Extension Privacy Policy

OutreachPilot connects your social media accounts (LinkedIn, Reddit, and Twitter/X) to your OutreachPilot workspace. It enables the platform to detect buying signals, send outreach messages, execute approved actions (connection requests, replies, DMs), and display an in-page widget for quick actions while browsing social platforms. All actions are initiated by you or explicitly approved before execution.

• Session cookies— When you click "Connect," the extension reads your platform session cookie (e.g., LinkedIn's li_at, Twitter's ct0). This cookie is transmitted once to our server and is never stored in the extension.
• Link token — A temporary, cryptographically random token (256-bit) that identifies your workspace. It expires automatically after 24 hours.
• Workspace info — Your organization name and platform configuration, used solely to personalize the extension popup.
• Page context — On social platform pages, the extension reads limited page context (e.g., profile names, post content) to power signal detection and the in-page action widget. This data is processed in real-time and not stored or transmitted unless you initiate an action.

• We do not collect your passwords.
• We do not track your general browsing history or activity outside supported platforms.
• We do not collect analytics, telemetry, or usage metrics from the extension.
• We do not sell, share, or transfer any data to third parties.
• We do not run any background data collection — the extension only activates on supported platform pages.

Session cookies are used exclusively to authenticate API requests to LinkedIn, Reddit, and Twitter/X on your behalf — for example, sending connection requests, posting replies to buying signals, reading message threads, or scanning posts for signal detection. All actions are either directly initiated by you or explicitly approved before execution.

• Session credentials are encrypted at rest in our database with row-level security.
• Link tokens are cryptographically generated (256-bit) and expire after 24 hours.
• All data transmission uses HTTPS/TLS encryption.
• The extension stores only non-sensitive identifiers locally (workspace name, connection status).

• cookies — Read session cookies to detect if you are logged into LinkedIn, Reddit, or Twitter/X and authenticate actions on your behalf.
• storage — Store your workspace link token, connection status, and UI preferences locally.
• tabs — Open platform login pages when you need to sign in and navigate to setup after installation.
• alarms — Schedule periodic checks for queued actions and keep connection status up to date.
• scripting — Inject the in-page action widget on supported social platforms for quick engagement without leaving the page.
• webRequest — Monitor network requests on supported platforms to detect page navigation and update the widget correctly.
• host_permissions — Scoped only to linkedin.com, reddit.com, x.com, twitter.com, and useoutreachpilot.com. No access to any other websites.

• Disconnect anytime— Click "Disconnect" in the extension or remove the account in your OutreachPilot settings.
• Delete your data — Contact us at support@useoutreachpilot.com to request full data deletion.
• Uninstall — Removing the extension immediately stops all data collection and widget injection. Existing server-side connections remain active until manually disconnected in your dashboard.

Questions about this policy or the extension? Reach us at support@useoutreachpilot.com