Privacy Policy

OutreachGenie is a workspace for LinkedIn outreach. The Outreach Genie Chrome extension performs LinkedIn actions you request from inside your browser, such as profile visits, connection requests, messages, comments, reactions, and prospect extraction. The web app is where you build campaigns, store prospects, and review activity.

To provide the Service, we handle a focused set of data: your account information, your workspace state, the LinkedIn session signals already present in your browser, and the prospect records you create. We do not sell user data, we do not use it for personalized advertising, and we do not share it with data brokers or resellers.

This policy applies to the Service as a whole. Where features behave differently in the web app and the extension, those differences are described inline.

We collect only the information needed to authenticate users, connect the extension to a workspace, run user-requested LinkedIn workflows, store CRM records, and operate the Service. The categories of data are described below.

2.1 Account and profile data

When you sign in, we receive your name, email address, profile picture, and related account identifiers from the identity provider you use to authenticate. This information is used to create your account, identify you within the Service, and contact you about the account.

2.2 Workspace and connection data

We store workspace identifiers and names, your role within a workspace, the connection state between your extension and your workspace, locally stored extension credentials, and runtime status held in chrome.storage.local. This is required to keep the extension paired with the correct workspace and to resume work across sessions.

2.3 LinkedIn session signals

When you ask the extension to perform LinkedIn actions, it reads LinkedIn session cookies, CSRF tokens, profile URNs, and page-derived identifiers locally in your browser so it can authenticate the requests you triggered. These signals stay in your browser and are used only to perform the actions you requested.

2.4 LinkedIn page content

To support user-facing features, the extension reads content from LinkedIn pages you visit, including profile URLs, search pages, post URLs, connection pages, and data extracted from those pages (such as names, headlines, companies, and engagement signals).

2.5 Prospect and CRM records

You can create or import prospect records that include LinkedIn URLs, names, company, title, optional email and phone fields, notes, list memberships, and custom fields. This data is stored in your workspace.

2.6 Messaging and engagement data

When you use messaging-related features, we process the message text you send, conversation metadata, reply checks, comment data, reaction data, and post-derived prospect lists. This is necessary to execute the workflows you trigger and to record their outcomes.

2.7 Operational records

We maintain operational records such as task outcomes, runtime history, recent connection sync, profile metrics, error logs, webhook delivery status, and workspace analytics. These records help us keep the Service reliable, debug issues, and provide support.

Data is collected directly from you, through LinkedIn sign-in, from your use of the web app, and from the extension while you are on LinkedIn and have asked the product to perform an action. We use this data for the following purposes:

• To authenticate you and load your workspace.
• To connect the extension and verify that it remains paired with your workspace.
• To run the LinkedIn actions you trigger, including profile visits, invites, messages, comments, reactions, syncs, and prospect extraction.
• To store and organize prospects, lists, campaigns, activity history, and analytics inside your workspace.
• To maintain product reliability, recover from runtime errors, investigate abuse, and provide support when you ask for it.
• To send action results to destinations you configure, such as user-provided webhook URLs.

We do not use your data to train general-purpose machine learning models, to profile you for advertising, or for any purpose outside of operating and improving the Service.

We do not sell user data. We share user data only in the limited situations described below.

• With LinkedIn, when the extension performs the LinkedIn action or request you asked it to perform.
• With service providers that host, store, secure, or deliver the Service on our behalf, such as infrastructure, database, and deployment providers acting under our instructions.
• With destinations you explicitly configure, including webhook URLs that receive task results or extracted prospect data at your direction.
• For legal or safety reasons, when required to comply with law, enforce terms, investigate abuse, or protect users, the Service, or the public.
• In a business transaction, as part of a merger, acquisition, financing, or asset sale, subject to appropriate confidentiality and legal requirements.

We do not share user data with advertising platforms, data brokers, or other information resellers, and we do not use user data for personalized advertising.

The web app uses cookies for authentication. The extension uses Chrome local storage for workspace connection state, runtime status, cached identifiers, and related operational data. The extension may also read LinkedIn session cookies and tokens locally in your browser so it can authenticate the LinkedIn requests you have asked it to perform.

The retention periods for the categories above are as follows:

• Web app access cookie: up to 30 minutes.
• Web app refresh and CSRF cookies: up to 14 days.
• Extension handoff codes: up to 2 minutes.
• Extension connect tokens: up to 10 minutes.
• Extension local storage: persists until you disconnect the extension, clear browser data, uninstall the extension, or overwrite the stored state by reconnecting.
• Workspace, prospect, and runtime history: retained while the account or workspace remains active, then deleted on request or on account or workspace deletion, unless longer retention is required for security or legal reasons.

We limit data handling to the features described above, request only the permissions needed for those features, and use technical and organizational controls intended to protect data in transit and at rest. No system is perfectly secure, but we work to apply industry-standard practices to the Service.

• Workspace API keys are not stored in plaintext on the server after issuance.
• Authentication cookies are scoped to the web app and used for sign-in sessions only.
• You can disconnect the extension, clear extension or browser storage, or uninstall the extension at any time.
• You can request access, correction, or deletion of your account or workspace data by emailing the privacy contact listed in Section 8.
• We may need to retain limited records for security, abuse prevention, or legal compliance even after a deletion request.

OutreachGenie's use of information accessed through Chrome extension permissions and LinkedIn will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. In particular:

• We use user data only to provide or improve the user-facing prospecting, outreach, sync, CRM, and analytics features described in the product UI and store listing.
• We do not sell user data, use it for personalized advertising, or transfer it to data brokers or resellers.
• We do not allow humans to read private user data, except when you explicitly ask for support, when it is necessary for security or abuse investigations, or when required by law.
• If a feature sends data to a third party you choose, such as a webhook destination, that transfer happens only because you configured that destination for the requested workflow.

For privacy questions, data access requests, correction requests, or deletion requests, contact:

moez.zhioua@gmail.com

When you contact us, please include enough detail for us to identify the workspace or account you want us to review. We will respond within a reasonable time and in accordance with applicable law.

This policy may be updated from time to time. The "Last updated" date at the top of this page reflects the most recent version. Continued use of the Service after an update means you accept the revised policy.