Lentra - Privacy Policy

Effective date: May 8, 2026 Last updated: May 8, 2026

This policy explains what Lentra (“we,” “us”) collects, why, where it goes, and how to delete it. Lentra is the Chrome extension at getlentra.com, operated by Lentra LLC.

If you’d rather skim: we collect what’s needed to fill job applications and keep your profile synced across devices, we never sell or share your data with advertisers, we don’t use your data to train AI models, and you can delete everything from Settings → Account → Danger Zone in two clicks.

1. What Lentra is

Lentra is a browser extension that fills out online job applications using a profile you save once and an AI service for free-text questions (“Why are you interested in this role?”). You sign in with Google so your profile and resume sync across devices.

This policy covers data we collect through the extension, our backend, and the marketing site at getlentra.com.

2. Data we collect

We split data into three categories based on where it goes.

A. Stays on your device (never sent anywhere)

• Form values you’ve already typed yourself.
• Pages you visit that don’t trigger an autofill.
• The contents of any field that was filled by a local rule or directly from your profile (no AI involved).

B. Sent to our servers

When you sign in:

• Your Google email address and a unique account identifier to authenticate you and scope your data. We do not request or access your Google contacts, calendar, or any other Google data.
• Sign-in tokens so we can keep you signed in across sessions.

When you save profile data:

• Your profile - name, contact information, citizenship, work-authorization answers, optional equal-employment self-ID answers, professional links (LinkedIn, GitHub, portfolio, personal website), education, work experience, skills, projects, certifications, awards, custom Q&A, and your application defaults (compensation, notice period, etc.).
• Your resume file (PDF or DOCX) and the extracted text of it. The file is stored encrypted at rest, and the extracted text is used to inform AI answers about your background.

When you click Fill on a job application:

• An analytics row containing the page’s hostname, the detected applicant-tracking-system identifier, the count of fields filled and unfilled, and - when we can extract them - the role title, company name, and canonical URL of the posting. This powers the Recent Fills list and our rate limits.

We do not store the values you fill into form fields. We store counts, not contents.

C. Sent to AI providers

When a field can’t be answered by a local rule or your profile, the extension sends one request per field to our backend, which forwards it to an AI service to draft an answer. Each request contains:

• The page URL (host + path).
• The field’s metadata - its label, placeholder, options, nearby text - so the model can write a sensible answer. We do not send the page’s full HTML.
• A redacted subset of your profile, intentionally chosen to give the model context for essay answers without leaking strict PII. High-level categories: your name, public profile links, education, work experience, skills, application defaults (compensation, work authorization, etc.), and any custom Q&A you’ve saved.
• The extracted text of your resume so the model can pull project specifics when answering essay questions.

We do not send to any AI provider:

• Your email address, phone number, full street address, or postal code.
• Your demographic self-ID answers (gender, race, veteran status, disability, sexual orientation).
• The raw resume file (only the extracted text).
• Anything from any other browser tab.

3. Why we collect it

• Sign-in identity - to authenticate you and scope your data.
• Profile + resume - so Lentra can fill applications without you re-entering the same information on every site.
• Per-fill analytics - to show you the Usage dashboard and enforce rate limits.
• AI request payload - so the model can write coherent answers grounded in your actual background.

We do not use your data to train AI models. We do not sell it. We do not share it with advertisers.

4. Subprocessors

We use the following third parties to operate Lentra. Each receives only the data necessary for their role.

• Cloudflare, Inc. - runs our backend. Receives all extension requests for routing and processing. (Privacy)
• Supabase, Inc. - stores your profile, resume file, resume extracted text, and fills analytics. Encrypted in transit (TLS) and at rest. (Privacy)
• Google LLC - verifies your identity at sign-in via Google Sign-In. We use the OAuth scope openid email profile and request no additional Google data. (Policy)
• AI inference providers - receive the redacted prompt described in §2.C to draft answers to free-text questions. Lentra does not use your data to train AI models. Each AI provider has its own data-handling and retention terms, which we review when we select or change providers. We may change AI providers from time to time; the data categories sent (per §2.C) remain unchanged.

We do not transfer data to any other third party for advertising, analytics, or model training.

5. How long we keep it

• While your account is active - indefinitely. You can update or delete any field via Settings, or delete everything via Danger Zone.
• Once you delete your account - your profile, resume, fills history, and authentication record are removed within seconds. Provider-side backups and operational logs roll off per the providers’ standard retention windows.
• AI provider retention - varies by provider. AI providers may retain transient request logs per their own policies; we have no control over those logs.

6. Your rights

You can:

• See your data - Settings → any tab. Your profile and resume are visible there.
• Export your profile - Settings → Profile → Export. Returns a JSON file.
• Delete individual fields - clear the field in Settings; the change syncs.
• Delete your account and all data - Settings → Account → Danger Zone → Delete account. Two-step confirmation; once you confirm, server-side rows and locally-stored data are wiped immediately.

If you’re in the EU/UK, you have rights under GDPR (access, rectification, erasure, portability, objection). If you’re in California, you have rights under the CCPA. The Delete-account flow above satisfies the core erasure right; for any other request, email us (see §12).

7. Cookies and tracking

The extension does not set cookies. The marketing site at getlentra.com does not use advertising cookies. Our backend does not use third-party analytics.

8. Security

• Sign-in tokens are stored in chrome.storage.local, accessible only to the Lentra extension on your device.
• Your resume and profile are encrypted in transit (TLS 1.2+) and at rest (AES-256).
• We do not log or store the values of form fields you fill.
• The extension’s permissions are limited to those required for autofill and listed at install time.

If you discover a security issue, please email us (§12) before disclosing publicly. We aim to respond within 72 hours.

9. Children

Lentra is not directed to children under 13 (under 16 in the EU/UK). We do not knowingly collect data from minors below that age. If you believe a minor has signed up, contact us and we’ll delete the account.

10. International transfers

If you sign up from outside the United States, your data is transferred to and processed in the US. We rely on standard contractual clauses with our processors where applicable.

11. Changes to this policy

If we make a material change (new data category, new subprocessor, change to retention), we’ll update the “Last updated” date at the top of this document and post a notice at getlentra.com/privacy. Continued use after a material change means you accept the updated policy. You can always delete your account if you don’t.

12. Contact

Questions, deletion requests, or concerns:

support@getlentra.com

We aim to respond within 5 business days.

Lentra LLC Wyoming, USA