Privacy Policy

1. Introduction

Welcome to Uncold.app ("we", "our", or "us"). This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our Chrome Extension and related services.

Uncold.app is an AI-powered Chrome Extension that helps you generate personalized LinkedIn outreach messages. We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR), the Chrome Web Store User Data Policy, and applicable data protection laws.

Contact Information:
Email: radoslaw.soysal@gmail.com

2. Chrome Web Store Compliance

This extension complies with the Chrome Web Store User Data Policy. We handle all user data in accordance with Google's requirements for transparency, limited use, and secure data handling. We only collect data necessary for the extension's core functionality and do not engage in deceptive practices.

3. Data We Collect

We collect two distinct categories of data:

3.1 Account Data

When you create an account or authenticate with our service, we collect:

• Email address – Used for authentication and account management via Firebase Authentication
• Subscription status – Stored in Firebase Firestore to manage your access level (Free, Pro, etc.)
• Usage metadata – Timestamps of when you use the extension (for rate limiting and analytics)

This data is stored persistently in our Firebase database and is retained for the duration of your account.

3.2 Extension Data (LinkedIn Content)

When you click the "Analyze" button in the extension while viewing a LinkedIn profile, we temporarily extract the following information from the active tab:

• Profile Name – The name of the LinkedIn user
• Headline – The professional headline displayed on the profile
• About Section – The "About" text from the profile
• Recent Posts – Text content from visible posts on the profile page

Important: This data is ephemeral and transient. It is:

• Only collected when you explicitly click "Analyze"
• Sent to our backend API for AI processing
• Not stored permanently in any database
• Discarded immediately after the AI response is generated

We do not build profiles, track browsing history, or collect data from LinkedIn pages you visit passively.

4. How We Use Your Data

4.1 Account Data

• To authenticate you and provide access to the extension
• To manage your subscription tier and enforce usage limits
• To send service-related communications (e.g., subscription confirmations)

4.2 Extension Data (LinkedIn Content)

• To generate personalized outreach messages using AI
• Sent to Google Vertex AI (Gemini models) for natural language processing
• Used solely for the purpose of fulfilling your request (message generation)
• Not used to train AI models – Google Vertex AI API does not use customer data for model training unless explicitly opted in (which we do not do)

5. AI Processing and Third-Party Services

We use Google Vertex AI (Gemini models) to process the LinkedIn content you provide and generate personalized messages. Here's how this works:

• Data Flow: LinkedIn content → Our backend (Google Cloud Functions) → Google Vertex AI API → Response returned to you
• Processing Location: Google Cloud Platform (region: configurable, typically EU or US)
• Data Retention by Google: According to Google's Vertex AI terms, API requests are not used to train foundation models. Data may be temporarily logged for operational purposes but is not retained long-term.
• No Third-Party Sharing: We do not share your data with any other third parties beyond Google Cloud infrastructure.

Infrastructure Providers:

• Google Cloud Platform – Hosting, backend functions, AI processing
• Firebase – Authentication and database (Firestore)

6. Chrome Extension Permissions

Our extension requests the following permissions:

• activeTab – Allows the extension to access the content of the currently active tab when you click "Analyze". This is necessary to extract LinkedIn profile data.
• host_permissions (linkedin.com) – Grants access to LinkedIn pages specifically. We only access LinkedIn when you explicitly trigger the extension.
• storage – Used to store your authentication token locally in the browser (not synced across devices).

We do not request or use permissions beyond what is necessary for the extension's core functionality.

7. Data Storage and Retention

• Account Data: Stored in Firebase Firestore for the duration of your account. Deleted upon account deletion request.
• LinkedIn Content: Not stored. Processed in-memory and discarded immediately after AI response generation.
• Logs: Server logs (e.g., API requests) may be retained for up to 30 days for debugging and security purposes, then automatically deleted.

8. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmission between the extension, our backend, and Google Vertex AI is encrypted using TLS/SSL.
• Encryption at Rest: Account data stored in Firebase is encrypted at rest.
• Access Control: Only authorized personnel have access to backend systems, and access is logged.
• No Plaintext Storage: We do not store LinkedIn content in plaintext or any other format.

9. We Do Not Sell Your Data

We do not sell, rent, or trade your personal data to third parties. We do not engage in data brokerage or advertising networks. Your data is used solely to provide the service you requested.

10. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under GDPR:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your account and associated data.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to processing of your data for specific purposes.
• Right to Withdraw Consent: Withdraw consent at any time (e.g., by deleting your account).

To exercise any of these rights, contact us at radoslaw.soysal@gmail.com.

11. Data Deletion

You can request deletion of your account and all associated data at any time by contacting us at radoslaw.soysal@gmail.com.

Upon receiving a deletion request, we will:

• Delete your account from Firebase Authentication
• Delete your subscription data from Firestore
• Confirm deletion within 30 days

12. Children's Privacy

Our service is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

13. International Data Transfers

Your data may be processed in countries outside the EEA (e.g., United States) where Google Cloud Platform operates. We ensure that such transfers comply with GDPR through:

• Google Cloud's GDPR-compliant Data Processing Addendum
• Standard Contractual Clauses (SCCs) approved by the European Commission

14. Cookie Policy

Our website uses minimal cookies to enhance your experience and ensure proper functionality.

What Cookies We Use

• Essential Cookies – Required for basic website functionality (e.g., maintaining your session). These cannot be disabled.
• Authentication Cookies – Firebase Authentication tokens stored locally to keep you logged in.
• Preference Cookies – Remember your cookie consent choice.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. By using our website, you consent to the use of essential cookies as described above.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by email or in-app notification.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: radoslaw.soysal@gmail.com