Last updated: June 18, 2026 ยท Applies to Hoops v2.0
This Privacy Policy describes how Hoops ("we", "us", or "our") handles information when you use our Chrome Extension. Hoops is a browser extension that helps job seekers extract mandatory questions from job application pages, parse resume files, track job applications, and copy job descriptions.
We do not operate any servers. We do not transmit your personal data anywhere. All functionality runs entirely within your local browser environment.
Hoops uses Chrome's chrome.storage.local API to store the following data exclusively on your device. This data never leaves your browser.
| Data Type | What It Contains | Why It's Stored |
|---|---|---|
| Resume Context | Text extracted from your uploaded PDF/DOCX, or text you manually paste. If "Remove PII" is enabled, emails, phone numbers, addresses, and social links are stripped before storage. | To inject into question prompts and track which resume was used per application. |
| Saved Jobs | Job URL, company name, role title, date saved, job description (if copied), and resume text snippet used at the time of saving. | To power the Job Tracker dashboard and let you review your application history. |
| Extension Settings | User preferences: auto-capture resume toggle, PII removal toggle, auto-save on submit toggle. | To persist your preferences between browser sessions. |
You can permanently delete all locally stored data at any time by clicking "Delete All Data" in the Privacy Settings section of the extension dashboard.
When you upload a resume file (PDF or DOCX), Hoops processes it entirely within your browser using the open-source PDF.js and Mammoth.js libraries. At no point is your file, or any extracted text, sent to an external server or API.
If you enable the "Remove PII Before Storage" setting, Hoops will automatically detect and remove the following categories of personally identifiable information from the extracted text before it is stored:
Your original resume file is never read again after the initial extraction and is not stored anywhere by the extension.
Hoops requests the following Chrome permissions. Each is required for core functionality and is used for no other purpose.
Required to persist your resume context, saved jobs, and privacy settings in Chrome's local storage on your device.
Required to let you copy extracted questions, job descriptions, and resume text to your clipboard with one click.
Required because job applications are hosted across thousands of unique domains and company-specific subdomains (e.g., jobs.lever.co/company, company.greenhouse.io, apply.workable.com/company). Hoops must be able to run its content scripts on any job application page the user visits to detect forms, extract questions, and intercept resume uploads. The extension only activates its UI when it detects a supported ATS form โ it does not read, store, or transmit content from any other pages.
To be explicit, Hoops does not collect, transmit, sell, or share any of the following:
Hoops does not use any third-party analytics, crash reporting, or tracking SDKs.
The extension dashboard contains an optional link to Ko-fi for voluntary donations to support development. Clicking this link takes you to Ko-fi's website, which is governed by Ko-fi's own privacy policy. Hoops has no visibility into whether or how you interact with Ko-fi.
Hoops fetches job description data via publicly accessible ATS APIs (e.g., the Lever public job API). These requests retrieve only public job listing information using the URL you are already visiting. No personal data is included in these requests.
Because Hoops does not collect, process, or transmit any personal data to external systems, it operates in a manner that is inherently consistent with GDPR (EU) and CCPA (California) requirements.
Right to deletion: You can delete all data stored by Hoops at any time using the "Delete All Data" button in the extension settings. This clears all chrome.storage.local data associated with the extension.
Right to export: You can export all your stored data using the "Export Data" button in the extension settings.
Data portability: All data is stored in standard JSON format in Chrome's local storage and is fully portable.
Hoops v2.0 was subject to a full security audit. Key measures implemented include:
โข All user-supplied content is sanitized using strict regex-based HTML escaping before being rendered in the UI to prevent Cross-Site Scripting (XSS) attacks.
โข All URLs rendered in the dashboard are validated to use only http: or https: protocols, preventing javascript: URI injection attacks.
โข HTML entities in stored text are decoded using a safe DOMParser approach that does not execute embedded scripts.
โข A strict Content Security Policy (CSP) is enforced on all extension pages: script-src 'self'; object-src 'self'.
We may update this Privacy Policy when the extension gains new features that change how data is handled. The "Last updated" date at the top of this page will always reflect the most recent revision. For significant changes, we will note them in the extension's changelog.
If you have any questions about this Privacy Policy or Hoops' data practices, please reach out via the Chrome Web Store support page for the Hoops extension.