Vidhya Autofill — Browser Extension Privacy Policy
Last updated: 20 June 2026
Vidhya Autofill ("the extension") helps students fill university application portals using the application details they have saved in their Vidhya account. This policy explains exactly what the extension accesses, what we store, and the rights you have over your data. It is written to meet GDPR / UK GDPR, the India Digital Personal Data Protection (DPDP) Act, and the requirements of the Chrome Web Store.
1. Who we are
Vidhya (the data controller). Contact: privacy@govidhya.com.
2. What the extension accesses
- Your saved application profile — read-only — from your Vidhya account,
only after you sign in and grant the
profile.autofill.readpermission. This is structured data you chose to save (name, contact details, address, family/ guardian details, funding, education history, employment, test scores, and common supplemental answers). - The content of application pages — only when you click "Fill this page".
At that moment the extension reads the form on the active tab to detect its
fields and fill them. To identify fields on portals it doesn't have a template
for, it sends only each field's labels/structure (label, placeholder,
section heading, input type, option labels) to Vidhya's server for AI
matching — never your saved values and never other page content. The
extension runs on a page only on your explicit click (via
activeTab).
3. What we do NOT collect or store
- We never collect passport numbers, national ID / SSN, or proof-of-funds figures. You enter those directly on the portal.
- We never store, generate, or process essays, personal statements, statements of purpose, references, or any written work a university expects you to author. That content is always yours.
- The extension never submits an application for you.
- We do not sell, rent, or share your data with any third party, and we do not use it for advertising or any purpose other than autofill.
4. How your data is stored and protected
- In transit: all communication with Vidhya uses TLS (HTTPS).
- At rest (server): your application details are encrypted at rest in a store isolated from all other Vidhya data and accessible only by the autofill profile API. Access is least-privilege and every access/change is audit-logged.
- On your device: the synced profile is encrypted (AES-GCM). The encryption key and your access token are held in memory only and are erased when you close your browser, which re-locks the extension and requires you to reconnect.
- Authorization: the extension uses OAuth 2.0 (authorization code + PKCE). It never sees or stores your Vidhya password.
5. Lawful basis & consent
We process this data on the basis of your explicit, informed consent, given inside the Vidhya app before any application detail is collected. Consent is specific to autofill and is freely revocable at any time.
6. Minors
Where you are under 18, we require a verifiable parent/guardian consent acknowledgement (guardian name and email) before any application detail is saved, in line with GDPR and the India DPDP Act.
7. Your rights
At any time, from the Vidhya app, you can access, export, correct, or delete your data, or withdraw consent to erase all saved application data immediately. You may also email privacy@govidhya.com to exercise any data-subject right (access, rectification, erasure, portability, restriction, or objection).
8. Retention
Application details are retained only while your consent is active. Withdrawing consent or closing your account erases the data. Audit logs are retained for a limited period for security and compliance, then deleted.
9. Changes
We will update this policy as needed and revise the date above. Material changes will be communicated in-app.