Chrome Extension Privacy Policy
Last updated: May 31, 2026
Cravid Labs LLC is the operator of Fursa (usefursa.com). Cravid Labs LLC is a Wyoming limited liability company with its principal place of business at 30 N Gould St, Ste R, Sheridan, WY 82801, United States.
This policy covers the Fursa Chrome Extension (“Extension”), a Manifest V3 browser extension available on the Chrome Web Store. It supplements our main Privacy Policy at usefursa.com/legal/privacy, which governs data collected through the main Fursa platform. Where this policy and the main Privacy Policy conflict with respect to Extension-specific data, this policy controls. This privacy policy is published as required by the Chrome Web Store Developer Program Policies.
1. Scope
This policy applies only to data collected, processed, or transmitted by the Fursa Chrome Extension. It does not apply to data you provide through the Fursa website (usefursa.com) or API directly — those are governed by our main Privacy Policy. Cravid Labs operates the Extension and is the data controller for purposes of this policy.
2. What the Extension Does
The Fursa Chrome Extension has a single purpose: to help you save job postings from job board websites and auto-fill job application forms using your Fursa profile data. Specifically:
- Job saving: When you visit a supported job board (LinkedIn, Indeed, Glassdoor, Greenhouse, Lever, Ashby, Workday, iCIMS, Workable) and view a job posting, the Extension displays a “Save Job” button. When you click this button, the Extension reads the job posting data from the current page — including the job title, company name, job description, and URL — and transmits it to your Fursa account via the Fursa API (
api.usefursa.com) over HTTPS. - Auto-fill: When auto-fill is enabled in your Fursa account settings and you navigate to a job application form on a supported site, the Extension reads your Fursa profile data (name, contact information, work history, education, skills) and populates the corresponding form fields on your behalf. This eliminates the need to manually retype your information for every application.
- Authentication: The Extension maintains a secure connection to your Fursa account by storing an authentication token locally in
chrome.storage.local. This token is used to verify your identity when you save a job or trigger an auto-fill.
3. Permissions We Request and Why
The Extension requests the following browser permissions. We request only what is strictly necessary to provide the features described above.
activeTab: Allows the Extension to access the content of the currently active tab, but only at the moment you interact with the Extension (e.g., click “Save Job” or trigger auto-fill). We do not have persistent access to your tabs or browsing history.storage: Used to store your authentication token inchrome.storage.localon your device so you remain logged into your Fursa account across browser sessions. No other data is persisted in local storage by the Extension.scripting: Required to inject the “Save Job” button UI into job board pages and to execute the auto-fill logic that populates application form fields.- Host permissions for supported job board domains (e.g.,
*.greenhouse.io,*.lever.co,*.ashbyhq.com,*.myworkdayjobs.com,*.icims.com,*.workable.com,*.linkedin.com,*.indeed.com,*.glassdoor.com): Required to detect job postings on these domains and to inject the save/fill UI. We only activate on these specific domains, not on all websites you visit. - Host permission for
api.usefursa.com: Required to communicate with the Fursa API to save jobs and retrieve your profile data for auto-fill.
4. Data the Extension Collects
4.1 Data We Collect
- Authentication token: Stored locally in
chrome.storage.localon your device. Used to authenticate API requests. Never transmitted to any party other thanapi.usefursa.com. - Job posting data: When you click “Save Job,” the Extension reads the job title, company name, job description text, and URL from the current page and transmits this data to
api.usefursa.comto save the job to your Fursa account. This data is then stored in your Fursa account on Supabase (AWS us-west-2). - Application form fields (auto-fill): During auto-fill, the Extension reads form field labels and types on the current application form page to match them with your profile data. This matching happens locally in the browser; the form data is not separately stored or logged — it is simply read and used to populate the fields in real time.
4.2 Data We Do NOT Collect
- Browsing history or the URLs of pages you visit where the Extension is not active.
- Page content, text, or screenshots from any website other than supported job board pages when you interact with the Extension.
- Keystrokes, mouse movements, or any form of continuous monitoring of your browser activity.
- Data from incognito/private browsing windows (the Extension does not have access to incognito tabs unless you explicitly grant it).
- Any data from pages where you have not interacted with the Extension.
5. Data Storage and Retention
- Local storage: The authentication token is stored in
chrome.storage.local, which is encrypted by Chrome using your OS-level credential storage. It is not accessible to other extensions or websites. - Server storage: Saved job data is transmitted to and stored on Fursa’s servers (Supabase, hosted on AWS us-west-2, US). Data is encrypted in transit (TLS 1.2+) and at rest. Retention follows our main Privacy Policy: data is retained as long as your account is active, plus 30 days after account deletion.
6. Data Sharing
We do not sell, rent, or share data collected by the Extension with any third party, except as strictly necessary to operate the Service:
- Supabase: Job data and profile data are stored in our Supabase-hosted database. Supabase processes this data as a data processor acting on our instructions.
- No advertising or analytics use: Data collected by the Extension is not used for behavioral advertising, cross-site tracking, or shared with advertising networks.
For a complete description of data sharing practices, see our main Privacy Policy.
7. Permissions Justification — Single Purpose Policy
Per Google’s Chrome Web Store Single Purpose Policy, the Extension’s single purpose is: to save job postings from job board websites and auto-fill job application forms using the user’s Fursa profile.
Every permission the Extension requests is strictly necessary to accomplish this single purpose:
activeTab— needed to read job posting content and inject the save/fill UI.storage— needed to persist authentication so you don’t have to log in every time.scripting— needed to inject the save button and execute form filling.- Host permissions — needed to activate on the specific job board pages where the Extension operates.
The Extension does not perform any function unrelated to job saving and form auto-fill.
8. Security
- All communication between the Extension and
api.usefursa.comuses HTTPS with TLS 1.2 or higher. Unencrypted HTTP connections are not accepted. - Authentication tokens stored in
chrome.storage.localbenefit from Chrome’s built-in encryption, which ties the storage to your OS user account. - The Extension follows Manifest V3 security requirements, which include a stricter Content Security Policy and prohibition on remotely hosted code.
- We do not use eval(), dynamic code execution, or any patterns that would allow code injection.
To report a security vulnerability in the Extension, see our Security & Vulnerability Disclosure Policy.
9. Updates to This Policy
We will update this policy when Extension functionality changes in ways that affect data collection or permissions. Material changes will be:
- Noted in the Chrome Web Store listing’s “What’s New” changelog.
- Reflected with an updated “Last updated” date on this page.
- Communicated via in-app notification for changes that significantly affect your privacy.
10. Contact
For questions about the Extension’s data practices, contact Cravid Labs at legal@usefursa.com.