This Privacy Policy describes how Upwork Wizz (“Upwork Wizz”, “we”, “us”) collects, uses, stores, shares, and protects information when you use our website at www.upworkwizz.com, our Chrome extension, proposal landing pages, and related services (collectively, the “Service”).
This policy is written to meet Chrome Web Store requirements and to explain our practices in plain language. If anything here is unclear, contact hello@proposal.upworkwizz.com.
1. Scope
This policy applies to:
- The Upwork Wizz Chrome extension (reads Upwork pages you open, stores settings on your device, and calls third-party APIs you configure).
- Our website (marketing, subscribe/checkout, legal pages, and hosted proposal pages).
- Our backend services (license validation, proposal publishing, email, payments).
2. Information we collect
We collect only what is needed to run the Service. The categories below list what may be collected, depending on which features you use.
2.1 Account and subscription data
- Email address — used for free signup, Stripe checkout, license delivery, account lock (one email per license), and support.
- License key — generated when you start the Free Plan, a trial, or complete checkout; used to validate your account in the extension.
- Account status and plan — free, trial, active, cancelled, past_due, or paused (from our database and, for paid users, Stripe webhooks).
- Free Plan usage — monthly hosted proposal run count and billing-period timestamp (to enforce the 10-runs-per-month limit).
- Device binding (Free Plan only) — a one-way hash of a persistent install identifier sent from the extension when you validate a Free Plan license. We do not receive your hardware MAC address. Used to enforce one Free Plan activation per device. Not applied to paid subscriptions.
- Stripe identifiers — Stripe customer ID and subscription ID for paid users (we do not store full payment card numbers; Stripe processes cards on their site).
2.2 Chrome extension — stored on your device
The extension uses Chrome local storage on your computer. This data stays on your device unless you trigger an action that sends it to our servers or a third party (see Sections 4 and 5).
- License key and checkout email (account lock).
- Install device identifier (Free Plan) — a random UUID stored locally in Chrome; a hash is sent to our servers for Free Plan device binding (see Section 2.1).
- Anthropic API key (bring-your-own-key) — stored locally; sent directly from your browser to Anthropic when you generate content.
- Freelancer profile fields you save (display name, headline, bio, avatar URL).
- GitHub personal access token and cached repo list (only if you connect GitHub).
- Extension preferences (cover length, auto-fill mode, job-alert filters, wizard progress).
- Draft generation cache and recent generation history (local, limited).
- Custom proposal domain settings (hostname, status flags).
- Support diagnostic logs (local ring buffer; optional export as .txt by you).
2.3 Chrome extension — read from Upwork pages you open
When you are on https://www.upwork.com and use Upwork Wizz, the extension reads page content you already see. We do not collect your browsing history across other websites.
- Job titles, descriptions, budgets, skills, and application questions.
- Client “About the client” stats (hire rate, spend, reviews, location labels shown by Upwork).
- Apply-form and proposal fields (to preview or fill content you approve).
- Message thread text on Upwork Messages (only when you use Smart Reply — sent to Anthropic with your API key to draft a reply you edit before sending).
- PDF or document text you upload inside the extension for a specific job (if you use that feature).
2.4 Data you send to our servers
Sent only when you take an explicit action (validate license, publish, update profile, etc.):
- License key and email (validation and restore-account requests).
- Hashed install device identifier (Free Plan validation and hosted AI proxy requests only).
- Proposal and job context you submit for hosted AI generation on the Free Plan (processed through our backend; not stored as a permanent training dataset).
- Proposal content you choose to publish — job title, URL, budget, client name, cover letter variants, project scope, architecture, deliverables, and related JSON you approved.
- Profile fields synced on publish (display name, headline, bio, avatar URL).
- Proposal status and visibility changes (draft, sent, public, unlisted, private).
- Custom domain hostname and DNS setup metadata (if you enable a custom proposal domain).
2.5 Proposal landing page analytics
When someone opens a published proposal page, our servers may record:
- Page view timestamp and view count.
- Referrer URL and browser user-agent string.
- A hashed value derived from the visitor IP (we do not store raw IP addresses in our proposal-views table).
Optional extension notifications may tell you that a proposal page received a view; no visitor identity is shown to you beyond aggregate view counts.
2.6 Marketing site analytics (Google Analytics)
On www.upworkwizz.com (homepage, subscribe, feedback, blog, and similar marketing pages), we use Google Analytics 4 to understand traffic and how visitors use the site. Google may set cookies and collect page views, approximate location, device/browser type, and referral source. See Google's Privacy Policy. Proposal pages on freelancer custom domains are not tracked; pages on www.upworkwizz.com (including public proposal links there) are included.
2.7 Website and hosting logs
- Standard HTTP logs (IP address, browser type, pages requested, timestamps) from our host.
- Checkout session metadata when you subscribe (handled primarily by Stripe).
2.8 What we do not collect
- Your Upwork password (we never ask for or store Upwork login credentials).
- Full payment card numbers or CVV (handled by Stripe on their checkout pages).
- GPS or precise device location.
- Health information.
- Cross-site web browsing history outside Upwork tabs you have open while using the extension.
- Keystroke logging, mouse tracking, or advertising profiles.
3. How we collect information
- Directly from you — email at checkout, license entry in the extension, profile fields, API keys, GitHub token, and content you approve for publish.
- From Upwork pages in your browser — content scripts read the DOM of upwork.com tabs you visit; nothing runs on other sites.
- Automatically — license validation timestamps, proposal view logs, and standard server logs when you use the website or hosted proposal URLs.
- From service providers — Stripe webhooks (payment and subscription status), and transactional email delivery events.
4. How we use information
We use collected data only to operate and improve the Service:
- Validate licenses and enforce one-email-per-account and Free Plan limits (runs and device binding).
- Provide hosted AI proposal generation for Free Plan users within monthly run limits.
- Host proposal landing pages at URLs you control (public, unlisted, or private).
- Generate AI drafts on paid plans when you request them (via your Anthropic key, not our servers).
- Score clients and show job intel on Upwork pages you open.
- Send transactional email (license keys, subscription confirmations, support replies).
- Process payments and manage subscriptions through Stripe.
- Notify you of optional events (job alerts, proposal page views) you enable in settings.
- Provide support, debug failures, and maintain security and uptime.
- Comply with legal obligations and enforce our Terms of Service.
We do not sell your personal information. We do not use your data for unrelated advertising, credit scoring, or lending decisions.
5. How we store information
5.1 On your device (Chrome extension)
Settings, API keys, drafts, caches, and preferences are stored in Chrome local storage until you clear extension data, uninstall the extension, or use in-extension controls to remove items. You are responsible for securing your device and API keys.
5.2 On our servers
License records, published proposals, profile fields synced on publish, subscription metadata, and proposal view analytics are stored in a PostgreSQL database (hosted via Supabase) and accessed through our application backend (n8n workflows on our infrastructure).
5.3 Website hosting
Marketing pages and proposal viewers are served from Vercel. Standard access logs may be retained per Vercel's policies.
5.4 Retention
We retain account and proposal data while your subscription is active and for a reasonable period afterward for support, billing disputes, and legal compliance. You may request deletion by emailing hello@proposal.upworkwizz.com. Local extension data is removed when you uninstall or clear site data for the extension in Chrome.
6. How we share information
We share data only as described below. We do not sell personal information to data brokers or advertisers.
6.1 Third parties that receive user data
Each party receives only what is needed for its role:
- Stripe (stripe.com/privacy) — payment processing on our website; email, subscription status, Stripe customer/subscription IDs. Card data stays with Stripe.
- Resend (resend.com/legal/privacy-policy) — transactional email to your address (license keys, confirmations).
- Supabase (supabase.com/privacy) — database hosting for licenses, proposals, and view analytics.
- Anthropic (anthropic.com/privacy) — on paid plans, your browser sends your API key and prompt content directly to Anthropic. On the Free Plan, we route hosted AI requests through our backend using our Anthropic account; your prompts are not stored by us for advertising or model training.
- GitHub (GitHub Privacy Statement) — optional; if you connect GitHub, your token and requests for public repo metadata are sent from your browser to GitHub.
- Vercel (vercel.com/legal/privacy-policy) — website and proposal page hosting; may process IP and request logs.
- Cloudflare (cloudflare.com/privacypolicy) — optional custom proposal hostnames (SSL and routing); hostname and certificate metadata when you enable custom domains.
- Our backend (n8n on hosted infrastructure) — processes webhooks for license validation, proposal create/update/list, profile sync, and custom domain setup. Receives data listed in Section 2.4 when you trigger those features.
6.2 Sharing with clients and the public
When you publish a proposal landing page, the content you approved (scope, deliverables, about block, etc.) is shared with anyone who has the URL (depending on visibility: public, unlisted link, or private with password when enabled). You control publish and visibility from the extension.
6.3 Legal and safety
We may disclose information if required by law, court order, or to protect rights, safety, and security of users and the Service.
7. Chrome extension disclosures
For Chrome Web Store transparency, the extension:
- Uses permissions scripting, tabs, storage, activeTab, alarms, notifications only for Upwork co-pilot features (job intel, drafting, alerts, optional view notifications).
- Accesses hosts: upwork.com (page content), api.anthropic.com (your API key), api.github.com (optional GitHub), and our backend webhook host (license and proposals).
- Does not execute remote code — all extension JavaScript is bundled in the published package; network responses are JSON/text only.
- Does not auto-send proposals or messages; you preview and approve content before it is pasted or published.
8. Your choices and controls
- Do not install the extension or do not enter a license key if you do not want account data stored.
- Remove your Anthropic or GitHub keys anytime in extension Settings.
- Choose not to publish proposal landing pages (Upwork-only drafts remain local until you publish).
- Set proposal visibility to unlisted or private where supported.
- Disable job alerts and view notifications in extension settings.
- Cancel subscription via Stripe Customer Portal; request account/data deletion by email.
- Uninstall the extension to clear local Chrome storage for Upwork Wizz.
9. Security
We use HTTPS, access controls, and industry-standard practices on our infrastructure. No method of transmission or storage is 100% secure; we cannot guarantee absolute security. Keep your license key, Anthropic API key, and device secure.
10. Your rights
Depending on your location (including UK/EEA GDPR and similar laws), you may have rights to access, correct, delete, export, restrict, or object to processing of your personal data. Contact hello@proposal.upworkwizz.com to exercise these rights. We will respond within applicable legal timeframes.
11. Children
The Service is not directed to anyone under 16. We do not knowingly collect personal information from children.
12. International transfers
Data may be processed in the United States, United Kingdom, European Union, or other countries where our service providers operate. By using the Service, you acknowledge that your information may be transferred to jurisdictions with different data-protection laws. Where required, we rely on appropriate safeguards offered by our processors.
13. Changes to this policy
We may update this Privacy Policy. The “Last updated” date at the top changes when we do. Material changes may be communicated by email or in-product notice where appropriate. Continued use after the effective date means you accept the updated policy.
14. Contact
Privacy questions and data requests: hello@proposal.upworkwizz.com
See also our Terms of Service.