Effective July 10, 2026 · Applies to the ApplyOnce browser extension
All of the following is stored locally in your browser's extension storage (IndexedDB) on your device, and nowhere else:
You can optionally encrypt the profile, documents, and saved answers with a passphrase (AES-GCM). Without one, data is stored in plain IndexedDB and protected by your operating-system user account — that's the honest description of both modes.
Nothing. ApplyOnce makes no network requests. It has no backend, no analytics SDK, no crash reporter, and no account system. The only network activity involving the extension is your browser downloading it from the store.
ApplyOnce needs access to the pages you visit so it can detect job application forms and fill them. That detection runs entirely on your device: a scoring check decides whether a page looks like a job application, and ordinary pages (articles, shops, logins, banking) are ignored without deep scanning. Page content is never sent anywhere — there is nowhere to send it.
If you choose to report a bug, the extension copies a structure-only diagnostics log to your clipboard and opens a GitHub issue form. You see exactly what's in it, and you decide whether to paste it. Nothing is submitted automatically.
Everything can be deleted in the side panel (documents, saved answers, history, diagnostics log), and removing the extension deletes all of it at once. Because nothing exists outside your device, there is nothing else to request deletion of.
ApplyOnce's use of information complies with the Chrome Web Store User Data Policy, including the Limited Use requirements. Data handled by the extension is used solely to provide its single purpose: filling job application forms with your locally stored profile.
If this policy ever changes in a way that affects how data is handled, the extension will disclose the change prominently before it applies. Questions: open an issue on GitHub.