Privacy rights

What Hyrelane reads, stores, and deletes

Hyrelane is built for user-controlled job search workflows. Resume data, Gmail snippets, extension reads, browser sessions, credits, and outcomes stay scoped to the user action that enabled them.

Last updated

June 13, 2026

These pages describe launch behavior for website, extension, Gmail, browser sessions, credits, payments, and deletion controls.

Open Hyrelane

Extension trust copy

Hyrelane reads the current job page only when you click Analyze.

It does not read unrelated pages. It does not submit applications without your review.

No model training

User data is not used for model training.

Generated outputs must stay grounded in confirmed resume/profile facts or show a violation instead of inventing claims.

Resume and profile data

Resume files, parsed profile facts, resume versions, evidence maps, QA answers, and generated assets are used to run Hyrelane workflows for the signed-in user.

Uploaded resumes are private and use signed access paths.
Only confirmed profile facts should be used in generated drafts and exports.
Users can request resume/profile deletion or account deletion from privacy controls.
Hyrelane does not use user data for model training.

Gmail outcome intelligence

Gmail is optional and exists only to classify job-related responses and suggest tracker updates.

Gmail connection is explicit opt-in.
Launch scope is readonly and must not include Gmail send permission.
Hyrelane stores snippets by default, not full email bodies.
Users can disconnect Gmail and delete stored snippets.

Chrome extension trust

The extension is designed around current-page review and manual approval.

Hyrelane reads the current job page only when you click Analyze.
It does not read unrelated pages.
It does not submit applications without your review.
Host permissions are limited to the v3 P0 job and ATS source list.

Browser-assisted apply

Browser sessions are supervised and isolated. They help prepare forms, but final submission stays with the user.

Sessions are time-limited and destroyed after completion or timeout.
Sensitive fields are masked in logs and review payloads.
Browser-assisted apply is manual-final-submit by default.
No silent application submission is allowed.

Deletion workflow

Deletion requests stop connected workflows first, then queue data cleanup for the relevant records.

Account deletion stops Gmail sync and active browser-session creation immediately.
Resume deletion removes active resume/profile records and storage access.
Gmail deletion clears encrypted tokens and stored snippets.
Payment, credit ledger, and admin audit records may be retained only where legally or operationally required, with PII redacted where possible.

Logs and analytics

Operational logs, Sentry, LangSmith, PostHog, and admin views should receive redacted data only.

Do not log raw resume text, Gmail bodies, passwords, private LinkedIn data, or unredacted ATS payloads.
Product analytics should describe events and outcomes, not expose private document bodies.
Admin views must use redacted evidence by default.