Privacy Policy for Endorsed FraudShield Extension
Last Updated: October 26, 2025
Overview

The Endorsed FraudShield Extension ("the Extension") is designed to help recruiters and hiring teams identify potentially fraudulent job candidates by analyzing candidate information from Applicant Tracking Systems. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your data.

Chrome Web Store User Data Policy Compliance

The Endorsed FraudShield Extension's use of information received from Chrome APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. Data collected through Chrome APIs is used solely for providing and improving the fraud detection functionality as described in this policy and is not used for any other purpose.

Summary
  • Zero Candidate PII Retention: We retain 0 candidate personally identifiable information (PII) outside of temporary debugging logs - candidate data is only processed in real-time for fraud detection, not stored long-term
  • What We Collect: Candidate info for fraud analysis + usage data from your organization to improve our service
  • How Long We Keep It: User activity (12 months), fraud results (6 months), all data deleted within 90 days after contract ends or account deletion
  • Why We Collect It: To detect fraud in job applications and improve detection accuracy
  • Who We Share With: Only necessary service providers (validation services, infrastructure) - never advertisers
  • Your Control: Request deletion anytime, automatic deletion on contract termination, analysis only when you click or enable automated checks
  • Enterprise Features: Data export, audit trails, deletion APIs, compliance reports
  • Questions? Contact privacy@endorsed.ai
  • No AI Training: We do not use any candidate or user data to train AI models - all data is used solely for fraud detection analysis
What the Extension CAN Access
  • ATS Candidate Profile and Application Review Pages Only: The extension only activates on specific candidate profile and application review pages within supported ATS platforms
  • Current Page Content: Only the content of the currently active candidate profile page you are viewing
  • Candidate-Specific Data: Only candidate information displayed on the current ATS page (contact info, resume data, employment history)
What the Extension CANNOT Access
  • Other Browser Tabs: Cannot read or access content from any other browser tabs or windows
  • Other Websites: Cannot access any websites outside of the supported ATS platforms
  • Browser History: Cannot access your browsing history or other browser data
  • Personal Files: Cannot access files on your computer or personal documents
  • System Information: Cannot access system information, passwords, or other sensitive data
Data Collection
Information Collected from Candidate Profiles

When you use the Extension on a supported Applicant Tracking System (ATS) platform, we collect and process the following information:

  • Candidate Contact Information: Email addresses, phone numbers, addresses, and social profile URLs extracted from candidate resumes
  • Candidate Identifiers: Unique candidate IDs from your ATS platform
  • Resume Data: Resume files uploaded to your ATS for the purpose of extracting contact information and employment history
  • Company Information: Names of employers listed on candidate resumes
  • Page URLs: URLs of candidate profile pages you visit on supported ATS platforms
Automatically Collected Information
  • Platform Information: Which ATS platform you're using
  • Extension Usage: When you activate the fraud detection analysis by clicking the extension icon
How We Use Your Data

We use the collected data solely for the following purposes:

  1. Fraud Detection Analysis: To analyze candidate information and identify potential fraud signals
  2. Risk Assessment: To provide you with fraud risk levels and detailed fraud signals
  3. Fraud Detection Improvement: To improve the accuracy and effectiveness of fraud detection algorithms by analyzing detection patterns. This may include producing anonymized, aggregated reports on fraud trends and patterns in the hiring industry. All data used for this purpose is anonymized (contains no personally identifiable information) and remains strictly limited to improving fraud detection capabilities. These insights are not used for advertising, marketing, or any purpose other than fraud detection.
No AI Training Commitment

We do not and will never use candidate data, user data, or any data collected through the Extension to train artificial intelligence models. All data processing is limited to real-time fraud detection analysis and anonymized pattern recognition for improving fraud detection accuracy. Your data is never used to train general-purpose AI models, large language models, or any machine learning systems.

Data Processing and Storage
  • Processing Location: All data is processed solely within the United States. Data is sent to Endorsed's secure API servers located in the US for real-time fraud detection analysis. No data is transferred to or processed in other countries without appropriate safeguards.
  • Limited Use Commitment: All data collected through this Extension is used solely for fraud detection and service improvement purposes as disclosed in this policy. We do not use this data for advertising, marketing, or any purpose other than providing and improving fraud detection capabilities.
  • Zero Candidate PII Retention in Primary Databases: We retain 0 user personally identifiable information (PII) of candidates in our primary databases. Candidate information analyzed for fraud detection is processed in real-time and not retained beyond the immediate analysis, except as part of anonymized fraud patterns for service improvement.
  • System Logs Containing PII: See disclosure below. Retained for 90 days in logs only, then securely deleted or anonymized.
  • User Data Retention: We retain user activity data and fraud detection results as specified in our Data Retention section. All data is automatically deleted within 90 days of contract termination.
  • Security: We use industry-standard security measures including:
    • End-to-end encryption for data in transit
    • Regular security audits and penetration testing
    • SOC 2 Type II compliance
  • No Sale of Data: We do not and will never sell user or candidate data to third parties
System Logs Disclosure
  • To maintain and improve the stability, security, and compliance of our Chrome extension, we may temporarily collect and store candidate information such as phone numbers, email addresses, LinkedIn profile URLs, and other candidate PII in system logs.
  • This information is processed solely for debugging, monitoring, and auditing purposes within the extension — for example, to identify and resolve errors, trace performance issues, verify system behavior, and ensure lawful and secure operation.
  • Access to this information is strictly limited to authorized personnel who require it to address technical, operational, or compliance-related matters.
  • Processing of this information is carried out on the basis of our legitimate interest in ensuring the proper functioning, security, and compliance of our services, in accordance with applicable data protection laws, including the GDPR. This process is also critical to maintaining the reliability and accuracy of our fraud detection service.
  • All such candidate information is retained for no longer than 90 days, after which it is securely deleted.
  • We do not use this information for marketing or any purpose unrelated to debugging or auditing.
Data Sharing and Subprocessors

We work with carefully selected service providers to deliver our fraud detection capabilities. We do not share collected data with third parties except in the following limited circumstances:

Categories of Service Providers
  • Contact Validation Services: To verify the validity of email addresses and phone numbers
  • Fraud Risk Assessment Providers: To analyze candidate risk attributes including identity verification, contact information validation, and fraud signal detection
  • Company Data Providers: To enrich and verify employer information listed on resumes
  • Infrastructure Providers: Cloud hosting and security services necessary for service operation
  • Analytics Processors: To process anonymized usage data for service improvement

Note: A detailed list of our current subprocessors is available upon request. Enterprise customers may request this information under NDA as part of security review processes. Contact privacy@endorsed.ai for details.

Legal Compliance
  • Legal Requirements: We may disclose data if required by law, regulation, legal process, or governmental request
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity with appropriate protections

We do not share data for:

  • Advertising or marketing purposes unrelated to fraud detection
  • Sale to data brokers or third-party marketers
  • Purposes unrelated to the Extension's fraud detection functionality
Permissions Explained

The Extension requires the following Chrome permissions:

activeTab

Used to detect when you navigate to a candidate profile page on supported ATS platforms. This allows the Extension to identify which candidate you're viewing and prepare fraud detection analysis.

sidePanel

Allows the Extension to display fraud detection results in a dedicated side panel when you click the extension icon. This provides a non-intrusive interface for viewing detailed analysis.

Host Permissions

Required to detect candidate profile pages and extract candidate identifiers from page URLs. The Extension only activates on candidate profile pages within these domains.

Extension Scope and Restrictions

The Endorsed FraudShield Extension is programmatically restricted to operate only within a very limited scope:

Technical Implementation

These restrictions are enforced through:

  • Chrome Extension APIs: Uses only the minimal required permissions (activeTab, sidePanel, specific host permissions)
  • Domain Restrictions: Programmatically limited to only ATS domains
  • Page Type Detection: Only activates on candidate profile pages, not other ATS pages
  • Content Script Scope: Content scripts are injected only into candidate profile pages
Data Retention and Deletion
Retention Periods for Active Customers

We retain different types of data for different periods based on legitimate business needs:

  • User Activity Data: 90 days after contract termination (for usage analytics and support)
  • Fraud Detection Results: 90 days in logs only (for audit trails and pattern analysis)
  • Zero Candidate PII Retention in Primary Databases: We retain 0 user personally identifiable information (PII) of candidates in our primary databases. Candidate information analyzed for fraud detection is processed in real-time and not retained beyond the immediate analysis, except as part of anonymized fraud patterns for service improvement.
  • System Logs Containing PII: See System Logs Disclosure above. Retained for 90 days in logs only, then securely deleted or anonymized.
  • Audit Logs: 24 months (available for Enterprise customers only)
  • Anonymized Fraud Patterns: Retained indefinitely for industry fraud prevention purposes
Deletion Rights and Procedures
  • Deletion Upon Request: Active customers may request deletion of specific user data at any time
  • Contract Termination: All customer data is automatically deleted within 90 days of contract termination
  • Expedited Deletion: Immediate deletion (within 72 hours) available upon request
  • Deletion Certificate: Formal attestation of deletion provided upon request
Anonymized Fraud Intelligence

To protect the entire hiring ecosystem from evolving fraud tactics, we maintain anonymized, aggregated fraud patterns that cannot be traced back to any specific organization. This industry-wide intelligence helps all customers detect new and emerging fraud methods. These aggregated patterns:

  • Contain no identifiable information about organizations, users, or candidates
  • Cannot be reverse-engineered to any specific company or individual
  • Are essential for maintaining fraud detection effectiveness across the industry
  • Benefit the entire hiring ecosystem by improving fraud detection capabilities
  • Help identify emerging fraud trends that protect all users
  • Are retained indefinitely to ensure ongoing protection for the industry
Enterprise Features
  • Data Export: Export all your data in machine-readable format (JSON/CSV)
  • Audit Trails: Detailed logs of all user activities and data access (Enterprise plan only)
  • Deletion APIs: Programmatic deletion capabilities for automated compliance
  • Compliance Reports: Regular reports on data handling and retention compliance
Usage Analytics

To improve the FraudShield Extension, we collect the following usage metrics from Enterprise customers:

  • Performance Metrics: Average analysis completion time and system response rates
  • Error Tracking: Anonymized error rates to identify and fix issues
  • Platform Distribution: Aggregate usage by ATS platform to prioritize integration improvements
  • User Flow Patterns: How users navigate between different analysis views
  • Organization Usage Metrics: Aggregate usage statistics at the company level for billing and support
User Control and Rights
Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the data we've collected about candidates you've analyzed
  • Deletion: Request deletion of specific candidate analysis data
  • Correction: Request correction of inaccurate data
  • Opt-Out: Uninstall the Extension at any time to stop all data collection

To exercise these rights, contact us at the address below.

Children's Privacy

The Extension is not intended for use by individuals under 18 years of age. We do not knowingly collect data from children.

Data Security

We implement appropriate technical and organizational measures to protect collected data, including:

  • Encrypted data transmission (HTTPS)
  • Secure API authentication
  • Regular security audits and updates
  • Access controls and monitoring
Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Providing notice through the Extension or via email (if we have your contact information)
  • Posting a prominent notice on our website

Continued use of the Extension after changes become effective constitutes acceptance of the updated Privacy Policy.

Compliance

This Extension complies with:

  • Chrome Web Store Developer Program Policies
  • General Data Protection Regulation (GDPR) for EU users
  • California Privacy Rights Act (CPRA) for California users
  • Other applicable data protection laws
AI Bias Audit Commitment

We conduct annual third-party AI bias audits of our fraud detection algorithms to ensure fair and non-discriminatory analysis. These audits evaluate our systems for potential biases related to protected characteristics and help us maintain compliance with local hiring laws and regulations. Audit results and compliance documentation are available at https://trust.warden-ai.com/endorsed/ai-applicant-reviewer. Organizations may use these audit reports to demonstrate compliance with their own regulatory requirements, including NYC Local Law 144 and similar AI hiring regulations.

GDPR Compliance for EU Data Subjects
Legal Basis for Processing
  • Legitimate Interests: We process candidate data based on your organization's legitimate interest in preventing fraud in hiring processes
  • Contract Performance: Processing necessary to fulfill our services contract with your organization
  • Legal Compliance: Processing required to comply with legal obligations
EU Data Subject Rights
  • Right to access personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with supervisory authorities
International Data Transfers

Data is processed in the United States. We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) for EU-US transfers
  • Data Processing Agreements available for Enterprise customers
Enterprise Security & Compliance
Security Certifications & Audits
  • SOC 2 Type II certified
  • Annual third-party penetration testing
  • Annual vulnerability assessments
  • Regular security audits and compliance reviews
Enterprise Service Level Commitments

Available for Enterprise customers with custom agreements:

  • 99.9% uptime SLA
  • 24/7 security incident response team
  • 72-hour breach notification commitment
  • Dedicated Enterprise support with 12-hour response time
Data Processing Agreements

Enterprise customers can request our standard Data Processing Agreement (DPA) which includes:

  • EU Standard Contractual Clauses (Module 2: Controller to Processor)
  • UK International Data Transfer Agreement
  • Detailed security and compliance obligations
  • Subprocessor list and change notification procedures
Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Endorsed.ai
Email: privacy@endorsed.ai
Website: https://endorsed.ai

For data subject requests (access, deletion, correction), please include:

  • Your name and contact information
  • Description of your request
  • Candidate IDs or timeframes for the data in question (if applicable)

We will respond to verified requests within 30 days.

Developer Information
  • Developer: Endorsed.ai
  • Extension Name: Endorsed FraudShield
  • Version: 1.1.2
  • Support: support@endorsed.ai