← Back to home

Privacy Policy

Last updated: May 5, 2026

1. Overview

UpJobPilot ("we", "our", "us") is a product by Doone (doone.dev). This Privacy Policy explains how we collect, use, and protect information when you use our software and website.

UpJobPilot is a locally-run desktop application. Your Upwork OAuth tokens, job data, and settings are stored exclusively on your own machine. AI processing happens directly between your machine and your chosen AI provider — your job data does not pass through our servers, except briefly during the free trial (see Section 2).

2. Information We Collect

What we collect depends on whether you're on the 14-day trial or the monthly subscription. Both tiers use Bring-Your-Own-Key (BYOK) — your AI provider key, your data going direct from your machine to your provider.

14-day Free Trial (no credit card):

• Email address — collected by LemonSqueezy at trial signup. Used for license issuance + 4 transactional reminder emails (welcome, day 11, day 13, day 14) sent via Brevo.
• Hashed Upwork user identifier — when you connect Upwork OAuth, we send your Upwork user.id to our Cloudflare Worker hashed with a server-side secret (SHA-256 + salt). We use it to enforce one trial per Upwork account (anti-abuse). We never see your Upwork account name, email, or profile data — only the irreversible hash.
• License envelope — a cryptographically signed payload bound to your hashed Upwork ID and trial expiry, stored locally so the app can verify trial status offline. The envelope contains no PII.
• Job data and AI processing — your job data and proposals are sent directly from your machine to your chosen AI provider (Anthropic / Google / OpenAI) using your own API key. This data never reaches our servers. Local usage counts, token totals, and costs are recorded in the app's local SQLite database only.

BYOK Monthly subscription ($9/mo, sold via LemonSqueezy):

• License key — issued by LemonSqueezy at checkout. Sent to our Cloudflare Worker for server-side validation; cached for up to 2 hours alongside your tier.
• Email address — collected by LemonSqueezy at checkout for billing and license delivery. We do not separately store your email beyond what LemonSqueezy returns during license validation.
• Hashed Upwork user identifier — same as for the trial: opaque hash, used to bind your license cryptographically to your Upwork account so a stolen license key alone won't work elsewhere.
• Machine identifier — a SHA-256 hash of your machine hostname, OS, architecture, and username, generated locally on first launch. Sent to our Worker on every license validation so we can enforce the 3-machine activation limit. We never see hostnames or usernames in plain form.
• Job data and AI processing — your job data and proposals are sent directly from your machine to your chosen AI provider (Anthropic / Google / OpenAI) using your own API key. This data never reaches our servers. Local usage counts, token totals, and costs are recorded in the app's local SQLite database only.

3. Information We Do NOT Collect

• Your Upwork OAuth credentials or tokens (stored locally only)
• Your Upwork account details or profile data
• Your Upwork job history, applied proposals, or any personal freelancer data
• Your AI provider API keys (BYOK keys are stored locally only, never transmitted to our servers)
• For BYOK users: your job data, AI prompts, AI responses, or anything produced by AI — these go straight from your machine to your AI provider and back
• Browser data, cookies, or tracking pixels on the app itself (the marketing site uses Umami, a privacy-friendly analytics service that does not use cookies)

4. Third-Party Services

• LemonSqueezy — payments and license issuance for Subscription variants. Subject to their Privacy Policy.
• Brevo — transactional email delivery (BYOK license key emails, support replies). Subject to their Privacy Policy.
• Anthropic (Claude AI) — processes job text for AI analysis. Subject to their Privacy Policy. For BYOK users, Anthropic is your direct counterparty — we are not involved.
• Google (Gemini) — alternative AI provider. Subject to their Privacy Policy. For BYOK users, Google is your direct counterparty — we are not involved.
• Cloudflare — hosts our Worker, KV storage, R2 asset delivery, and Pages site. Subject to their Privacy Policy.
• Umami — privacy-friendly analytics for our marketing site (no cookies, no cross-site tracking). Subject to their Privacy Policy.

5. Browser Helper Extension — AI Features

The optional UpJobPilot Browser Helper extension reads content from upwork.com pages you have open and forwards it to the UpJobPilot app on your own machine. It powers: job scoring & client insights (on a job's detail page, it reads the job posting and the publicly-shown client information so the app can score fit), in-list score badges (on search/Find Work pages), proposal autofill (on a job's Apply page), "Ask UpJobPilot" (a question you type about the open job), message reply generation (on the /messages/rooms/… chat threads), and the optional "Connect with UJP" action (which reads your own Upwork freelancer profile — title, skills, stats, portfolio — when you open your profile page, so the app can tailor scoring and run a profile audit without the Upwork API).

The extension only reads pages you yourself open while browsing; it does not browse Upwork on its own, and it makes no calls to Upwork's API. It works without any Upwork API key.

What gets sent where, when an AI feature runs:

• The relevant page content — for scoring: the job posting and the client info shown on the page; for proposal autofill: the job description and screening questions; for "Ask": your question plus the job details; for message reply: the most recent ~20 messages in the open thread, which can include messages written by the other party of the conversation (your client); for "Connect with UJP": your own profile data — is read from the page by the extension.
• The extension forwards it to the UpJobPilot app running on your own machine (http://localhost:3000).
• The app sends it directly to the AI provider you configured in setup (Anthropic, Google Gemini, or OpenAI), using your own API key. This content does not pass through UpJobPilot servers.
• The AI provider's response (the generated proposal text or message reply) comes straight back to your machine and is dropped into the form field on the page. We do not log it, store it, or transmit it onward.

About content written by your conversation partner: Message-reply generation, by design, sends recent messages from the thread — including those written by your client — to your chosen AI provider so the AI has context to write a relevant reply. This is the same pattern used by Grammarly, Gmail Smart Compose, Apple Intelligence, Microsoft Copilot, and other AI assistants that read your inbox or chat. Your protection is the AI provider's API terms of service, which for Anthropic, OpenAI (paid API), and Google (paid Gemini) include: no training on your inputs, ephemeral retention for abuse detection (typically 30 days), and standard breach-notification obligations. UpJobPilot is not a counterparty to that data — it leaves your machine on your own credential, under your own contractual relationship with the provider. We strongly recommend reading the linked policies in Section 4 before relying on AI features for sensitive conversations.

One-time consent. The first time you trigger message-reply generation, the extension shows an in-product notice summarizing the data flow above and asks you to confirm. You can revoke this preference at any time by clearing the extension's storage in Chrome's extension settings.

What we do NOT do with extension AI features: we do not log conversation content; we do not store it on our servers; we do not send it to UpJobPilot's analytics, our admin dashboard, or any third party other than your chosen AI provider; we do not retain a copy locally after the form is filled.

6. Data Retention

• Free Trial counters — kept while the install is active; reset on uninstall or if you progress to a paid plan.
• Subscription license validations — cached up to 2 hours, then re-fetched from LemonSqueezy.
• Email content — transactional emails sent via Brevo follow Brevo's retention policy. We do not maintain a separate copy.
• AI-feature content (proposals, chat messages, generated replies) — not retained by UpJobPilot. Held by your AI provider per their policy (linked in Section 4).

7. Your Rights

If you are located in the EU/EEA, UK, or California, you have rights under GDPR / UK-GDPR / CCPA, including the right to:

• Access the personal data we hold about you
• Have it corrected or deleted
• Receive a portable copy
• Object to processing or withdraw consent

To exercise any of these rights, email [email protected]. Most requests are handled within a few business days. For BYOK users, requesting deletion of your record will revoke your license — please request a refund first if that's not your intent.

8. Children's Privacy

UpJobPilot is not intended for users under the age of 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the service constitutes acceptance of the revised policy.

10. Contact

Questions about this policy? Email us at [email protected].