Privacy Policy

1. Introduction & Who We Are

This Privacy Policy explains how Nex IT Solution ("we", "us", or "our") collects, uses, handles, stores, shares, retains, and protects information when you install or use our Chrome extensions, Autofill Genius AI and Instant Autofill Engine, and the supporting web services hosted at nexitsolution.bd.

Both Extensions have a single purpose: to help you fill out online forms by extracting information from documents you choose to upload (such as CVs, resumes, and identity documents) using artificial intelligence, and by mapping that information into the fields of web forms you are completing.

By installing or using the Extensions, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not install or use the Extensions, or uninstall them and discontinue use.

2. Summary of Data Practices

The table below summarizes the data the Extensions handle. Each item is described in full in the sections that follow.

3. Information We Collect

3.1 Account & Authentication Information

To use the AI-powered features, you sign in with an account. When you log in through the Extension, you provide your email address and password. These credentials are transmitted directly to our authentication provider (Supabase) over an encrypted connection to verify your identity. We do not store your password ourselves; after sign-in we receive and store only short-lived session tokens (access and refresh tokens) used to authorize your requests.

3.2 Documents You Upload

When you choose to upload a file — such as a CV, resume, application form, national ID, or other identity or personal document, in image, PDF, DOCX, or plain-text format — the Extension reads that file so its contents can be processed for data extraction. PDF, DOCX, and text files are parsed within your browser; images are compressed within your browser before transmission.

3.3 Personal Information Extracted From Your Documents

From the documents you upload, the AI extracts structured personal information so it can be used to fill forms. Depending on the document, this may include sensitive personal data such as your full name, parents' names, date of birth, gender, nationality, national ID or passport number, postal and permanent addresses, phone number, email address, education and work history, and a profile photograph.

3.4 Web Form & Active Page Content

When you ask the Extension to fill a form, it reads the structure and form fields of the currently active tab (for example, field labels and input elements) so it can match your saved information to the correct fields. Autofill Genius AI only runs on a limited set of websites it is designed for. Instant Autofill Engine can operate on any website where you explicitly invoke it. In both cases, page content is read only when you actively use the Extension on that page. We do not collect, track, or record your general browsing history, the list of sites you visit, or your activity on pages where you do not invoke the Extension.

3.5 Subscription & Usage Information

To enforce plan limits, the Extension retrieves and locally caches account-related information from our backend, such as your associated account/shop name, subscription plan, remaining balance, and how many extractions you have used against your limit.

3.6 Technical & Diagnostic Information

When the Extension communicates with our server, standard request information (such as the authenticated request and error responses) may be processed transiently to operate and secure the service. We do not use this information to build advertising or behavioral profiles.

4. How We Use Your Data

We use the information described above strictly for the following purposes:

• To authenticate you and authorize your AI extraction and autofill requests.
• To extract structured personal details from documents you upload.
• To map your saved information to the fields of forms you are completing.
• To store your extracted profile data locally so you can reuse it without re-uploading documents.
• To enforce subscription limits and display your remaining balance and usage.
• To maintain the security, integrity, and reliability of the service, including investigating abuse.
• To comply with applicable legal obligations.

We do not use your data for advertising, retargeting, interest-based profiling, creditworthiness or lending decisions, or to train third-party AI models.

5. How We Handle & Process Your Data

• Client-side preparation: PDF, DOCX, and text files are parsed inside your browser. Images are resized and compressed inside your browser before any transmission.
• Transmission through our server: To perform AI extraction and field mapping, the document content (or the active page's form context) is transmitted over an encrypted HTTPS/TLS connection, together with your session token, to our backend service at nexitsolution.bd.
• AI processing: Our backend forwards the content to the Google Gemini API, which returns the structured data. The data is processed solely to fulfil your request.
• No model training: Content sent for processing is used only to return your result and is not used by us or by the AI provider to train models.
• No human review: We do not allow humans to read your documents or extracted data except with your affirmative consent, where necessary for security or abuse investigation, or where required by law.
• Only on your action: Data handling occurs only when you actively trigger a sign-in, extraction, or autofill. The Extension does not process data passively or in the background.

6. How We Store & Retain Your Data

• Local storage on your device: Your extracted profile data, saved profiles, profile photo, session tokens, and cached account/usage information are stored locally in your browser using chrome.storage.local. This data stays on your device and is not synced to our servers by the Extension.
• No server retention of documents: Documents you upload and the active page content are processed in transit only. We do not permanently store, archive, or retain your uploaded documents or page content on our servers after the request that processes them is complete.
• Account record: Your account (including your email address) and subscription/usage records are stored by our authentication and backend provider (Supabase) for as long as your account remains active, so that you can sign in and so that plan limits can be enforced.
• Retention period: Locally stored data persists until you delete it or uninstall the Extension. Account and subscription records are retained for the life of your account and deleted on account closure, subject to any retention required by law.

7. How We Share Your Data

We limit data sharing to what is strictly necessary to deliver the service:

• Google (Gemini API): Document content and form context are transmitted, via our server, to the Google Gemini API to perform AI extraction and field mapping. This processing is performed only to return your requested result.
• Supabase: We use Supabase for authentication and backend hosting. Your sign-in credentials are verified by Supabase, and your account and subscription/usage records are stored on Supabase infrastructure.
• No sale of data: We do not sell, rent, trade, or license your personal data to anyone, and we do not share it with advertising platforms, data brokers, or information resellers.
• Legal & safety: We may disclose data if required to do so by law, regulation, legal process, or enforceable governmental request, or where necessary to protect the rights, safety, or security of our users or the service.
• Business transfers: If we are involved in a merger, acquisition, or sale of assets, user data may be transferred only after obtaining your explicit prior consent, consistent with the Limited Use requirements above.

8. Data Security

All communication between the Extension, our servers, and our service providers is encrypted in transit using industry-standard HTTPS/TLS. Authentication uses short-lived session tokens rather than storing your password on your device, and tokens are refreshed and discarded automatically. While no method of electronic transmission or storage is completely secure, we apply reasonable technical and organizational safeguards to protect your information.

9. Your Rights & Choices

• Access & edit: You can view and edit all of your saved profile data directly within the Extension's interface at any time.
• Delete locally: You can delete individual profiles or all locally stored data through the Extension, or remove all of it by uninstalling the Extension.
• Account deletion: You may request deletion of your account and associated server-side records by contacting us at the email address below. We will action verified requests within a reasonable period, subject to legal retention requirements.
• Withdraw use: You can stop all data processing at any time by signing out and/or uninstalling the Extension.

10. Children's Privacy

The Extensions are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at nexai6720@gmail.com and we will promptly delete it.

11. Cookies & Tracking Technologies

The Extensions do not use cookies, web beacons, pixel tags, advertising identifiers, or any passive cross-site tracking technologies. Local data is stored exclusively in chrome.storage.local, a browser storage mechanism scoped to the Extension and not accessible to the websites you visit.

12. International Data Processing

Our service providers (including Google and Supabase) may process data on infrastructure located in countries other than your own. Where data is transferred internationally, it remains protected by encryption in transit and is processed only for the purposes described in this policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will update the "Last Updated" date at the top of this page and, where feasible, provide a notification within the Extension or on the Chrome Web Store listing. Your continued use of the Extensions after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: