Privacy Policy

Last Updated: January 17, 2026

Overview

Newkid ("we", "our", or "us") operates the Newkid Chrome Extension (the "Extension"). This privacy policy explains how we collect, use, and protect your information when you use our Extension.

Information We Collect

1. Authentication Information

Email address: Used for account identification and authentication via Clerk
Authentication tokens: Short-lived JWT tokens (60-second validity) for secure API communication
Session cookies: HTTP-only cookies set by our web application for authentication purposes

2. Profile Information

Personal details: Name, phone number (if provided)
Resume: PDF file and extracted text content (if uploaded)
Professional information: Any additional remarks or notes you provide in your profile

3. Job Application Data

Application sessions: Job titles, company names, platform (LinkedIn/Indeed)
Questions and answers: Form responses generated during job applications
AI usage: Count of AI-powered autofill requests

4. Subscription Data

Subscription tier: FREE, PLUS, PRO, or LIFETIME_PRO
Usage metrics: Monthly AI request counts, API usage statistics
Payment information: Managed by Stripe (we do not store credit card details)

5. Technical Information

API request logs: For debugging, security, and rate limiting purposes
Error logs: To improve extension functionality and reliability

How We Use Your Information

We use the collected information for the following purposes:

Authentication: Verify your identity and maintain secure access to your account
Core Functionality: Provide AI-powered job application autofill on LinkedIn
Service Improvement: Analyze usage patterns to enhance features and user experience
Customer Support: Respond to your questions, requests, and technical issues
Subscription Management: Track usage limits and enforce tier-based restrictions
Legal Compliance: Comply with applicable laws and regulations

Data Storage and Security

Storage Location

All user data is stored on secure PostgreSQL databases hosted on Supabase (AWS infrastructure)
Resume files are stored on Supabase Storage with encryption at rest
Authentication is managed by Clerk with industry-standard security practices

Security Measures

Encryption: All data transmission uses HTTPS/TLS encryption
Token expiry: Authentication tokens expire after 60 seconds
HTTP-only cookies: Session cookies are inaccessible to JavaScript (XSS protection)
Access control: Data access restricted to authenticated users only
No local storage: Extension does not store sensitive data in browser local storage

Data Sharing and Third Parties

We share your information with the following third-party services:

1. Clerk (Authentication Provider)

Purpose: User authentication and session management
Data shared: Email address, authentication state
Privacy Policy: https://clerk.com/legal/privacy

2. OpenAI or Anthropic (AI Provider)

Purpose: Generate intelligent responses to job application questions
Data shared: Job questions, your resume text, and professional information
Data retention: AI providers may retain data according to their policies
Privacy Policies:
- OpenAI: https://openai.com/policies/privacy-policy
- Anthropic: https://www.anthropic.com/legal/privacy

3. Stripe (Payment Processor)

Purpose: Process subscription payments
Data shared: Email address, payment information
Privacy Policy: https://stripe.com/privacy

4. Supabase (Database and Storage)

Purpose: Host application database and file storage
Data shared: All user data described above
Privacy Policy: https://supabase.com/privacy

Data Retention

Active accounts: We retain your data while your account is active
Account deletion: You may request account deletion by contacting support
Retention after deletion: We may retain logs for up to 90 days for security and legal purposes
Resume files: Deleted immediately upon profile deletion or file removal

Your Rights

You have the following rights regarding your personal data:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information in your profile
Deletion: Request deletion of your account and associated data
Export: Download your data in a portable format
Opt-out: Discontinue use of the Extension at any time

To exercise these rights, contact us at: support@newkid.io

LinkedIn Data

The Extension operates on LinkedIn.com to provide job application automation:

No LinkedIn data collection: We do not collect, store, or share your LinkedIn profile data, connections, messages, or activity beyond the job applications you initiate
User-initiated actions: All automation is triggered by you clicking the "Start Auto-Apply" button
Job application data: We only store the job titles, company names, and your responses to application questions
LinkedIn Terms of Service: You are responsible for ensuring your use of automation complies with LinkedIn's Terms of Service

Children's Privacy

The Extension is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16.

Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by:

Updating the "Last Updated" date at the top of this policy
Displaying a notification in the Extension (for material changes)

Continued use of the Extension after changes constitutes acceptance of the updated policy.

Cookie Policy

Cookies We Use

Session Cookies: HTTP-only authentication cookies set by Clerk on *.newkid.io domain
Purpose: Maintain your login session and enable secure API authentication
Expiry: Automatically expire when you log out or after session timeout
Third-party cookies: Clerk may set additional cookies per their privacy policy

Managing Cookies

You can control cookies through your browser settings. However, disabling cookies will prevent the Extension from functioning properly.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international data transfers.

Contact Us

If you have questions about this privacy policy or our data practices:

Email: support@newkid.io
Website: https://newkid.io

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), our legal bases for processing your personal data are:

Contract performance: Processing necessary to provide the Extension services
Legitimate interests: Improve our services, prevent fraud, and ensure security
Consent: Where you have given explicit consent for specific processing activities
Legal obligations: Comply with applicable laws and regulations

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request information about data collection and use
Right to Delete: Request deletion of personal information
Right to Opt-Out: Opt-out of the "sale" of personal information (we do not sell personal information)
Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at support@newkid.io.

By using the Newkid Chrome Extension, you agree to this privacy policy.