StatusFlow Privacy Policy

StatusFlow is built to help people organize, understand, and improve their job search. We recognize that job-search information can be sensitive, personal, and highly consequential. This Privacy Policy explains what information we collect, where it comes from, why we process it, how we share it, how long we keep it, what rights and choices you have, and how AI-assisted features and browser-extension workflows fit into that picture.

This Policy is intended to support transparency and user trust. It is also intended to reflect the privacy principles that commonly apply to StatusFlow, including applicable Canadian requirements, international transparency expectations, and other laws that may apply depending on where you live or how you use the Services.

If you have questions, privacy requests, or complaints, contact us at privacy@statusflow.ca.

1) Scope and Who We Are

This Privacy Policy applies to StatusFlow and to the products, websites, applications, browser extensions, APIs, communications, and related services that we operate and link to this Policy (collectively, the “Services”).

In this Policy, “StatusFlow”, “we”, “us”, and “our” refer to the operator of the StatusFlow Services.

For privacy and data-protection purposes, StatusFlow generally acts as the organization that determines why and how personal information is processed in connection with the Services. Some third-party service providers process information on our behalf under contractual or technical restrictions.

This Policy does not govern third-party products, websites, employer portals, job boards, extension stores, AI providers, identity providers, or other services that are not controlled by StatusFlow, even if they interact with or are linked from our Services.

2) Short Summary

• We collect and process information needed to operate StatusFlow, secure accounts, provide tracking and analytics features, support browser-extension workflows, and deliver AI-assisted features you choose to use.
• We do not currently sell your personal information, and we do not use your personal job-search data ourselves to train public AI models.
• Some AI features may send limited user content to approved third-party AI service providers in order to generate outputs for you.
• AI output is assistive only. It can be inaccurate, incomplete, outdated, biased, or otherwise wrong. You are responsible for reviewing and deciding whether to rely on AI output before acting on it.
• Our browser extension workflows may access supported page content, URLs, form context, highlighted text, or related page information when necessary to provide user-facing features such as saving jobs, matching resumes, autofill support, or AI assistance.
• Depending on where you live, you may have rights to access, correct, delete, export, or object to certain processing of your personal information.

3) Information We Collect

We collect information directly from you, automatically from your use of the Services, from your device or browser, from identity providers you choose to use, and from the browser-extension and AI workflows you invoke.

A. Account and identity information

• Name, display name, and email address.
• Password credentials, stored in hashed form rather than plain text, where you create a direct StatusFlow account.
• Authentication-related information, such as sign-in method, account identifiers, session data, password reset and verification records, and security-related account events.
• Basic identity information we receive from optional sign-in providers, such as Google or Apple, when you choose to use them.

B. Job-search and workspace information

• Application records you create or import, including company names, role titles, statuses, dates, notes, outcomes, sources, and other workflow details.
• Job descriptions, resume content, cover letters, interview notes, follow-up drafts, thank-you drafts, attachments, and other materials you upload, paste, generate, request, or save.
• User-entered profile or settings information, including preferences, themes, reminders, and similar account-level choices.

C. AI feature inputs and outputs

• Prompts, feature requests, and instructions you submit to AI-assisted tools, including interview prep, resume review, job-page questions, draft generation, and insights explanation features.
• Source material needed to fulfill those requests, such as a job description, selected text, application history, resume content, or funnel metrics.
• AI-generated outputs, such as explanations, suggested questions, draft text, analysis, structured results, or scoring outputs.

D. Browser extension and webpage interaction data

• Page URLs, titles, supported-site detection signals, and limited page structure needed to determine whether a page is relevant to StatusFlow features.
• Job posting content, company names, role titles, job descriptions, or selected page text when you use features such as save-to-StatusFlow, AI question tools, resume-match analysis, or job extraction.
• Form-field context or page content needed to support autofill or application-assistance features that you actively invoke.
• Extension authentication tokens, sync state, extension settings, connection state, and extension diagnostics.

We do not claim the right to monitor unrelated browsing activity for advertising purposes. If extension access to webpage content is required, it is intended to be limited to providing user-facing StatusFlow functionality and related security, debugging, or abuse prevention.

E. Device, usage, technical, and diagnostic information

• IP address, browser type and version, device type, operating system, language, referrer, timestamps, and app or extension version.
• Product usage events, page views, clicks, performance data, crash or error logs, security logs, and feature usage signals.
• Cookies, local storage, session tokens, and similar identifiers used for login, preferences, security, analytics, and product reliability.

F. Communications and support information

• Messages you send us, including support emails, bug reports, and feedback.
• Records of our responses and any information you choose to provide while seeking support.

G. Sensitive or special-category information

We do not intentionally require sensitive personal information such as health data, government identifiers, or precise location in order to use the core Services. However, resumes, cover letters, or other documents you upload may contain sensitive or special-category information chosen by you. If you upload that type of information, you instruct us to store and process it as part of providing the Services you requested.

H. Children

StatusFlow is not intended for children under the age required by applicable law to use the Services independently. We do not knowingly collect personal information from children where prohibited by law.

4) Where We Get Information

• Directly from you when you sign up, log in, upload content, or use features.
• From your browser, device, or app environment automatically.
• From identity providers or integration partners you choose to use, such as social sign-in providers.
• From webpage content or extension context when you actively use browser-extension features on supported or relevant pages.
• From AI processing flows initiated by your use of AI-assisted features.

5) Why We Process Information

We process personal information for the following purposes:

• To create and administer accounts, authenticate users, and operate the Services.
• To let you track applications, manage notes, store documents, and maintain job-search workflows.
• To provide analytics, insights, dashboards, and other product functionality.
• To power browser-extension features such as page detection, content extraction, save workflows, autofill support, and AI-assisted page interactions.
• To provide AI-assisted features that you request, including drafting, explanation, review, analysis, and preparation tools.
• To maintain security, detect abuse, prevent fraud, investigate misuse, and protect the integrity of the Services and our users.
• To communicate service messages, security notices, changes, releases, support responses, and important operational information.
• To maintain, debug, improve, and develop the Services using product analytics, diagnostics, testing, de-identified information, or aggregated trends.
• To comply with applicable law, lawful requests, dispute resolution, and enforcement of our legal rights.

6) Legal Bases for Processing

Where privacy laws require a legal basis, StatusFlow generally relies on one or more of the following:

• Contract / service provision: processing needed to provide the Services you requested.
• Legitimate interests: processing needed for security, product improvement, fraud prevention, troubleshooting, non-promotional operational communications, and related business purposes, where those interests are not overridden by your rights.
• Consent: where required or appropriate, such as certain optional integrations, certain extension disclosures or feature uses, some cookies, or certain AI or data uses.
• Legal obligation: where we must comply with applicable law, lawful process, or regulatory obligations.

You may withdraw consent where consent is the basis for processing, subject to lawful or operational limits.

7) AI-Assisted Features and Important AI Disclosures

StatusFlow includes AI-assisted tools. These features are intended to support you, not replace your judgment.

A. What AI features may process

Depending on the feature you use, StatusFlow may process prompts, job descriptions, resume text, application history, selected page content, chart summaries, workflow context, or related job-search information in order to produce an AI-assisted result.

B. AI provider routing and third-party processing

To provide AI features, StatusFlow may route requests to one or more approved third-party AI processing providers. Routing may depend on the feature, performance, cost, latency, safety, privacy, or technical requirements at the time of the request.

Those providers may process inputs and outputs for the purpose of generating the result requested by StatusFlow on your behalf. We seek to structure AI processing in a privacy-conscious way, including limiting inputs where practical and using provider controls or contractual settings where available and appropriate.

C. No guarantee of accuracy

AI can make mistakes. AI output may be inaccurate, incomplete, misleading, offensive, biased, stale, improperly formatted, or otherwise unsuitable for your goals. You must review, verify, edit, and independently assess any AI-generated output before relying on it for applications, interviews, communications, career decisions, or any other purpose.

StatusFlow does not promise that AI output is correct, complete, available, or fit for a particular purpose. AI output is assistive only and is not legal, employment, human resources, immigration, financial, or professional advice.

D. Training and model-improvement statement

StatusFlow does not itself use your personal job-search data to train public AI models. If we materially change how AI inputs or outputs may be used for model training or product-improvement purposes beyond what is described here, we will update this Policy and, where required, provide notice or obtain consent.

E. Automated decision-making

StatusFlow does not use AI to make solely automated decisions that produce legal effects or similarly significant effects about you. AI features may rank, summarize, suggest, explain, or draft, but final decisions remain with you.

8) Browser Extension Disclosures

StatusFlow may offer browser-extension functionality, including current and future browser-extension builds or compatible versions. If you install or use such an extension, the following additional disclosures apply.

A. Why the extension may access webpage data

Extension access to webpage content, page URLs, tab context, or form information may be necessary to provide features that you expect and invoke, such as:

• detecting whether a page is a supported job or application page;
• capturing job details into StatusFlow;
• reading a job description for resume match or AI questions;
• supporting autofill or application assistance features;
• letting you send selected content to StatusFlow or to an AI feature.

B. Limits on extension use

We intend extension access to be limited to the purposes disclosed to you and reasonably related to the user-facing functionality of the extension. We do not intend to use extension-collected personal information for unrelated advertising purposes or to monitor unrelated browsing activity beyond what is necessary to provide, secure, debug, or improve user-facing extension features.

C. Extension store and in-product disclosures

Additional short-form disclosures may appear in an extension listing, permissions prompt, onboarding screen, or in-product notice. Those disclosures are intended to supplement this Privacy Policy, not replace it.

D. Safari-compatible versions

If we make Safari-compatible extension functionality available, similar privacy principles and disclosures will apply to that offering, subject to the platform-specific permission, technical, and store-review requirements that govern it.

9) Cookies, Local Storage, and Similar Technologies

We use cookies, local storage, and similar technologies for purposes such as:

• authentication and session continuity;
• security and abuse prevention;
• saving preferences, UI state, and settings;
• analytics, performance measurement, and reliability;
• feature operation and debugging.

Some cookies or storage mechanisms are essential to the Services and cannot reasonably be disabled without impairing functionality. Others may be optional depending on your region, browser settings, or product configuration.

10) How We Share Information

We do not sell your personal information in the ordinary meaning of that term.

We may share information only in the following circumstances:

• At your direction or request, including when you choose to use an integration, AI feature, export function, or extension workflow.
• With service providers and processors who help us host, secure, operate, support, analyze, or improve the Services.
• With AI providers when necessary to produce the AI-assisted output you requested.
• With identity, email, analytics, infrastructure, storage, security, and communications providers as reasonably needed to run the Services.
• For legal, safety, and rights-protection purposes, including compliance with applicable law, lawful requests, and protection of users, StatusFlow, and the public.
• In connection with a business transaction, such as a merger, financing, acquisition, restructuring, or sale of assets, subject to appropriate confidentiality and legal safeguards.
• Using aggregated or de-identified information that does not reasonably identify you.

We do not currently disclose personal information for cross-context behavioural advertising and do not currently sell personal information as those concepts are commonly used in privacy law. If that changes, we will update this Policy and provide any notices or rights required by law.

11) International and Cross-Border Processing

StatusFlow may process or store personal information in Canada, the United States, and other countries where we or our service providers operate. As a result, personal information may be accessible to courts, law-enforcement authorities, or regulators in those jurisdictions in accordance with applicable law.

Where required by law, we use appropriate transfer mechanisms or contractual safeguards for cross-border processing. The specific jurisdictions involved may change as our infrastructure, vendors, and technical architecture evolve.

12) Retention and Deletion

We retain personal information for as long as reasonably necessary to provide the Services, maintain security, resolve disputes, comply with legal obligations, enforce our agreements, and support legitimate business operations.

Examples of typical retention logic include:

• Account information is generally retained while your account remains active and for a reasonable period afterward where needed for security, legal, backup, or dispute purposes.
• Job-search records, uploads, and generated content are generally retained until you delete them, close your account, or request deletion, subject to technical and legal limits.
• Security logs, analytics, diagnostics, and support materials may be retained for limited periods based on operational need, legal requirements, and the sensitivity of the data.
• Backup copies may persist for a limited rolling period before being overwritten or securely deleted.

When deletion is requested, we will take commercially reasonable steps to delete or de-identify the relevant information from active systems, subject to lawful exceptions and backup or archival limits.

13) Security

We use technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, misuse, destruction, or loss.

These measures may include, for example:

• encryption in transit and other transport protections;
• access controls and least-privilege practices;
• authentication protections and account-verification workflows;
• monitoring, alerting, logging, and abuse-prevention controls;
• vendor review, contractual restrictions, and administrative safeguards.

No system can be guaranteed to be completely secure. You are also responsible for protecting your account credentials, devices, browser environment, and local extension or app access.

14) Your Choices and Controls

• You may access, update, or correct certain information from within your account where such controls are available.
• You may delete certain job-search records, uploads, or account content directly if the product offers that function.
• You may request account deletion, data access, correction, export, or related privacy assistance by contacting privacy@statusflow.ca.
• You may disconnect integrations, uninstall the browser extension, or stop using AI features at any time, though previously processed information may still be retained as described in this Policy.
• You may control some cookies and similar technologies through browser settings or region-specific controls where offered.
• You may unsubscribe from non-essential emails, but we may still send essential service, legal, support, or security communications.

15) Region-Specific Rights

A. Canada

If Canadian privacy law applies, you may have rights to access and correct personal information and to challenge our compliance with applicable law. Depending on your province or territory, additional local rules may apply.

B. EEA and United Kingdom

If the GDPR or UK GDPR applies, you may have rights to access, rectify, erase, restrict, object, or request portability of certain personal data, and to withdraw consent where consent is the legal basis. You may also lodge a complaint with the relevant supervisory authority.

C. California

If California law applies, you may have rights to know, access, correct, delete, and request information about categories of personal information collected, used, retained, or disclosed, subject to legal limitations. We do not currently sell personal information or share it for cross-context behavioural advertising in the ordinary course of the Services.

D. Other jurisdictions

If local law gives you additional privacy rights, we will endeavour to honor those rights where applicable and legally required, subject to verification, exceptions, and technical constraints.

16) Third-Party Services and Links

StatusFlow may interact with third-party services, including identity providers, employer portals, job boards, extension stores, analytics tools, cloud infrastructure providers, communications providers, and AI providers.

Those third parties operate under their own terms, privacy policies, and security practices. We are not responsible for third-party policies or conduct outside our control. You should review those third-party notices before relying on them.

17) Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, product features, AI processing, browser-extension functionality, vendors, or our privacy practices.

When we make material changes, we may provide an updated date, post a notice in the Services, send a service communication, or take other steps required by law. Your continued use of the Services after an update takes effect is subject to the updated Policy, except where applicable law requires another form of notice or consent.

18) Contact Us

• Privacy requests and complaints: privacy@statusflow.ca
• General support: support@statusflow.ca

19) Key Definitions

• “Personal information” or “personal data” means information about an identified or reasonably identifiable individual.
• “Process” or “processing” means collection, use, storage, analysis, disclosure, deletion, or similar handling of information.
• “AI-assisted feature” means a StatusFlow feature that uses machine-learning or large-language-model processing to produce an output, suggestion, explanation, or draft.
• “Browser extension” means a StatusFlow extension or compatible browser add-on that interacts with webpages, tabs, forms, or page content to provide user-facing StatusFlow functionality.
• “De-identified” or “aggregated” information means information that does not reasonably identify you.