ZorixOS Copilot Extension Privacy Policy
Last updated: July 5, 2026
This policy covers the ZorixOS Copilot browser extension. It explains exactly what the extension accesses, what leaves your browser, and what it never does. The extension talks only to the ZorixOS API and never to any third party.
1. What the extension accesses
The extension accesses: (a) a connection token you generate in your ZorixOS account, stored locally in your browser; (b) the text of a job posting on a page you explicitly click to scan; and (c) the fields of a supported application form (Greenhouse, Lever, Ashby, Workable) when you click Autofill. It reads your name, email, phone, location, links, work history, education, skills, and resume from your ZorixOS account only when you ask it to fill a form or show your matches.
2. What we do with it
Job matches and page fit scores are computed by comparing job text with your profile. Autofill places your own profile values into a form for your review. AI answer drafts are generated from your real resume. We use this data solely to provide these features. We do not sell your data, and the extension contains no third-party analytics or advertising.
3. What the extension never does
It never submits an application for you. It never fills legal, demographic, or identity questions (work authorization, EEO, salary, references, government IDs, date of birth). It never interacts with CAPTCHAs. It performs no automation, filling, clicking, or background requests on LinkedIn, Indeed, Naukri, or Glassdoor; on any non-supported site it only reads the page you are viewing after you click to scan it. It loads no remote code.
4. Data storage and transmission
Your connection token is stored in your browser (chrome.storage.local) and sent only to the ZorixOS API to authenticate your requests. Job posting text you scan is sent to the ZorixOS API to compute a fit score and is not retained beyond serving that request. Your resume file is streamed from your account to the extension only when you attach it to an application, held in memory, and never uploaded to any third party.
5. Permissions we request and why
storage: to keep your connection token. activeTab and scripting: to read the posting on the page you click to scan, and to fill supported application forms you open. Host access is limited to the ZorixOS API and the supported application hosts (Greenhouse, Lever, Ashby, Workable). We request no broad host access.
6. Your controls
You can disconnect the extension at any time from its popup (which clears the local token) and revoke the token server side from the Connect page in your ZorixOS account. Revoking takes effect on the extension's next request. Deleting the extension removes all locally stored data.
7. Contact
Questions about this policy can be sent to support@zorixos.com. This extension policy supplements the main ZorixOS Privacy Policy.