Privacy Policy

Last updated: March 26, 2026

1. Overview

AI Outreach Assistant (“we”, “our”, or “the Service”) is a Chrome extension and web application that helps you write personalized LinkedIn outreach messages using artificial intelligence. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

We are an AI writing assistant — not a LinkedIn automation tool. We never auto-send messages, auto-click buttons, or collect data without your explicit action.

2. Information We Collect

Account Information

When you create an account, we collect your email address and any profile information you voluntarily provide, including your name, role, professional goal, and preferred tone of voice. This data is stored securely in our database and used solely to personalize generated messages.

Target LinkedIn Profile Data (Extension Only)

When you visit a LinkedIn profile page and click “Generate Message”, the Chrome extension reads the following information from the visible page content:

  • Target person's name
  • Headline / current role
  • Company name
  • About section (if publicly visible, up to 500 characters)
  • Up to 3 recent experience entries (job title and company name)

This data is sent to our server only when you click the button. It is used to generate your message and is not stored after the response is returned.

Your Own LinkedIn Profile Data (Extension Only)

The extension includes an optional “Sync” feature. When you visit your own LinkedIn profile and click Sync, the extension reads and stores locally on your device:

  • Your name and headline
  • About section (up to 500 characters)
  • Up to 3 recent experience entries (job title and company name)
  • Up to 5 top skills

This data is saved in chrome.storage.local on your device only. It is sent to our server only when you click “Generate Message” and is not persisted server-side after the response is returned. You can clear it at any time by uninstalling or resetting the extension.

Usage Data

We track the number of messages you generate per day to enforce free-tier limits. This counter resets daily and is associated with your account.

Data We Do Not Collect

  • We do not store generated messages
  • We do not collect LinkedIn login credentials
  • We do not scrape LinkedIn in the background
  • We do not track your browsing history
  • We do not collect payment information (no billing in current version)

3. How We Use Your Information

  • To authenticate you and manage your account
  • To generate personalized outreach messages via AI based on your profile and the target profile data you provide
  • To enforce daily usage limits on the free tier
  • To improve the reliability and quality of the Service

We do not sell your personal data. We do not use your data for advertising.

4. Third-Party Services

We use the following third-party providers to operate the Service:

Supabase

We use Supabase for authentication and database storage. Your account information and usage counters are stored in Supabase. Supabase is SOC 2 Type II certified. See Supabase Privacy Policy.

Groq

Message generation is powered by Groq's API (running open-source LLMs). When you request a message, the target profile data and your profile preferences are sent to Groq to generate a response. Groq processes this data according to their privacy policy. See Groq Privacy Policy.

By default, Groq does not use API request data to train models.

Vercel

Our backend is hosted on Vercel. Request logs may be temporarily retained by Vercel infrastructure. See Vercel Privacy Policy.

5. Data Retention

  • Account profile data is retained on our servers until you delete your account
  • Usage counters are reset daily and retained for account management
  • Target LinkedIn profile data submitted for message generation is not persisted — it is discarded after the API response
  • Generated messages are not stored on our servers
  • Your synced LinkedIn profile (name, headline, experiences, skills) is stored locally in chrome.storage.local on your device and is not held on our servers. It is cleared when you uninstall the extension.

6. Data Security

We implement standard security practices to protect your data:

  • All API communications use HTTPS/TLS encryption
  • Authentication tokens are validated server-side on every request
  • API keys and secrets are never exposed to the client or extension
  • AI generation requests are processed server-side only

7. Chrome Extension Permissions

The Chrome extension requests the following permissions:

  • activeTab — to read visible profile data from the current LinkedIn tab when you click “Generate Message” or “Sync”
  • storage — to store your authentication token and your synced LinkedIn profile locally on your device
  • Host permission — to allow the extension to send requests to our backend API for message generation
  • Content script on linkedin.com/in/* — to inject the Generate Message button on LinkedIn profile pages. The script loads automatically when you visit a profile page, but makes no network requests until you click a button.

The background service worker is minimal and performs no data collection or network activity. All API calls require explicit user action.

8. LinkedIn Compliance

This Service is designed to comply with LinkedIn's User Agreement and Professional Community Policies. Specifically:

  • No automated actions are taken on LinkedIn
  • No messages are sent without explicit user action
  • Only publicly visible profile data is read
  • Only publicly visible DOM content is read — no hidden data or private information is accessed

9. Your Rights

You have the right to:

  • Access the personal data
  • Request deletion of your account and associated data
  • Withdraw consent at any time by deleting your account

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.