1. Who we are
FormPilot is a Chrome extension built and maintained by an independent team — Karan Raj, Saagnik, and Havinash — operating at Open Loop. It is open source under the MIT license.
This policy describes what FormPilot does (and doesn't do) with your data when you use the extension.
2. What data FormPilot handles
Data you create inside FormPilot
When you build a profile, FormPilot collects only what you type into it. That can include:
- Identifiers: name, email, phone number, address.
- Professional information: work history, education, resume / "Raw Info" content.
- Authentication information: API keys you paste in to use AI providers.
- Optional vault contents: stored payment cards and credentials, if you choose to use those features.
- Personal communications you generate: cover letters and other AI-generated text written into form fields.
All of this is stored exclusively in chrome.storage.local, sandboxed to FormPilot, on your device. It is not synced to any server we operate.
Data we don't collect
- No analytics. No usage telemetry. No crash reporting.
- No advertising identifiers. No cookies of any kind set by FormPilot.
- No browsing history outside of forms you explicitly choose to fill.
- No location data. No microphone, camera, or clipboard access.
3. How your data is used
Inside the extension
Profile data is read by FormPilot when you press Scan or Auto-Fill on a page, so the extension can match the right value to the right field. It is not read at any other time.
Sent to the AI provider you chose
To fill a form intelligently, FormPilot constructs a prompt that includes:
- The labels and metadata of the fields it detected on the current page.
- The slices of your profile that look relevant to those fields.
That prompt is sent directly from your browser to the API of whichever provider you configured (OpenAI, Anthropic Claude, Google Gemini, or Groq). It does not pass through any FormPilot server, because no FormPilot server exists.
Each provider has its own privacy policy that governs what they do with the request:
- OpenAI — openai.com/policies/privacy-policy
- Anthropic — anthropic.com/legal/privacy
- Google (Gemini) — ai.google.dev/gemini-api/terms
- Groq — groq.com/privacy-policy
4. How your data is shared
FormPilot does not:
- Sell your data — we have nothing to sell.
- Transfer your data to any third party for purposes unrelated to filling the form you asked us to fill.
- Use your data to determine creditworthiness or for any lending purpose.
- Use your data for advertising or marketing.
The only outbound traffic FormPilot makes is the prompt described in section 3, sent to the AI provider you explicitly chose.
5. Permissions, in plain English
| Permission | Why FormPilot needs it |
|---|---|
host_permissions / <all_urls> | Required so the content script can read form fields on the page you're on and inject filled values back. Triggered only when you click the toolbar icon and press Scan or Auto-Fill. |
storage | To persist your profiles, vault, settings, and history locally in chrome.storage.local. Never used for cloud sync. |
activeTab | To access the DOM of the current tab when you invoke the extension. |
scripting | To inject the content script that scans and fills form fields on the current page. |
6. Data retention & deletion
Your data lives on your device until you delete it. There are three ways to do that:
- Settings → Reset inside FormPilot — wipes profiles, vaults, history, and stored API keys.
- Uninstall the extension — Chrome removes the extension's
chrome.storage.localalongside it. - Clear browser data — clears extension storage along with browsing data, depending on the options you select.
Because we never receive your data, there is nothing to delete on our end.
7. Children
FormPilot is not directed to children under 13, and we do not knowingly collect data from anyone — child or adult — on our servers, because we don't have servers.
8. Security
Data security on your device is governed by Chrome's extension sandboxing. FormPilot specifically:
- Stores all sensitive values inside
chrome.storage.local, scoped to this extension only. - Sanitizes API keys to strip hidden Unicode characters before sending requests.
- Validates cross-script messages against
chrome.runtime.idto reject any message not from FormPilot's own background or content scripts. - Never auto-submits a form. You always click submit yourself.
9. Open source
FormPilot is licensed under MIT. The full source is available at github.com/Karan-Raj-KR/FormPilot. Every claim in this document corresponds to a verifiable code path. We encourage you to audit it.
10. Changes to this policy
If we change this policy, we'll update the "Last updated" date at the top of the page and note the change in our GitHub repository's CHANGELOG. Material changes will be highlighted in a release note when you next open the extension.
11. Contact
Privacy or security questions? The fastest channel is a GitHub issue. For sensitive matters that shouldn't be public, open a private security advisory on the same repo.