consisting of a web app at offermax.me and a companion Chrome extension. This policy explains what we collect, why, and what choices you have. It applies to both the web app and the extension.

We collect only the information you choose to provide:

• Account information. Your email address, used for sign-in. Passwords are hashed by our auth provider (Supabase); we never see them in plain text.
• Profile data. Whatever you import or enter — name, contact details, work experience, education, skills, projects, certifications, awards, publications, patents, volunteer work, languages, courses, custom sections, and personal links (LinkedIn, portfolio, GitHub, etc.).
• Source materials. Files you upload (past resumes, cover letters, performance reviews, certificates) so the AI can extract their content into your profile.
• EEO answers. If you choose to save them: work authorization, visa sponsorship, veteran status, disability status, gender identity, race/ethnicity, LGBTQ+ self-identification. All fields are optional.
• Job-application data. The job descriptions you import, the resumes and cover letters you generate, match scores, and any tags or notes you add to track outcomes.
• Application preferences. Layout choices, template selection, section visibility, saved presets.

We do not collect: browsing history, location, payment information, contacts, device identifiers, biometric data, health information, or personal communications.

• To generate tailored resumes, cover letters, recruiter emails, LinkedIn messages, referral Q&A, and interview prep — using your profile and the target job description as input to AI models.
• To score how well a given job posting matches your profile.
• To autofill your contact details, EEO answers, and LinkedIn URL on supported application forms — through the Chrome extension, only on pages where you ask it to act.
• To remember your preferences (layout, sections, template, presets) across devices.
• To show you a dashboard of your own application activity.

We do not use your data to train AI models, build advertising profiles, or for any purpose unrelated to delivering the Service to you.

To make the Service work we share specific pieces of data with the following processors. Each is bound by its own terms of service:

We do not use Google Analytics, Mixpanel, Facebook Pixel, Hotjar, or any other behavioral-analytics or advertising tracker.

The extension requests several Chrome permissions. Here is what each one does in practice:

• activeTab + scripting. Lets the extension read the content of the page you are currently viewing — but only when you trigger an action (Capture Job, Autofill, LinkedIn Import). The extension does not silently monitor your browsing.
• storage. Saves your profile and EEO answers in the browser's local storage so the autofill works offline and across sessions.
• tabs. Lets the extension find the Offer Max web app tab to sync your imported job posting to.
• sidePanel. Lets the extension show its UI in Chrome's side panel.
• host_permissions. The extension is allowed to run on any HTTPS site so it can capture job postings from any career page and autofill any application form. It only acts when you trigger it.

The extension does not read your browsing history, your bookmarks, your saved passwords, or any data from pages you do not interact with.

• Your profile, EEO answers, and generated documents are stored in the browser's localStorage (for fast access) and in our Supabase database (for cross-device sync).
• We retain your data as long as your account exists. There is no automated expiration.
• When you delete your account, all server-side data is removed from Supabase. You can clear the local copy from the extension and web app via the Clear All button on the profile page.

• Access. View and edit your data at any time on the Profile page.
• Correction. Edit any field manually in the profile editor.
• Deletion. Delete your account, which wipes all server-side data. Local browser data can be cleared with the Clear All button.
• Portability. Contact us and we will export your data as JSON.
• Objection / restriction. If you would like us to stop processing your data for any reason, contact us and we will work with you.

If you are in the EU/UK, you have the rights guaranteed by GDPR. If you are in California, you have the rights guaranteed by the CCPA. Both apply to us.

We use HTTPS for all traffic, hash passwords through Supabase's auth system, and apply row-level security in our database so users can only read their own data. No system is perfectly secure; if we ever discover a breach that affects your data, we will notify you by email within 72 hours.

Offer Max is intended for adults seeking employment. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

Our servers (Vercel, Supabase, Browserless, Google Gemini) operate in multiple regions, primarily in the United States. By using the Service you consent to your data being processed in the US, regardless of where you live. We rely on Standard Contractual Clauses for EU/UK data transfers.

If we materially change how we handle your data, we will update this page and notify active users by email or via an in-app notice at least 14 days before the change takes effect. Minor edits (typos, clarifying wording) will be reflected here without notice but will not change what we do with your data.

Privacy questions, data requests, or anything else — email us: