Privacy Policy

TopScholar ("we," "our," or "us") operates the website topscholar.xyz and the TopScholar Chrome Extension (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using TopScholar, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Service.

2.1 Information You Provide

• •Email Address: Collected during OTP-based authentication to identify your account and manage your subscription.
• •Resume Data: PDF resumes you upload for optimization. This includes your name, work experience, education, skills, and other content within your resume.
• •Payment Information: When you subscribe to a paid plan, payment processing is handled by Cashfree. We store your email, plan type, order ID, and payment status. We do not store credit card or bank details.

2.2 Information Collected Automatically

• •Job Description Data: When you use the Chrome extension on a supported job site, we extract the job description text from the page to perform analysis. This data is processed in real-time and not permanently stored.
• •Device Identifiers: A randomly generated device ID is used to link your Chrome extension session with your web account. No hardware identifiers are collected.
• •Usage Data: Basic interaction data such as feature usage and error logs to improve the Service. We do not track browsing history.

We use the information we collect to:

• •Parse, analyze, and optimize your resume against specific job descriptions
• •Generate ATS fit scores, keyword gap analysis, and AI-rewritten resume content
• •Authenticate your identity via email OTP
• •Process payments and manage your subscription status
• •Send transactional emails (OTP codes, payment confirmations)
• •Store and version your resumes when you explicitly choose to save them
• •Improve, maintain, and troubleshoot the Service

TopScholar uses OpenAI's GPT-4o-mini to power resume parsing, job analysis, ATS scoring, and resume optimization. When you use these features:

• •Your resume and job description data are sent to OpenAI's API for processing
• •OpenAI does not use data submitted via their API to train their models (per OpenAI's API data usage policy)
• •We do not fine-tune or train any AI models on your personal data
• •All AI processing happens server-side over encrypted HTTPS connections

For more details, see our AI Disclosure page.

• •Resume data is stored securely in Supabase with user-level isolation. Each user can only access their own resumes.
• •Authentication data, OTP records, and payment records are stored in a PostgreSQL database managed via Prisma ORM.
• •All data transmission is encrypted using HTTPS/TLS.
• •OTP codes expire after 10 minutes and are invalidated after use.
• •We do not store passwords — authentication is entirely OTP-based.
• •Deeplink tokens (for Chrome ↔ Web editor handoff) are single-use and expire within 60 seconds.

We do not sell, rent, or trade your personal data. We share data only with:

• •OpenAI: Resume and job description content is sent to OpenAI's API for AI processing (see Section 4)
• •Cashfree: Email and order details are shared with Cashfree to process payments
• •Supabase: Resume files are stored on Supabase's infrastructure
• •Resend / SMTP: Your email address is used to deliver OTP codes and payment confirmations

We do not share data with advertisers, data brokers, or any other third parties.

The TopScholar Chrome Extension requests the following permissions:

• •storage: To store your authentication token and user preferences locally in the browser
• •tabs: To open the resume editor in a new tab when you click "Open Editor"
• •alarms: To manage session expiry and periodic token refresh
• •Host permissions (topscholar.xyz): To communicate with the TopScholar API for authentication, resume optimization, and subscription verification

The extension only activates on supported job sites (LinkedIn, Indeed, Naukri, Greenhouse, Lever, Workday). It does not run on other websites and does not collect browsing history.

• •Resumes: Stored until you delete them or request account deletion
• •OTP Records: Automatically expire after 10 minutes
• •Payment Records: Retained for accounting and legal compliance purposes
• •Subscription Data: Retained while your account is active

You have the right to:

• •Access the personal data we hold about you
• •Request deletion of your account and all associated data
• •Request a copy of your data in a portable format
• •Opt out of non-essential communications

To exercise any of these rights, contact us at support@topscholar.xyz.

TopScholar is not intended for users under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

If you have any questions about this Privacy Policy, please contact us: