NameToProfile logo
Browser Extension Privacy Policy

AI Sales Assistant — Privacy Policy

Last updated: 2026-07-02

1. Introduction

This privacy policy describes how the NameToProfile AI Sales Assistant browser extension (the "AI Sales Assistant", hereafter "the extension") handles information when you use it. The extension is published by JSK Business Solutions Pvt Ltd under the NameToProfile brand and distributed through the browser extension stores we support. This policy applies identically across those distributions.

The extension has one purpose: to help you score the professional profile or company page you are viewing against your Ideal Customer Profile (ICP), and — on your request — draft outreach messages and social posts in your own voice. All scoring and drafting run on our backend; every result is text you review, edit and copy yourself. The extension never sends messages, posts, comments or connection requests, and never acts on your behalf on any platform.

This policy applies only to the AI Sales Assistant browser extension. It does not cover other NameToProfile products, services, or website features.

2. What data the extension accesses

The extension reads the text of the page open in your active tab, and only when you ask it to — when you click Fast score, Deep score, generate outreach, or use "fill from selection" / the right-click helper. Its content script is declared for <all_urls> so it can read whichever page you choose to score; it does nothing on a page until you trigger an action.

On your action, it reads:

  • The visible text of the active page (the profile or company page you are scoring), trimmed to a size budget before it is sent for scoring.
  • The current text selection, when you use "fill from selection" or the right-click "Send to NameToProfile" menu.

The extension does not access:

  • Pages you have not actively opened, or any tab other than the one you are scoring
  • Your browsing history, search history, bookmarks, downloads, or credentials
  • Cross-origin iframe content (a browser security boundary)
  • Any page content other than the text you ask it to score or draft from

The extension does not perform any form of general browsing tracking, and it does not run in the background.

3. What data is stored locally in your browser

The extension stores the following on your device using the browser's extension storage (chrome.storage.local) and a local database (IndexedDB). This data stays on your device and is not transmitted to us or any third party:

  • Your NameToProfile API key and cached account status (remaining credits, a stable account identifier used to keep accounts separate, key prefix, last-validated time)
  • Your ICP briefs (up to three) and which one is active
  • Your history: scored profiles and companies, each score with its reasons / rationale / recommended action, drafted messages, generated posts, per-profile notes and status, and an activity log
  • Preferences: theme (system / light / dark), "skip the Deep-score confirmation", and the "fill from selection" toggle

All locally stored data lives only on your device and is never uploaded or synced by the extension. You can export your history yourself as CSV or JSON at any time.

4. What data is sent to our backend

The extension contacts only one backend, operated by NameToProfile:

https://api.nametoprofile.com

Every request carries your NameToProfile API key in the X-API-Key header. There are two kinds of call:

a. Account-status calls — carry only your API key and standard HTTP metadata (never page text):

  • Key validationGET /v1/auth/validate (on sign-in).
  • Credit balance / costsGET /v1/usage, GET /v1/credit-costs.

b. Scoring & drafting calls — sent only when you trigger an action. These carry the text of the page you are scoring (trimmed to a ~200 KB budget) and/or the inputs you provide, to the relevant endpoint:

  • ScoringPOST /v1/score-page (and /rescore): the active page's text, plus the active brief reference.
  • OutreachPOST /v1/prospect/message or POST /v1/account/message (and their /regenerate): the score reference, channel, variant count, and — for company outreach — the recipient details you type in (name / title / profile URL).
  • ContentPOST /v1/social-post/generate and POST /v1/post-inspirator/generate: the concept or reference text you enter.
  • BriefsPOST /v1/onboard, GET/PATCH /v1/briefs/{id}, approve / archive, GET /v1/briefs: the product and voice details you enter when creating or editing a brief.
  • FlagPOST /v1/page-type/flag: the page URL and its detected type, when you report a mis-classified page.

These calls send only what is needed for the action you requested — page text you chose to score, or the inputs you typed. They do not send your history, your other tabs, cookies, form fields, or your browsing activity. Scoring and drafting consume credits, charged server-side.

5. Scoring runs on the backend; your history stays local

Scoring, message drafting and post generation run on our backend because they use AI models — that is the point at which the page text or your inputs are sent (section 4). Everything else — your API key, your briefs, and your entire history of scores, messages and posts — stays in your browser and is never uploaded. If you never run a score or draft, nothing about a page ever leaves your device.

6. How the data is used

  • Locally stored data is used solely to operate the extension's features: keeping you signed in, holding your briefs, and showing and exporting your history.
  • Data sent to our API is used solely to validate your account, read your credit balance, and produce the score, message or post you requested. AI outputs are returned to you as editable text.
  • No data collected by the extension is used for advertising, profiling, behavioural targeting, or any purpose unrelated to the feature you invoked.

The extension does not inject advertisements or any third-party content into any web page.

7. Data sharing

We do not sell, rent, trade, or share data collected by the extension. Specifically:

  • We do not sell the page text, scores, messages, or posts you generate.
  • We do not share your API key or account-status data with any third party.
  • We do not provide data collected by the extension to data brokers, marketing partners, or affiliates.

The only data the extension sends off your device are the calls to our own backend at https://api.nametoprofile.com described in section 4.

8. Retention and deletion

  • Locally — everything the extension stores lives in your browser and is under your control. Settings → Sign out removes your API key (history is kept for that account); Settings → Danger zone → Reset extension permanently erases all local data (history, briefs, settings and the API key). Signing in as a different account also clears the previous account's history so accounts never mix. Uninstalling the extension removes everything.
  • On our servers — the text and inputs you submit for scoring or drafting are processed under our main Privacy Policy and Data Processing Addendum. Request logs may be kept for a limited period for security, debugging and rate-limit enforcement.

9. User controls

  • Install / uninstall. Uninstalling removes all locally stored data.
  • Enter, rotate, or remove your API key in Settings. Rotating the key from your NameToProfile dashboard invalidates the previous key immediately.
  • Score only when you choose — the extension reads a page only when you click a scoring or drafting action; there is no background or automatic capture.
  • Export or clear your history (CSV / JSON export; Clear all; Reset extension) at any time in the panel.
  • Manage permissions via chrome://extensions; you may disable the extension without uninstalling it.

10. Browser permissions in use

The extension requests the following permissions. Each is used only for the purpose stated:

  • sidePanel — open the extension's side panel when you click the toolbar icon.
  • activeTab — read the currently open tab so it can score the page when you ask.
  • scripting — run the content script that returns the page's text or your selection on request.
  • storage — save your API key, briefs, settings and history to the browser's local storage.
  • tabs — read basic tab information (URL / title) to know which page you are scoring and drive the page-status indicator.
  • contextMenus — add the right-click "Send to NameToProfile → Social Post / Inspired Post" helper.
  • Content script for <all_urls> — required so it can read whichever page you choose to score, on your action only.
  • Host permission for https://api.nametoprofile.com/* — the only network host the extension connects to (scoring, drafting, account status).

The extension does not request: history, bookmarks, downloads, identity, geolocation, native messaging, USB / Serial / Bluetooth, the debugger API, declarativeNetRequest, or any other privileged API. Its content security policy restricts network connections to self and https://api.nametoprofile.com only.

11. Security

  • All communication with our API (https://api.nametoprofile.com) is encrypted in transit using HTTPS.
  • Your API key is stored only in your browser's local storage and is transmitted only in the X-API-Key header when the extension calls our API for the purposes in section 4.
  • If you suspect your API key has been exposed, rotate it from your NameToProfile dashboard, which invalidates the previous key immediately.

While we use reasonable safeguards, no method of electronic transmission or storage is perfectly secure, and we cannot guarantee absolute security.

12. Children

The extension is not directed to children, and we do not knowingly collect information from children. If you believe a child has provided information in connection with the extension, contact us at info@nametoprofile.com.

13. Changes to this policy

We may update this privacy policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and publish the revised version here.

14. Contact

15. Chrome Web Store Limited Use statement

The use of information received from Chrome extension APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

We use privacy-friendly analytics to improve the site. No personal data is sold. You can opt out.