Privacy Policy

Last updated: 2026-05-13

Sales Sidekick ("we," "our," or "the extension") is a Chrome extension and backend service that helps sales development representatives (SDRs) generate real-time sales intelligence and outreach drafts from public LinkedIn profile pages. This policy explains what data we collect, how we use it, and your rights.

Two data subjects

This product processes data about two distinct groups:

1. Users — SDRs who install the extension and create an account.
2. Prospects — people whose public LinkedIn profile pages a user has chosen to view in their own browser.

Different rules apply to each group, described below.

Data collected about prospects (non-users)

Starting in v0.2.0, the analysis interface is rendered in Chrome's native browser side panel (chrome-extension://…/sidepanel/) — an isolated extension document, not an overlay injected into the LinkedIn page. The extension's content script on linkedin.com/in/* is reduced to reading the page DOM (as described below) and rendering a one-time, dismissable in-page prompt to open the side panel; no analysis output, prospect data, or compose drafts are written into the LinkedIn page itself.

When a user opens a LinkedIn profile page (linkedin.com/in/*), the extension reads the following fields from the rendered page DOM:

• Name
• Headline / title
• Current company
• About section
• Current role and tenure (derived from the first item in the experience section), including tenure expressed as integer months
• Career history (up to five past roles: title, company, date range)
• Up to three most-recent visible items from the profile's "Activity" section, each truncated to ~250 characters

Separately, when the extension first encounters a prospect's current employer, the extension's service worker may open that employer's public LinkedIn company page (linkedin.com/company/<slug>/) in a backgrounded browser tab, read public company-level metadata (company size, industry, headquarters location), and close the tab. This happens at most once every 24 hours per company; the result is cached in chrome.storage.local. The company-page URL is used only as a cache key inside the user's browser — it is not sent to our servers or to any third party. The cached values are public business data, not personal data about the prospect.

Our backend may additionally enrich a prospect's company using Anthropic's Claude API and its built-in web-search tool. The enrichment retrieves public business signals about the company — recent funding events, hiring or layoff announcements, leadership changes, product launches, and publicly-known technology choices — from public web sources. The result is cached server-side for up to 48 hours, keyed by a normalized company name and a hash of the user's playbook value props and ICP. The enrichment cache is company-level only. No prospect name, title, LinkedIn URL, or other prospect-specific identifier is sent to the search service or stored in the cache. The same enriched row is shared across all users searching the same company with the same playbook context.

Specifically: we send the prospect's company name to Anthropic to fetch public information about that company. We do not send the prospect's name, title, profile URL, About-section text, recent activity, career history, or any other personal identifier in the enrichment query. The seller-side context forwarded to the enrichment call is limited to two playbook fields (valuePropositions and icp) used to filter results for relevance; the seller's full playbook, customer success stories, and proprietary product details are not sent.

Enriched facts returned by the web-search tool are validated server-side before being stored or used. Facts containing email addresses or LinkedIn profile URLs (linkedin.com/in/) are dropped before the cache row is written, so an individual contact identifier accidentally surfaced by the search cannot end up in the shared cache.

We do not read or transmit:

• The LinkedIn profile URL
• Connection lists, messages, mutual connections, contact info, or any private/non-public LinkedIn data
• The user's own LinkedIn account information
• Any data that is not already rendered on the page the user is viewing

This prospect data is transmitted over HTTPS to our backend solely to generate real-time sales intelligence (a short list of bullets) and, for Pro users, to generate draft outreach messages. The backend forwards the data to Anthropic's Claude API for processing and returns the result to the extension.

Prospect data is processed in memory only. It is not written to any database, log, or file on our servers. Once the HTTP response is sent, it is discarded.

Activity-section content and Anthropic. Posts, reposts, and comments that the prospect has chosen to publish on their public LinkedIn profile may include third-party names, personal milestones, or other content that is broader than purely professional context. When the activity section is visible on the profile the user is viewing, we transmit up to the three most-recent items (each truncated to ~250 characters) to Anthropic's Claude API as part of the analyze request, subject to Anthropic's API data policy (API inputs are not used for model training). We treat this content strictly as professional context for generating bullets; it is not stored on our servers, indexed, or used for any other purpose, and the bullet output is bound by the prompt's safety rules (no health, family status, protected-characteristic, or other sensitive content in the output). If a prospect objects to processing of their publicly-published activity, see "Your rights" below.

If the user adds optional in-the-moment context before running an analysis (e.g., "met at conference X," "submitted demo form yesterday," or "6sense intent score: high"), that text is transmitted with the analyze request and processed in memory only — never stored server-side or in chrome.storage. The user controls what they enter, and the context is discarded when the panel closes or the user navigates to a different LinkedIn profile.

User-entered prospect context and Anthropic. Any text the user types into the "Add context" box is sent to Anthropic's Claude API as part of the analysis request, subject to Anthropic's API data policy (API inputs are not used for model training). Users are responsible for the content they enter. We recommend keeping notes professional and factual — meeting dates, intent signals, lead source, relationship context. Do not enter information about a prospect's health, family status, personal finances, protected characteristics, or any other sensitive personal information not relevant to the professional outreach purpose.

Legal basis (GDPR). For prospects in the EU/UK, we rely on legitimate interest: the data is limited to information the prospect has chosen to publish on a public profile, the processing is transient, no profile of the prospect is built or retained, and the result is delivered only to the single user who requested it. Prospects may contact us (see "Contact" below) to object to processing.

Data collected about users (SDRs)

We store the following user data on our backend (SQLite database):

• Email address — for account identity and login.
• Password hash — bcrypt-hashed; we never store or have access to your plaintext password.
• Tier — free or pro.
• Stripe customer ID and subscription ID — for billing. We do not store payment card details; all card data is handled directly by Stripe.
• Subscription cancellation state — a flag and end-of-period date used to display accurate plan status when a user has scheduled cancellation through the Stripe Customer Portal. Cleared on subscription renewal or deletion.
• Monthly analysis count and reset date — an integer counter used to enforce free-tier usage limits. We do not record which prospects were analyzed, when, or any prospect identifiers.
• Playbook — the user's own business context used to tailor AI output. Fields include: company name, pitch, ICP description, product name and summary, value propositions, proof points, tone preference, length preference, forbidden claims, objection notes, email templates, call scripts, competitive landscape, typical deal size range, sales motion, target segments, disqualifiers, and short customer success stories.

The extension also stores the following in the browser's chrome.storage.local:

• A JWT authentication token (cleared automatically on the next extension startup if expired).
• A copy of the user's playbook for offline UI rendering.

Data retention

How prospect data is used

There are two AI processing operations that involve prospect data:

1. Analyze — Sends the scraped profile fields, the user's playbook, and any optional user-entered context (the "Add context" box) to Claude to generate three short bullet-point insights. Returns the bullets and the user's tier.
2. Compose — Sends the prospect's name, title, and company, plus the bullets, the user's playbook, the same prospect_signals fields the analyze call sees (current-role tenure, recent activity excerpts, career history, company size, industry, and any user-entered per-call context), and the company-level enrichment record (server-side cache lookup — no new web search at compose time) to Claude to generate three draft outreach message variants. Free-tier users may compose up to a monthly cap (default 2/month) and will receive a 429 response once the cap is reached; Pro-tier users have no per-month compose cap.

In both cases, only the data necessary for the requested output is transmitted, and nothing is retained server-side after the response. The Phase-20 prospect_signals fields are processed in memory only on the compose path under the same rules as the analyze path: no server-side persistence (the company-level enrichment cache, populated by analyze, is the sole exception — it stores public company facts only, never prospect-specific identifiers).

Third-party processors

Anthropic's API data policy applies to data sent to their API: API inputs are not used to train Anthropic's models. We have no data-sharing agreements with any other third parties.

Resend data retention. Resend stores sent email metadata (recipient address, subject, send timestamp, delivery status) for up to 30 days for deliverability diagnostics. Email body content is not retained beyond the send attempt per Resend's current data policy. Users who want their reset email metadata removed may contact us at privacy@sales-sidekick.app and we will submit a deletion request to Resend on their behalf.

If you access the service from outside the United States, your data will be transferred to and processed in the United States. By using the extension you consent to this transfer.

Browser extension permissions

The extension's manifest.json requests:

• storage — to keep your auth token and playbook in chrome.storage.local.
• activeTab — to read the LinkedIn profile content of the tab you are actively viewing when you click the extension.
• tabs and scripting — used together so the service worker can briefly open a public LinkedIn company page (e.g. linkedin.com/company/<slug>/) in a background tab, read public company-level metadata (company size, industry, headquarters), and close the tab. This happens at most once per company every 24 hours. The extension does not use these permissions to read other websites, your browsing history, or any non-LinkedIn page.
• Host permissions for https://www.linkedin.com/in/* and https://www.linkedin.com/company/* (so the content scripts can run on LinkedIn profile and company pages), and https://api.sales-sidekick.app/* (so the extension can call our backend).

The content script runs only on URLs matching https://www.linkedin.com/in/* (individual profile pages). The background company-page scraper runs only on https://www.linkedin.com/company/* and only when triggered by the extension after the user views a profile.

The extension does not request: clipboardWrite, history, cookies, webRequest, bookmarks, or any other permission beyond those listed above. It cannot read other websites, your browsing history, or any non-LinkedIn page.

Security measures

• All traffic between the extension and our backend uses HTTPS (TLS).
• Passwords are stored as bcrypt hashes; plaintext passwords never leave the auth handler.
• Authentication uses signed JWTs. Expired tokens are detected and cleared from browser storage on extension startup.
• Prospect data and AI output are never written to disk on our servers, including in error logs.
• Database access is restricted to the backend service; the database is not publicly reachable.

What we do NOT do

• We do not store, index, or build profiles of the prospects analyzed.
• We do not record which prospects a given user has analyzed.
• We do not log raw AI output or prospect content in error logs.
• We do not access private LinkedIn data, messages, connections, or contact info.
• We do not sell or share user or prospect data with advertisers, data brokers, or any third party beyond the processors listed above.
• We do not use prospect or user data to train AI models.
• We do not collect browsing history, location, financial information, or health information.

Your rights

All users may request:

• A copy of the data we hold about them.
• Correction of inaccurate account data.
• Deletion of their account, playbook, and billing associations.

EU/UK users (GDPR) additionally have the right to: data portability, restriction of processing, objection to processing based on legitimate interest, and the right to lodge a complaint with their supervisory authority.

California residents (CCPA/CPRA) have the right to know what personal information is collected, to request deletion, to opt out of sale (we do not sell personal information), and to non-discrimination for exercising these rights.

Prospects (non-users whose public profiles were processed) may contact us to object to processing. Because we do not retain prospect data, there is typically nothing to delete; objection requests are recorded so that, if technically feasible, future requests for the same profile may be blocked.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

Children's privacy

The service is not intended for individuals under the age of 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.

Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date at the top and, for significant changes affecting how user data is handled, notify account holders by email at least 7 days before the change takes effect. Continued use of the extension after a change constitutes acceptance of the updated policy.

Chrome Web Store privacy disclosures

Per Chrome Web Store requirements, the following disclosures describe the extension's data handling:

The extension collects or processes:

• Personally identifiable information — User email (account). Prospect name, title, and company (processed in transit; not stored).
• Website content — Visible text from LinkedIn profile pages the user views (processed in transit; not stored).
• Authentication information — A JWT stored in chrome.storage.local.

The extension does not collect:

• Browsing history
• Web browsing activity outside of LinkedIn profile pages the user actively visits
• Financial or payment information (handled directly by Stripe)
• Health information
• Personal communications
• Location data
• User activity (clicks, mouse movement, keystroke logging) outside of explicit extension UI interactions

The extension's use of information complies with the Chrome Web Store User Data Policy, including the Limited Use requirements: collected data is used only to provide and improve the user-facing features of the extension, is not transferred to third parties except as described above, is not used for advertising, and is not used for credit assessments or sold.

Contact

Questions, data requests, or objections: privacy@sales-sidekick.app