Email & Phone Extractor — Privacy Policy

1. Introduction

This privacy policy describes how the Email & Phone Extractor browser extension (the "ContactHarvest" extension, hereafter "the extension") handles information when you use it. The extension is published by JSK Business Solutions Pvt Ltd under the NameToProfile brand and is distributed from the same codebase to every browser we support — currently the Chrome Web Store, Firefox Add-ons (addons.mozilla.org), and Microsoft Edge Add-ons, with additional browser stores added as we expand. This policy applies identically across all of those distributions.

The extension has one purpose: to help you extract email addresses and phone numbers — with confidence scoring — from any web page you actively load, and locally export those contacts as CSV, XLSX, JSON, or TXT files (or copy them to your clipboard). The extension also offers optional capture sessions, same-domain crawls, and bulk URL processing as premium features for accounts with sufficient credit balance.

This policy applies only to the Email & Phone Extractor browser extension. It does not cover other NameToProfile products, services, or website features.

2. What data the extension accesses

The extension runs on any web page you actively load (it requests the <all_urls> host permission so its content script can scan whichever page you ask it to). It scans the page DOM for two kinds of data:

• Email addresses — found in mailto: links, <link rel="me"> tags, [itemprop="email"] microdata, JSON-LD email and contactPoint.email, attribute scans (data-email, aria-label, title, value, placeholder), <textarea> body text, Cloudflare-obfuscated data-cfemail attributes, and plain page-text TreeWalker passes.
• Phone numbers — found in tel: / sms: / wa.me/ links, [itemprop="telephone"] microdata, JSON-LD telephone / phone / faxNumber, attribute scans, <textarea> body, page-text TreeWalker passes, and vanity-number conversion (e.g. 1-800-FLOWERS → digits).

The extension does not access:

• Pages you have not actively opened in your browser
• Your browsing history, search history, bookmarks, downloads, or unrelated tabs (beyond the active-tab scan)
• Any page content other than email and phone candidates plus the surrounding context the scoring engine needs to rank confidence
• Cross-origin iframe content (browser security boundary)

The extension does not perform any form of general browsing tracking.

3. What data is stored locally in your browser

The extension stores the following items in your local browser profile using the standard browser extension local-storage API (chrome.storage.local in Chromium-based browsers such as Chrome, Edge, Brave, and Opera; the equivalent browser.storage.local WebExtensions API in Firefox). This data is kept on your device and is not transmitted to us or to any third party:

• Your NameToProfile API key (required for the extension to function)
• Your cached API-key status, used / remaining / limit credits, last-validated timestamp, and key prefix
• Your extracted contacts: email or phone value, normalized form (E.164 for phones), source attribute (mailto, tel_link, text, etc.), confidence score, page URL and page title where the contact was seen, and extraction timestamp
• Capture session metadata: session ID, start / end time, pages visited, domain list, aggregated contact counts
• Crawl and Bulk job state: URL queue, per-URL status, settings used, last 5 completed bulk jobs
• Email + phone pairs detected via DOM proximity
• Settings: which contact types to extract, confidence threshold, role-email filter, theme (auto / light / dark), privacy mode, contact retention window, blacklists / allowlists (premium), crawl and bulk defaults
• A rolling 24-hour outbound-request log (millisecond timestamps; trimmed to a 24-hour window on every read)

All locally stored data lives only on your device and is never uploaded anywhere by the extension.

Locally stored contacts are subject to two automatic cleanups: a 4.5 MB LRU eviction (oldest contacts are dropped first when the storage limit is approached) and a 30-day default time-based prune (configurable in Options → Privacy → Contact retention as 7 days, 30 days, 90 days, or Never). Signing out from the Options page removes the API key and cached auth state. Uninstalling the extension removes everything.

4. What data is sent to our API

The extension contacts only one backend endpoint, operated by NameToProfile:

https://api.nametoprofile.com

The extension sends requests to this endpoint for two purposes only:

• API key validation — GET /v1/auth/validate. Sent on Save / Validate clicks in the Options page and on optional 5-minute background re-validation while the popup is open. Background re-validation can be disabled via Options → Privacy → Privacy mode.
• Credit balance reads — GET /v1/usage. Sent on user-initiated Refresh balance clicks and on the same 5-minute cadence (also suppressed by Privacy mode).

Each request carries:

• Your NameToProfile API key, sent in the X-API-Key request header
• Standard HTTP metadata (request method, path, timestamp, your IP address as seen by the server)

These requests never carry:

• Any extracted email address or phone number
• Any URL, hostname, or page title from a site you visited
• Any page content, HTML, or DOM data
• Browsing history, bookmarks, cookies, or form contents

The extension does not call POST /v1/usage/consume or any other NameToProfile endpoint. Credits are never deducted by the extension.

5. Extracted email and phone data is not transmitted to our API

When the popup automatically scans a page, when you re-scan, when you start or stop a capture session, when you run a Crawl or Bulk job, when you copy contacts to the clipboard, and when you export a file (CSV, XLSX, JSON, or TXT), no portion of the extracted contact data leaves your browser. Export files are generated locally and saved to your device via the browser's standard download mechanism. Clipboard content is written locally by the browser.

The only network calls the extension makes to our infrastructure are the two account-status calls described in section 4, and neither of those calls contains extracted contacts or page content.

6. How the data is used

• Locally stored data is used solely to operate the extension's user-facing features: maintaining your saved API key, displaying your settings, scoring and listing extracted contacts, supporting capture / crawl / bulk workflows, and producing exports.
• Data sent to our API (API key and request metadata) is used solely to validate your account and read your remaining credit balance.
• No data collected by the extension is used for advertising, profiling, analytics tracking, behavioural targeting, or any purpose unrelated to the user-facing extraction and export feature.

The extension does not inject advertisements or any third-party content into any web page.

7. Data sharing

We do not sell, rent, trade, or share data collected by the extension. Specifically:

• We do not sell extracted email or phone data (the extension never has it on our servers in the first place).
• We do not share your API key or account-status data with any third party.
• We do not use extracted contacts for advertising purposes.
• We do not provide data collected by the extension to data brokers, marketing partners, or affiliates.

The only transmission of data outside your device that the extension performs is the account-status API calls described in section 4, and those calls go only to our own backend at https://api.nametoprofile.com.

8. Retention and deletion of locally stored data

All data stored by the extension lives in your own browser's local storage on your device. You remain in control of that data at all times:

• Clearing within the extension — Options → Privacy → Sign out removes the saved API key and the cached auth state. Options → About → Reset settings to defaults restores every option. Options → About → Clear all stored data removes contacts, capture sessions, crawl / bulk job state, and the 24-hour request log (settings and the API key are kept). Options → Privacy → the contact-retention dropdown auto-prunes older records on extension startup based on the chosen window (7 / 30 / 90 days, or Never).
• Clearing via your browser — Use your browser's built-in extension settings. In Chromium-based browsers (Chrome, Edge, Brave, Opera): open chrome://extensions (or edge://extensions in Edge) → find ContactHarvest → Details → "Clear storage". In Firefox: open about:addons → Extensions → ContactHarvest → the gear icon → Remove. You can also clear your browser's site-and-extension data, or simply uninstall the extension. Uninstalling removes all of the extension's locally stored data.
• Retention on our servers — we do not retain extracted contacts because we never receive them. Standard request logs for /v1/auth/validate and /v1/usage may be kept in server-side logs for a limited period for security, debugging, and rate-limit enforcement; those logs contain request metadata and the API key prefix, not contacts or page content.

9. User controls

You have the following controls over the extension's behavior and data:

• Install and uninstall. Uninstalling the extension removes all of its locally stored data from your browser.
• Enter, rotate, or remove your API key via the Options page. Rotating the API key from your NameToProfile dashboard invalidates the previous key immediately.
• Privacy mode — Options → Privacy → Privacy mode suppresses the 5-minute background re-validation, so the extension contacts our API only on your explicit click after that.
• Choose what to extract — toggles for emails and phones, plus a confidence threshold, are available in the popup and Options.
• Manage the extension's permissions via your browser's extension settings (chrome://extensions in Chrome, edge://extensions in Edge, about:addons in Firefox, and the equivalent in other browsers). You may disable the extension entirely without uninstalling it.

10. Browser permissions in use

The extension requests the following permissions. Each is used only for the purpose stated:

• activeTab — read the currently open tab so the popup can scan the page when you open it or click Re-scan.
• scripting — inject the highlighter content script when you click Highlight Page.
• storage — save contacts, sessions, settings, and the API key to the browser's extension local storage (chrome.storage.local in Chromium-based browsers, browser.storage.local in Firefox).
• tabs — open temporary tabs during Crawl and Bulk jobs (premium); read tab metadata for badge updates.
• Host permission for <all_urls> — required for the content script to scan whichever page you ask it to.
• Host permission for https://api.nametoprofile.com/* — required for authentication and credit balance reads (see section 4).

The extension does not request: history, bookmarks, downloads, identity, geolocation, native messaging, USB / Serial / Bluetooth, web request blocking, the debugger API, declarativeNetRequest, or any other privileged API.

11. Security

We take reasonable steps to protect the extension and the limited data it transmits:

• All communication between the extension and our API (https://api.nametoprofile.com) is encrypted in transit using HTTPS.
• The extension's API key is stored only in your own browser's local storage (chrome.storage.local in Chromium-based browsers, browser.storage.local in Firefox) and is transmitted only in the X-API-Key request header when the extension calls our API for the purposes described in section 4.
• The extension ships as un-minified, un-obfuscated JavaScript so its behavior can be verified by inspection. Independent reviewers can grep the source to confirm the only outbound endpoints are /v1/auth/validate and /v1/usage.
• If you suspect your API key has been exposed, you can rotate it immediately from your NameToProfile dashboard, which invalidates the previous key.

While we use reasonable safeguards, no method of electronic transmission or storage is perfectly secure. We cannot guarantee absolute security.

12. Children

The extension is not directed to children, and we do not knowingly collect information from children. If you believe a child has provided information in connection with the extension, please contact us at info@nametoprofile.com.

13. Changes to this policy

We may update this privacy policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and publish the revised version on this page.

14. Contact

If you have questions about this policy or about the extension's handling of your data, contact us at:

• Email: info@nametoprofile.com
• Publisher: JSK Business Solutions Pvt Ltd (operating as NameToProfile)
• Website: https://nametoprofile.com

15. Chrome Web Store Limited Use statement