NameToProfile Engage — Privacy Policy

1. Introduction

This privacy policy describes how the NameToProfile Engage browser extension (hereafter "the extension") handles information when you use it. The extension is published by JSK Business Solutions Pvt Ltd under the NameToProfile brand and is distributed from the same codebase to every browser we support — currently the Chrome Web Store, Firefox Add-ons (addons.mozilla.org), and Microsoft Edge Add-ons, with additional browser stores added as we expand. This policy applies identically across all of those distributions.

The extension's purpose is to assist B2B outbound prospecting on LinkedIn. It can:

• Score a LinkedIn prospect against your saved product brief and return a verdict (strong / maybe / weak) with reasons.
• Draft outreach messages (connection notes, InMails, or direct messages) in 1–3 variants for you to copy and send manually.
• Suggest comments on LinkedIn posts, with a reaction and a draft comment.
• Generate an initial "brief" describing your product, value proposition, and tone of voice based on a short onboarding form (and, optionally, a one-time scrape of your own LinkedIn profile to calibrate tone).

All of these features run only when you click a button in the extension's popup, side panel, or overlay. The extension never acts on LinkedIn on your behalf; every output is text you review and act on manually.

This policy applies only to the NameToProfile Engage browser extension. It does not cover other NameToProfile products, services, or website features.

2. What data the extension accesses

The extension runs content scripts only on the following LinkedIn URL patterns, which are declared in the extension manifest and enforced by the browser:

• https://*.linkedin.com/in/* — public LinkedIn member profile pages
• https://*.linkedin.com/sales/lead/* — LinkedIn Sales Navigator lead pages
• https://*.linkedin.com/feed/* — your LinkedIn home feed
• https://*.linkedin.com/posts/* — individual LinkedIn post URLs

On those pages, when you click a button in the extension's UI (e.g. Score this prospect, Draft message, Suggest comment), the extension reads the visible content needed for that action. Specifically:

• On a profile page (/in/* or /sales/lead/*): the prospect's name, headline, current role and company, about section, recent experience and education entries, location, and any other publicly visible profile details rendered on the page.
• On a feed or post page (/feed/*, /posts/*): the text and author metadata of the specific post you're suggesting a comment for.
• During onboarding, if you choose to use it: a one-time scrape of your own LinkedIn profile so the backend can calibrate the tone of voice in the briefs it drafts for you. This step is skippable; submitting without it produces a generic-tone brief.

The extension does not access:

• Pages you have not actively opened in your browser
• LinkedIn pages outside the four URL patterns listed above (Messaging, Settings, Recruiter, Learning, Notifications, Search, etc.)
• Profiles you did not navigate to yourself (the extension never enumerates or crawls LinkedIn on its own)
• Your LinkedIn account credentials, direct messages, or notifications
• Your browsing history, search history, bookmarks, downloads, or unrelated tabs
• Cross-origin iframe content (browser security boundary)
• Any non-LinkedIn website

The extension does not perform any form of general browsing tracking.

3. What data is stored locally in your browser

The extension stores the following items in your local browser profile using the standard browser extension local-storage API (chrome.storage.local in Chromium-based browsers such as Chrome, Edge, Brave, and Opera; the equivalent browser.storage.local WebExtensions API in Firefox). This data is kept on your device and is not transmitted to us or to any third party:

• Your NameToProfile Engage API key (required for the extension to function)
• The most recently saved key (used to detect "same key returning" vs "switching accounts" on next save)
• Your current flow state (not onboarded, key saved, brief in draft, ready)
• One or more approved briefs: brief ID, product name, version, approval timestamp. Agency users can keep multiple briefs (one per client).
• The brief currently selected for scoring, and any locked-brief setting
• Short-lived last-score memory per prospect: score ID, verdict, final score, expiry timestamp (used to avoid duplicate scores within an expiry window)
• Cached credit balance: used, remaining, limit (refreshed on certain actions)
• Your preferences: default outreach channel, default variant count (1 / 2 / 3), default comment-variant count, default tone, scoring mode (fast / deep / escalated), auto-open on LinkedIn toggle, and an internal scrape-debug flag

All locally stored data lives only on your device and is never uploaded anywhere by the extension beyond the explicit backend API calls described in the next section.

Signing out from the extension removes the API key and cached credit balance from local storage. Uninstalling the extension removes everything.

4. What data is sent to our API

The extension contacts only one backend endpoint base, operated by NameToProfile:

https://api.nametoprofile.com

Every request from the extension carries your NameToProfile Engage API key in the X-API-Key request header and the extension version in X-Client-Version. The extension makes the following kinds of requests, each only on the corresponding explicit user action:

• GET /v1/auth/validate — sent on Save / Validate when you enter your API key. Carries only the API key; no LinkedIn content.
• POST /v1/onboard — sent when you submit the onboarding form. Carries the form fields you typed (website URL, product name, one-sentence value proposition, problem solved, plus the optional "Tell us more" fields: pricing, integrations, trust signals, ICP hint) and, if you chose not to skip it, the structured fields scraped from your own LinkedIn profile (used for tone calibration only).
• PATCH /v1/briefs/{id} — sent silently while you inline-edit a draft brief. Carries your edits to the brief text.
• POST /v1/briefs/{id}/approve — sent when you approve a draft brief. Carries the brief ID only.
• POST /v1/prospect/score — sent only when you click Score this prospect. Carries the scraped public details from the LinkedIn profile page you're on, plus the currently selected brief ID. Returns a verdict (strong / maybe / weak) and the reasons.
• POST /v1/prospect/deep-score — sent only when you opt into a deep analysis (in escalated scoring mode, after a fast score). Same payload shape; runs a more thorough LLM-backed analysis on the backend.
• POST /v1/prospect/message — sent only when you click Draft message. Carries the scoring context, the brief ID, the chosen channel (connection note / InMail / DM), the chosen tone, and the requested variant count.
• POST /v1/suggest-comment — sent only when you click the Suggest comment button next to a LinkedIn post. Carries the post text, author metadata visible on the page, the brief ID, and the requested variant count.

Each request carries:

• Your NameToProfile Engage API key (in the X-API-Key header)
• The extension version (in the X-Client-Version header)
• The action-specific JSON body described above
• Standard HTTP metadata (request method, path, timestamp, your IP address as seen by the server)

These requests never carry:

• LinkedIn pages outside the four URL patterns listed in section 2
• Profile or post content that you did not explicitly act on (no background scraping)
• Your LinkedIn login credentials, cookies, or session tokens
• Your browsing history, bookmarks, downloads, or unrelated tab content
• The content of any non-LinkedIn page

5. Hard boundaries — what the extension never does

Specifically, the extension:

• Never sends, posts, or submits anything on LinkedIn. The output is always plain text rendered in the extension's UI for you to copy.
• Never enumerates or crawls LinkedIn pages on its own. It only reads pages you have actively navigated to and only when you click a button.
• Never calls OpenAI, Anthropic, or any other third-party LLM provider directly from your browser. All LLM-backed processing (scoring rationale, message drafting, comment suggestions) happens server-side, mediated by your NameToProfile Engage API key. No LinkedIn data is sent from your browser to any party other than the NameToProfile Engage backend at https://api.nametoprofile.com.
• Never accesses your LinkedIn login credentials, cookies, or session tokens. The extension relies on your normal logged-in browser session and reads only the public rendered DOM.
• Never injects advertisements or third-party content into LinkedIn or any other page.

The first three boundaries are enforced in code. Reviewers and security researchers can verify them by inspecting the extension package: the only outbound network destination declared in the manifest's host_permissions and Content Security Policy connect-src directive is https://api.nametoprofile.com. Any other origin would be blocked by the browser at the network layer.

6. How the data is used

• Locally stored data is used solely to operate the extension's user-facing features: maintaining your saved API key, tracking which brief is active, caching recent scores so the same prospect isn't re-charged inside an expiry window, and displaying your credit balance.
• Data sent to our backend is used solely to fulfill the action you initiated — generating a score, drafting a message, suggesting a comment, or onboarding a brief. Backend processing uses your inputs as context for LLM-mediated generation; outputs are returned to your browser for display.
• No data collected by the extension is used for advertising, profiling, behavioural targeting, retargeting, or analytics tracking outside what is strictly necessary to operate the requested feature.
• The extension does not inject advertisements or third-party content into any web page.

On the backend, the data you send may be temporarily processed by a large-language-model provider contracted by NameToProfile (e.g. for the brief draft, the deep-score analysis, the outreach message, or the comment suggestion). LLM provider relationships are governed by NameToProfile's server-side contracts and are not exposed directly to the browser; the extension never calls a third-party LLM API directly from your machine.

7. Data sharing

We do not sell, rent, trade, or share data collected by the extension. Specifically:

• We do not sell LinkedIn profile, post, or scoring data.
• We do not share your API key or account status with any third party.
• We do not use data sent through the extension for advertising purposes.
• We do not provide data collected by the extension to data brokers, marketing partners, or affiliates.

The only external processor that may briefly handle the content you send is the upstream LLM provider that fulfills the backend's generation requests. NameToProfile contracts with that provider under terms that prohibit using your data to train their general models. No other third-party processor receives data sent through the extension.

8. Retention and deletion of data

• Locally stored data — lives on your device until you sign out (which clears the API key and cached credit balance), reset the extension's preferences, clear the browser's extension data, or uninstall the extension. To clear all extension storage via your browser: In Chromium-based browsers (Chrome, Edge, Brave, Opera): open chrome://extensions (or edge://extensions in Edge) → find NameToProfile Engage → Details → "Clear storage". In Firefox: open about:addons → Extensions → NameToProfile Engage → the gear icon → Remove.
• Server-side retention — approved briefs, score records, drafted message records, and comment suggestion records are stored on the backend under your account so you can review and re-use them. They remain associated with your account until you request deletion. Standard request logs for all endpoints may be kept in server-side logs for a limited period for security, debugging, and rate-limit enforcement.
• Right to deletion — to request deletion of server-side records associated with your account, email info@nametoprofile.com from the email associated with your NameToProfile account. We respond within a reasonable timeframe.

9. User controls

You have the following controls over the extension's behavior and data:

• Install and uninstall. Uninstalling the extension removes all of its locally stored data from your browser.
• Enter, rotate, or remove your API key via the extension's popup or settings. Rotating the API key from your NameToProfile dashboard invalidates the previous key immediately.
• Skip the onboarding LinkedIn-profile scrape. If you don't want even your own profile sent during onboarding, submit the form without clicking the "scrape my profile" step — the backend produces a generic-tone brief instead.
• Choose your scoring mode in preferences (fast = cheap, no LLM; deep = thorough, LLM-backed; escalated = fast first with optional deep follow-up on your click).
• Choose what to do, when. Scoring, message drafting, and comment suggestions are only triggered by your explicit button click — never automatically.
• Manage the extension's permissions via your browser's extension settings (chrome://extensions in Chrome, edge://extensions in Edge, about:addons in Firefox, and the equivalent in other browsers). You may disable the extension entirely without uninstalling it.

10. Browser permissions in use

The extension requests the following permissions. Each is used only for the purpose stated:

• storage — save your API key, briefs, preferences, score cache, and cached credit balance to the browser's extension local storage (chrome.storage.local in Chromium-based browsers, browser.storage.local in Firefox).
• sidePanel — open the extension's side panel UI alongside LinkedIn so you can see scores, message drafts, and the brief selector without leaving the page.
• activeTab — read the currently open LinkedIn tab so the content script can extract the prospect or post details when you click a button.
• contextMenus — add right-click menu shortcuts for triggering scoring and message drafting from a LinkedIn page.
• Host permission for https://*.linkedin.com/* — required for the content scripts to run on the four LinkedIn URL patterns listed in section 2.
• Host permission for https://api.nametoprofile.com/* — required for the backend API calls described in section 4.

The extension does not request: history, bookmarks, downloads, identity, geolocation, webRequest, declarativeNetRequest, cookies, native messaging, USB / Serial / Bluetooth, the debugger API, or any other privileged browser API.

11. Security

• All communication between the extension and our backend (https://api.nametoprofile.com) is encrypted in transit using HTTPS.
• The extension's API key is stored only in your own browser's local storage (chrome.storage.local in Chromium-based browsers, browser.storage.local in Firefox) and is transmitted only in the X-API-Key request header.
• The extension's Content Security Policy explicitly restricts connect-src to https://api.nametoprofile.com and script-src to 'self'. No third-party scripts are loaded; no eval, no unsafe-eval, no unsafe-inline.
• The extension renders all DOM content as React text nodes; it does not use dangerouslySetInnerHTML on any data returned from the backend or extracted from LinkedIn.
• If you suspect your API key has been exposed, you can rotate it immediately from your NameToProfile dashboard, which invalidates the previous key.

While we use reasonable safeguards, no method of electronic transmission or storage is perfectly secure. We cannot guarantee absolute security.

12. Children

The extension is not directed to children, and we do not knowingly collect information from children. If you believe a child has provided information in connection with the extension, please contact us at info@nametoprofile.com.

13. Changes to this policy

We may update this privacy policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and publish the revised version on this page.

14. Contact

If you have questions about this policy or about the extension's handling of your data, contact us at:

• Email: info@nametoprofile.com
• Publisher: JSK Business Solutions Pvt Ltd (operating as NameToProfile)
• Website: https://nametoprofile.com

15. Chrome Web Store Limited Use statement