You control what job text and profile context you submit. Use a redacted CV or short profile summary, and do not paste passwords, API keys, banking details, National Insurance numbers, passport details, medical information, or other secrets into RoleSift.
Profile setup asks for processing consent before sending CV/profile text to OpenAI API server-side for extraction, and storage consent before saving. RoleSift saves the reviewed structured job-fit profile only after consent and does not store the original CV/profile text in the MVP flow.
Supabase handles account signup, login, email confirmation, and authenticated API tokens. Service role keys never run in browser or extension code.
Stripe handles subscription checkout and payment details. RoleSift stores plan/subscription state, not card numbers.
Signed-in users can export account data, delete scan history, and clear profile/preferences from Settings. Raw CV storage should remain gated behind explicit consent, encryption, retention, and deletion controls.
The extension requests storage, active tab, context menu, scripting, and supported host access so it can open overlays and scan selected job pages.
Use the Contact/Support page for account, payment, extension, and security reports during private MVP testing.