Privacy Policy

1. Introduction

Welcome to Uncold.app ("we", "our", or "us"). This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our Chrome Extension and related services.

Uncold.app is an AI-powered Chrome Extension that helps you generate personalized LinkedIn outreach messages. We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR), the Chrome Web Store User Data Policy, and applicable data protection laws.

Important: Uncold is a Chrome Extension that acts on your behalf within your browser. When you use the extension, it accesses LinkedIn pages you are actively viewing and processes that data locally and through our secure backend API. You remain in full control of when and how the extension operates.

Contact Information:
Email: radoslaw.soysal@gmail.com

2. Chrome Web Store Compliance

This extension complies with the Chrome Web Store User Data Policy. We handle all user data in accordance with Google's requirements for transparency, limited use, and secure data handling. We only collect data necessary for the extension's core functionality and do not engage in deceptive practices.

3. Data We Collect

We collect two distinct categories of data:

3.1 Account Data

When you create an account or authenticate with our service, we collect:

• Email address – Used for authentication and account management via Firebase Authentication
• Subscription status – Stored in Firebase Firestore to manage your access level (Free, Pro, etc.)
• Usage metadata – Timestamps of when you use the extension (for rate limiting and analytics)

This data is stored persistently in our Firebase database and is retained for the duration of your account.

3.2 Extension Data (LinkedIn Content)

When you click the "Analyze" button in the extension while viewing a LinkedIn profile, we extract the following information from the active tab:

• Profile Name – The name of the LinkedIn user
• Headline – The professional headline displayed on the profile
• About Section – The "About" text from the profile (if available)
• Recent Posts – Text content from visible posts on the profile page (upcoming feature - will analyze last 3 posts for deeper context)
• Profile URL – The LinkedIn profile URL for reference

How This Data is Handled:

• Collection: Only when you explicitly click "Analyze" - never passively
• Processing: Sent to our backend API (Google Cloud Functions) for AI processing via Google Vertex AI
• Raw Data Storage: The raw LinkedIn content (About section, posts) is not permanently stored - it's processed in-memory and discarded after AI response generation
• Generated Content Storage: The AI-generated message and lead metadata (name, headline, URL, timestamp) ARE saved to your personal history in Firebase Firestore for your convenience (see section 7 for details)

We do not build profiles, track browsing history, or collect data from LinkedIn pages you visit passively. The extension only activates when you explicitly trigger it.

4. How We Use Your Data

4.1 Account Data

• To authenticate you and provide access to the extension
• To manage your subscription tier and enforce usage limits
• To send service-related communications (e.g., subscription confirmations)

4.2 Extension Data (LinkedIn Content)

• To generate personalized outreach messages using AI
• Sent to Google Vertex AI (Gemini 2.5 Flash) for natural language processing
• Used solely for the purpose of fulfilling your request (message generation)
• Not used to train AI models – Google Vertex AI API does not use customer data for model training unless explicitly opted in (which we do not do)

5. AI Processing and Third-Party Services

We use Google Vertex AI (Gemini 2.5 Flash) to process the LinkedIn content you provide and generate personalized messages. Here's how this works:

• Data Flow: LinkedIn content → Our backend (Google Cloud Functions) → Google Vertex AI API → Response returned to you
• Processing Location: Google Cloud Platform (region: configurable, typically EU or US)
• Data Retention by Google: According to Google's Vertex AI terms, API requests are not used to train foundation models. Data may be temporarily logged for operational purposes but is not retained long-term.
• No Third-Party Sharing: We do not share your data with any other third parties beyond Google Cloud infrastructure.

Infrastructure Providers:

• Google Cloud Platform – Hosting, backend functions, AI processing
• Firebase – Authentication and database (Firestore)

6. Chrome Extension Permissions

Our extension requests the following permissions:

• activeTab – Allows the extension to access the content of the currently active tab when you click "Analyze". This is necessary to extract LinkedIn profile data.
• host_permissions (linkedin.com) – Grants access to LinkedIn pages specifically. We only access LinkedIn when you explicitly trigger the extension.
• storage – Used to store your authentication token locally in the browser (not synced across devices).

We do not request or use permissions beyond what is necessary for the extension's core functionality.

7. Data Storage and Retention

We store different types of data for different purposes:

• Account Data: Your email, subscription status, and usage metadata are stored in Firebase Firestore for the duration of your account. This data is deleted upon account deletion request.
• Raw LinkedIn Content: The raw profile data (About section, posts text) is NOT permanently stored. It is processed in-memory by our API and Google Vertex AI, then discarded immediately after the AI generates a response.
• Generated Messages & Lead History: For your convenience, we DO store the following in Firebase Firestore:
  • AI-generated outreach messages you create
  • Lead metadata (name, headline, LinkedIn URL, timestamp)
  • Your settings preferences (tone, goal, company context)
  This allows you to review your outreach history, track which leads you've contacted, and maintain consistency in your messaging. This data is retained for the duration of your account and can be deleted at any time upon request.
• Server Logs: API request logs (including user ID, timestamp, and error messages) may be retained for up to 30 days for debugging, security monitoring, and fraud prevention, then automatically deleted.

Summary: We store what helps you (your messages and history) but not the raw LinkedIn data itself.

8. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmission between the extension, our backend, and Google Vertex AI is encrypted using TLS/SSL.
• Encryption at Rest: Account data stored in Firebase is encrypted at rest.
• Access Control: Only authorized personnel have access to backend systems, and access is logged.
• No Plaintext Storage: We do not store LinkedIn content in plaintext or any other format.

9. We Do Not Sell Your Data

We do not sell, rent, or trade your personal data to third parties. We do not engage in data brokerage or advertising networks. Your data is used solely to provide the service you requested.

10. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under GDPR:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your account and associated data.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to processing of your data for specific purposes.
• Right to Withdraw Consent: Withdraw consent at any time (e.g., by deleting your account).

To exercise any of these rights, contact us at radoslaw.soysal@gmail.com.

11. Data Deletion

You can request deletion of your account and all associated data at any time by contacting us at radoslaw.soysal@gmail.com.

Upon receiving a deletion request, we will:

• Delete your account from Firebase Authentication
• Delete your subscription data from Firestore
• Delete your message history and lead metadata from Firestore
• Delete your settings and preferences
• Confirm deletion within 30 days

Note: Server logs may be retained for up to 30 days after deletion for security and debugging purposes, after which they are automatically purged.

12. Children's Privacy

Our service is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

13. International Data Transfers

Your data may be processed in countries outside the EEA (e.g., United States) where Google Cloud Platform operates. We ensure that such transfers comply with GDPR through:

• Google Cloud's GDPR-compliant Data Processing Addendum
• Standard Contractual Clauses (SCCs) approved by the European Commission

14. Cookie Policy

Our website uses minimal cookies to enhance your experience and ensure proper functionality.

What Cookies We Use

• Essential Cookies – Required for basic website functionality (e.g., maintaining your session). These cannot be disabled.
• Authentication Cookies – Firebase Authentication tokens stored locally to keep you logged in.
• Preference Cookies – Remember your cookie consent choice.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. By using our website, you consent to the use of essential cookies as described above.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by email or in-app notification.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: radoslaw.soysal@gmail.com