Execli
BlogMission StatementPrivacyTermsSign in

Execli.ai

Privacy Policy

Effective Date: July 10, 2026

Table of Contents

  • 1. Introduction

  • 2. Information We Collect

  • 3. How We Use Your Information

  • 4. AI Processing (Anthropic)

  • 5. Bank Account Data (Plaid)

  • 6. Third-Party Subprocessors

  • 7. Data Retention

  • 8. Your Privacy Rights

  • 9. Cookies, Analytics, and Tracking

  • 10. Security Measures

  • 11. Children's Privacy

  • 12. International Data Transfers

  • 13. Changes to This Privacy Policy

  • 14. Contact Information

  1. Introduction

Execli, Inc. ("Company," "we," "us," or "our"), a Delaware C-Corporation, operates the execli.ai website and application ("Platform"), an AI-Powered Productivity Platform consisting of five integrated apps — Jobs, Budget, Fitness, Grocery, and Tasks — plus the Jarvis AI assistant and the optional Execli Auto-Apply Chrome Extension. We are committed to protecting your privacy and ensuring you have a positive experience on our Platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Platform and use our services.

  1. Information We Collect

2.1 Account Information

  • Account Information: Full name, email address, and, if you provide them, phone number and location

  • Authentication Credentials: WebAuthn/passkey public-key credentials registered to your account (we never see or store passwords — Execli uses passwordless magic links and passkeys)

  • Payment Information: Subscription plan details and billing status. We do not store credit card numbers; payment processing is handled by Stripe

2.2 Information You Create in Each App

What we store depends on which apps you use:

  • Jobs: Work history, job titles, employment dates, professional experience, and job-search preferences; uploaded documents (resumes and cover letters, PDF/DOCX); job application records and pipeline data; application packages and answers you save for auto-fill; and, if you use the Auto-Apply extension, submission proof (confirmation screenshots and text) stored to your own account

  • Budget: Budgets, categories, and — if you connect a financial account through Plaid — account names, balances, and transaction data for the accounts you connect (see Section 5; we never receive your banking credentials)

  • Fitness: Weight entries, goals, food logs and nutrition estimates, meal plans and dishes, habits, and workout logs. This data can be health-related; we treat it as private to you, we use it only to provide the Fitness features, and we never sell it or use it for advertising

  • Grocery: Grocery lists, pantry contents, and shopping trips. Grocery features may read your Fitness meal plans and your Budget categories to build lists and show spending context — these cross-app reads happen inside your own account and are never shared externally

  • Tasks: Tasks, lists, due dates, and notification preferences

  • Jarvis and AI Features: Questions and prompts you submit, conversation history, and AI-generated outputs (for example cover letters, resume summaries, categorizations, and parsed food logs)

2.3 Information Collected Automatically

When you interact with our Platform, we automatically collect:

  • Usage Data: Pages visited, features used, session information, performance timings, and client-side errors — collected by our own first-party analytics system (see Section 9). We do not use third-party advertising or analytics SDKs, and our analytics events are restricted to an allowlist of technical properties — they never include the content of your documents, transaction amounts, merchant names, food entries, or other app content

  • Device Information: IP address, browser type, operating system, and device type

  • Cookies and Local Storage: Session state and your saved preferences (see Section 9)

2.4 Email Integration (Optional)

If you choose to use Email Sync via the Execli Auto-Apply Chrome Extension, job-related emails you open in Gmail can be captured to update your application pipeline. This works without any Google API access or Google sign-in — see "Execli Email Sync (Chrome Extension)" at the end of this policy for exactly what is read and when. You can stop this at any time by removing the extension.

  1. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: Providing the features of each app you use — job tracking and applications, budgeting, fitness and nutrition tracking, grocery planning, and task management

  • AI Features: Generating content and insights via the Jarvis AI assistant and per-app AI features (see Section 4)

  • Account Management: Managing authentication, account security, and subscription status

  • Communication: Sending service updates, security alerts, and customer support responses

  • Analytics and Improvement: Understanding usage in aggregate, improving features, and fixing errors, via our first-party analytics

  • Payment Processing: Managing subscriptions, billing, and processing transactions through Stripe

  • Legal Compliance: Complying with applicable laws, regulations, and legal obligations

We do not sell your personal information, and we do not use your information for third-party advertising.

  1. AI Processing (Anthropic)

4.1 What Is Sent

To provide AI-powered features, we transmit relevant user content to Anthropic's Claude API. Depending on the features you use, this can include:

  • Resume and work history content, job descriptions, and application details (Jobs — cover letters, resume summaries, application answers)

  • Questions and prompts submitted to Jarvis, and the conversation context needed to answer them

  • Transaction descriptions for categorization and summarized spending data for insights (Budget)

  • Food descriptions you type or speak for natural-language food logging (Fitness)

  • Meal-plan and pantry context for grocery suggestions (Grocery)

  • The content of job-related emails you have chosen to sync, for classification (Email Sync)

All AI calls are routed through our own server-side proxy; your browser never communicates with Anthropic directly, and our AI provider API keys are never exposed to your device.

4.2 How Anthropic Handles It

Anthropic processes this data to generate responses in accordance with its commercial API terms. Under those terms, Anthropic does not use data submitted through the API to train its models, and retains API inputs and outputs only for limited operational purposes (such as abuse monitoring) before deletion. Please review Anthropic's Privacy Policy (https://www.anthropic.com/privacy) and commercial terms for details on their data handling practices. If Anthropic's posture changes in a way that affects your data, we will update this policy.

  1. Bank Account Data (Plaid)

5.1 How the Connection Works

Execli Budget optionally connects to your bank and card accounts through Plaid Inc. When you link an account, you authenticate directly with your financial institution inside Plaid's interface. Your online banking username and password are entered with Plaid / your institution only — they are never transmitted to, seen by, or stored by Execli.

5.2 What We Receive and Store

Plaid provides us with read-only data for the accounts you choose to connect: institution and account names, account types, balances, and transactions (dates, amounts, merchant descriptions, and categories). We store this data in our database (Supabase) protected by row-level security, meaning it is readable only by your authenticated account. We use it solely to provide Budget features — balances, transaction lists, categorization, and spending insights. We never sell financial data, never share it for advertising, and never move money (the connection is read-only).

5.3 Disconnecting

You can disconnect a linked account at any time from within the Budget app, which stops all further syncing. You can also manage or revoke Plaid's connections to your institutions at Plaid Portal (https://my.plaid.com). After disconnecting, you may delete the already-synced transaction history from Budget, or keep it for your records; deleting your Execli account removes it entirely (Section 7).

5.4 Plaid's Role

Plaid processes your data according to its End User Privacy Policy (https://plaid.com/legal/#end-user-privacy-policy). We encourage you to review it.

  1. Third-Party Subprocessors

We share your information with the following service providers, only as necessary to operate the Platform:

  • Anthropic (Claude API): AI inference for Jarvis and all AI features (see Section 4)

  • Supabase (PostgreSQL + Storage): Database hosting, row-level security enforcement, authentication, edge functions, and file storage for uploaded documents

  • Vercel: Application hosting, serverless functions, and content delivery

  • Stripe: Payment processing and subscription management. Stripe is PCI DSS compliant and does not share credit card data with us

  • Plaid: Bank account connections for the Budget app (see Section 5)

  • Resend: Outbound transactional email delivery

  • Cloudflare: DNS, CDN, WAF/DDoS protection, and Cloudflare Email Routing for inbound mail forwarding

  • JSearch / RapidAPI: Third-party job listings aggregation used to power job search features. Your search queries (role, location, filters) are sent to this service; your identity is not

  • USDA FoodData Central: Public food-nutrition database used for food search in Fitness. Your food search terms are sent to this service; your identity is not

We do not use third-party advertising networks, ad trackers, or third-party analytics SDKs. If we add or change subprocessors in a way that affects your personal data, we will update this policy.

  1. Data Retention

We retain your information for as long as your account is active or as needed to provide our services. Retention periods vary by data type:

  • Account Information: Retained for the duration of your account and 30 days after deletion

  • App Content (applications, budgets, fitness logs, grocery data, tasks, documents): Retained until you delete it or your account is terminated

  • Connected-Account Financial Data: Synced while the connection is active; no new data after you disconnect; removed with account deletion

  • Analytics/Usage Data: Event-level analytics are pruned on a rolling basis (currently 180 days); aggregated daily rollups may be retained longer for product improvement

  • Payment Records: Retained as required by law (typically 7 years for tax and accounting purposes)

If you request account deletion, we will remove your personal data within 30 days, except where retention is legally required.

  1. Your Privacy Rights

8.1 General Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you

  • Rectification: Correct inaccurate or incomplete information

  • Erasure: Request deletion of your data (subject to legal retention obligations)

  • Portability: Receive your data in a portable format and transmit it to another service provider

  • Restriction: Request that we limit processing of your data in certain circumstances

  • Objection: Object to our processing of your data for marketing or profiling purposes

8.2 EU Resident Rights (GDPR)

If you are a resident of the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to be informed: You have the right to be informed about data collection and use

  • Right to withdraw consent: You may withdraw consent to process your data at any time (for example, by disconnecting a bank account, disabling an integration, or declining non-essential cookies)

  • Right to lodge a complaint: You may submit complaints to your national Data Protection Authority

8.3 California Resident Rights (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know: Request what personal information we collect, use, and share

  • Right to delete: Request deletion of personal information collected from you

  • Right to opt-out: Opt-out of the sale or sharing of your personal information (note: we do not sell or share personal information as defined by the CCPA/CPRA)

  • Right to correct: Request correction of inaccurate personal information

  • Right to limit: Request limitation of use of sensitive personal information

8.4 How to Submit Requests

To exercise any of the above rights, please contact us at support@execli.ai with your request. We will respond within the timeframe required by applicable law (typically 30 days).

  1. Cookies, Analytics, and Tracking

9.1 What We Use

Execli deliberately keeps tracking minimal:

  • Essential session state: Authentication tokens and session data that keep you logged in. These are strictly necessary for the Platform to function

  • Preferences: Local storage entries that remember your settings (for example UI preferences, saved drafts, and your cookie-consent choice)

  • First-party analytics: Our own analytics system records usage events (pages, features, performance, errors) to our own database. No third-party analytics or advertising services receive this data, and event properties are allowlisted so they never contain your content (no document text, transaction amounts, merchant names, or food entries)

We do not use third-party advertising cookies or cross-site trackers.

9.2 Your Choice

When you first visit the Platform we ask for your consent before enabling non-essential analytics. If you decline, only strictly necessary session state is used and analytics collection is disabled for your browser; the Platform works fully either way. You can change your choice at any time by clearing the saved preference in your browser or from the consent controls on the site.

9.3 Managing Cookies in Your Browser

Most web browsers allow you to control cookies and local storage through settings. Disabling essential cookies may prevent login and core functionality. For more information, please visit www.allaboutcookies.org.

  1. Security Measures

We implement industry-standard security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These include:

  • Passwordless Authentication: We use magic links and WebAuthn/passkeys to eliminate weak passwords

  • HTTPS/SSL Encryption: All data transmitted between your browser and our Platform is encrypted

  • Row-Level Security (RLS): Database-enforced access policies ensure users can only read and write their own records — including all financial, fitness, and application data

  • Server-Side AI Routing: Calls to third-party AI providers are proxied through a server-side edge function (ai-proxy); API keys are never exposed to the browser

  • Credential Isolation for Bank Connections: Banking credentials are handled exclusively by Plaid and your institution; they never touch Execli systems

  • Access Controls: Only authorized personnel with a legitimate need have access to your data

  • Rate Limiting and Abuse Monitoring: Server-side rate limits and first-party error/abuse monitoring protect the Platform

  • Data Encryption at Rest: Sensitive data is encrypted in our databases and cloud storage

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

  1. Children's Privacy

Execli.ai is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information immediately and terminate the child's account. If you believe we have collected information from a child under 18, please contact us at support@execli.ai.

  1. International Data Transfers

Execli.ai is based in the United States, and your information is processed and stored in the United States or other countries where our service providers operate. By using our Platform, you consent to the transfer of your personal data to countries outside your country of residence, which may have different data protection laws than your home country.

For EU residents, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) to ensure adequate protection of your data during international transfers. If you have concerns about your data being transferred internationally, please contact us at support@execli.ai.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Effective Date" at the top of this policy. For significant changes, we will notify you via email or prominently on our Platform. Your continued use of Execli.ai after changes become effective constitutes your acceptance of the updated Privacy Policy.

  1. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

  • Email: support@execli.ai

  • Website: https://execli.ai

  • Company: Execli, Inc., a Delaware C-Corporation (EIN 42-1792776)


Execli Auto-Apply Chrome Extension

The Execli Auto-Apply Chrome Extension ("Extension") is an optional companion to your Execli account. It runs in your browser, fills in job application forms on supported applicant tracking systems (ATS) using packages you've prepared in your Execli account, and captures proof when you submit those applications.

What the Extension reads

The Extension reads the URL and DOM (form fields) of the active browser tab only, and only when that tab is on one of the supported ATS domains we declare in our manifest:

  • *.myworkdayjobs.com, *.workday.com
  • *.taleo.net
  • *.icims.com
  • *.successfactors.com, *.sfjobs.com
  • *.kenexa.com, *.brassring.com
  • www.linkedin.com/jobs/* (feature-flagged; currently disabled by default pending legal sign-off)

We do not read any other tab. We do not read your browser history, bookmarks, saved passwords, or autofill data.

What the Extension writes

The Extension writes only to fields on the ATS application form, and only using values you have already provided to Execli (profile information, prepared answers, attached files). We never invent or guess data — every value comes from your Execli account.

We do not modify any tab content other than the form fields we fill.

What the Extension sends to Execli's servers

The Extension communicates only with execli.ai (and our Supabase project at *.supabase.co). It sends:

  1. Run state updates — when filling starts, completes, pauses, or submits, so your Pipeline view stays current.
  2. Submission proof — when you click the ATS's Submit button, we capture the URL and a screenshot of the confirmation page, plus the confirmation text, so you have a record the application was delivered.
  3. Answer library entries — when you type an answer to an unknown question and check "Save this answer to my library," we store the question and your answer so future applications fill it automatically.
  4. Telemetry events — non-identifying technical events (fill_started, field_timeout, api_5xx, etc.) so we can diagnose problems and improve reliability. We do not log form field values in telemetry — only field shapes (id, name, label).

We do not send anything to third parties. We do not use the Extension for advertising, analytics SDKs, or user tracking.

What the Extension stores on your device

Inside chrome.storage.local:

  • Your opaque extension token — a random, server-issued string that authenticates the Extension to Execli on your behalf. NOT your password. Rotates every 90 days; revocable at any time from Settings → Connected devices on execli.ai.
  • A small queue of pending telemetry events and pending submission proofs that haven't been uploaded yet (typically empty unless your network is down).

We do not persist your application content (form values, attachments) to disk inside the Extension.

What the Extension captures during a fill

When you click "Submit" on the ATS application:

  1. We use chrome.tabs.captureVisibleTab to take a screenshot of the visible area of the tab. We only do this if the tab is still the active tab AND its URL still matches a supported ATS pattern.
  2. We upload the screenshot to your own Execli account's secure storage (Supabase Storage, encrypted at rest).
  3. The screenshot is visible only to you in your Execli Pipeline.

File uploads

When an ATS form has a "Choose file" field, the Extension:

  1. Downloads the file from your Execli-stored attachment URL into your local Downloads folder under a clearly-named file (e.g. execli-resume-abc.pdf).
  2. Asks you to pick that file in the OS file picker that Chrome opens.
  3. Cleans up the downloaded file after you've attached it.

We never invisibly upload files. Every file selection is driven by you clicking in the OS picker.

How to revoke the Extension's access

Two ways:

  1. From execli.ai — Settings → Connected devices → Revoke. The Extension's next API call will fail with 401 and the Extension will sign itself out automatically.
  2. From Chrome — chrome://extensions → Execli Auto-Apply → Remove. This deletes all local Extension storage (token + queues) from your device.

Telemetry detail

The events we record via the Extension live in your Execli account's system_events table with actor='extension'. You can view them from your account dashboard. Events include:

  • fill_started, fill_complete, submit_detected
  • proof_upload_succeeded, proof_upload_failed, proof_upload_abandoned
  • auth_error, api_4xx, api_5xx, field_timeout, overall_timeout, ats_layout_unrecognized, upgrade_required_seen
  • multi_step_advance, attachment_user_attached

Payload shapes include ATS slug, field descriptor (id/name/label — not value), and error message. We do not include your answers, attachments, or any personally identifying information beyond your user_id (which is already associated with your Execli account).

Changes to this section

If we change how the Extension handles your data, we will update this section and bump the Extension version. The Chrome Web Store will surface a new permission consent prompt before any expanded permission takes effect.

Last updated: 2026-05-20.

Execli Email Sync (Chrome Extension)

The Execli Auto-Apply extension can also keep your job-application Pipeline up to date by reading job-related emails directly from your open Gmail tab — with no Gmail API access and no Google sign-in.

What it reads

The extension runs a content script only on mail.google.com. When you open an email and either the sender is a known recruiting/ATS domain (e.g. greenhouse.io, lever.co, workday, smartrecruiters, indeed, linkedin) or the subject looks application-related (e.g. "interview", "your application", "next steps"), it reads that one open conversation's:

  • subject line
  • sender name + email address
  • message body text
  • the message's stable Gmail message id (so the same email isn't read twice)

It does not use the Gmail API, request any Google OAuth scope, or read your inbox list, your other emails, attachments, contacts, or any email you haven't opened. It reads only the conversation currently on screen, and only when it matches the job-related criteria above.

What it sends to Execli

The captured email (sender, subject, body) is sent to your own Execli account at execli.ai. Execli's AI classifies it (e.g. "interview invite", "rejection", "offer"), matches it to one of your tracked applications, and creates a proposed change to your Pipeline that you review and approve or dismiss. Nothing is changed automatically.

Limited use

Email content is used solely to provide this application-tracking feature for you. It is never sold, never shared with third parties, never used for advertising, and never used to train generalized AI models. This use complies with the Chrome Web Store User Data Policy, including its Limited Use requirements. You can turn Email Sync off at any time by removing the extension (or simply by not opening Gmail).

Last Updated: July 10, 2026

© 2026 Execli, Inc. All rights reserved.
execli.aimissionprivacytermssign in