Last updated: 2026-05-23
This privacy policy describes how the LinkForce Chrome extension („the Extension“) published by LinkForce („we“, „us“) collects, uses, stores, and shares information when you use it. It is a companion to the LinkForce web application at linkforce.io and the privacy policy of the web application at linkforce.io/privacy applies in addition to this document.
1. What the Extension does
The Extension lets a logged-in LinkForce user, while browsing any website:
- See whether the page contains any of the user’s previously-saved „anchor texts“ or links to the user’s „target pages“.
- Check whether the page’s domain belongs to a company in the LinkForce community and, if so, send a Slack direct message to one of that company’s Slack members.
- Discover email addresses on the page and via the LinkForce
lead-finder-searchandhunter-enrichfeatures. - Generate AI link-placement suggestions using the page’s content as the source page.
- Send a one-off outreach email to a discovered address from the user’s own connected email account.
2. Data the Extension processes
| Data | Where it comes from | What we do with it |
|---|---|---|
| Your Supabase session token (JWT, refresh token, expiry) | Read from the localStorage of an open linkforce.io tab via chrome.scripting. | Cached in chrome.storage.session (local to your browser, cleared when the browser closes) so the Extension can talk to the LinkForce backend on your behalf. Never transmitted anywhere except to *.supabase.co. |
| Your email address | Decoded from the session token. | Shown in the popup header so you can confirm which account is signed in. Never shared. |
| The active tab’s URL, title, and visible text content | Read by the content script on the page you are currently viewing. | Sent to the LinkForce backend only when you trigger an action (Generate AI suggestions / Find emails / Send outreach). The text content is capped at ~9,000 characters. |
| Email addresses found on the active page (mailto: links and visible text) | Parsed locally by the content script. | Shown in the popup. Sent to the LinkForce backend only if you choose to use them as a recipient. |
| Slack DM body, AI prompts, outreach email subject + body that you type | Your input in the popup. | Sent to the LinkForce backend, then on to Slack / your SMTP provider as required to deliver the action you requested. Stored in your LinkForce account history (slack_messages, suggestions, email_messages, adhoc_email_sends). |
| Per-user daily ad-hoc email count | Computed from your adhoc_email_sends rows. | Used to enforce the daily limit. Visible only to you. |
The Extension does not collect:
- Your browsing history or any data from tabs you are not actively viewing.
- Form input, passwords, or financial data on third-party websites.
- Identifiers for advertising or analytics.
- Personal information about other people on the page beyond the email addresses you explicitly choose to surface.
3. Where data is sent
https://linkforce.io— only to read your existing session via the authenticated tab. No data is sent to this origin from the Extension.https://vbmkatbxnjxnarjgfqkc.supabase.co— your LinkForce backend. Database queries and edge function calls (Slack DM, lead finder, AI suggestions, outreach email send) all go here, authenticated with your session token.- Slack (indirectly via the LinkForce backend) — only when you send a DM.
- Your own connected email provider (indirectly via the LinkForce backend) — only when you send an outreach email. The Extension never reads your inbox.
- Hunter.io (indirectly via the LinkForce backend) — only when you click the „Hunter.io“ enrich button on the Leads tab.
4. Storage
- Local to your browser: Your cached session token (in
chrome.storage.session, automatically cleared when you close the browser). No persistent storage is used. - In your LinkForce account: Anything you would have stored anyway by using the LinkForce web app — sent messages, suggestions, contact records, ad-hoc send log entries.
5. Sharing
We do not sell your data. We do not share your data with third parties for advertising or analytics. The only third parties involved are the service providers required to deliver the action you requested (Slack, your email provider, Hunter.io if you opt in).
6. Permissions justification (Chrome Web Store)
| Permission | Why we need it |
|---|---|
storage | Cache your session token in chrome.storage.session between popup opens. |
activeTab | Read the URL, title, and content of the tab you are currently viewing so the popup can show context-aware actions. |
scripting | Read your existing LinkForce session from an open linkforce.io tab so you don’t have to sign in again inside the Extension. |
host_permissions for linkforce.io | Bridge your session out of the LinkForce web app. |
host_permissions for *.supabase.co | Talk to the LinkForce backend on your behalf. |
Content script on <all_urls> | Scan the page you are viewing for matches against your saved anchor texts and target URLs. The Extension is intentionally usable on any website because link-building research is intrinsically a „browse the open web“ activity. |
7. Your choices
- You can sign out of the Extension at any time by clicking your email address in the popup header. This clears the cached session token from your browser.
- Uninstalling the Extension removes all locally-stored data immediately.
- To delete the data the LinkForce web app holds about you, follow the process described at linkforce.io/privacy.
8. Children
The Extension is not directed at children under 13 and we do not knowingly collect data from them.
9. Changes to this policy
If we materially change how the Extension uses your data, we will update this document and the version number in the LinkForce GitHub repository before publishing the new Extension version.
10. Contact
Questions or requests: support@linkforce.io