Privacy Policy

Effective date: May 7, 2026.
This policy describes how LinkedIn Auto Connection (the Chrome extension and its companion web dashboard) collects, uses, stores, and shares information.

Bahasa Indonesia (ringkas): Kebijakan ini menjelaskan data apa yang kami kumpulkan dari ekstensi Chrome dan dashboard web (akun, penggunaan ekstensi, pembayaran melalui Midtrans), untuk apa data itu dipakai, dan hak Anda menghubungi kami. Detail lengkap ada di bagian bahasa Inggris di bawah.

1. Who operates this service?

The service consists of (a) the LinkedIn Auto Connection browser extension and (b) a web application hosted at the domain configured for your installation (for example, production dashboard URL). The party responsible for processing personal data is the legal entity or individual operating that website and extension (“we”, “us”).

Contact: nanda.rizki.dp@gmail.com

2. What we collect

2.1 Dashboard account data

  • Registration / login: name, email address, and (if you use email/password sign-in) a password stored using one-way hashing.
  • Optional Google Sign-In: Google account identifier, name, email, and profile image URL as provided by Google.
  • Email verification: verification timestamps and messages sent through your mail provider.
  • Subscription & billing: plan status, renewal dates, and payment records stored in our database. Card numbers are not stored on our servers when you pay through Midtrans; payment details are handled by Midtrans according to their privacy policy.
  • Extension API token: when you generate a token in the dashboard, we store a cryptographic hash of the token and a short suffix for display—not the full secret.
  • Preferences: for example, whether you opted in to payment reminder emails.

2.2 Data sent from the extension to our servers

When you paste your Extension API token into the extension, the extension sends HTTPS requests to our API. These requests may include:

  • Authentication: your API token (secret) in the request—treat it like a password.
  • Usage checks: minimal identifiers needed to enforce free trial and paid limits.
  • Activity events, such as:
    • event type (for example, connection sent or automation logs);
    • optional LinkedIn-related fields such as profile URL or profile name and page URL;
    • optional structured metadata (for example, counts or diagnostic fields);
    • timestamps.

We do not require you to send LinkedIn passwords to our servers. You remain logged into LinkedIn in your browser under LinkedIn’s own terms.

2.3 Data stored locally in the browser

The extension stores settings and operational state (such as tags, quotas, logs, and subscription cache) using Chrome’s extension storage on your device. This data stays on your machine unless the extension transmits it to our API as described above.

2.4 Technical & approximate location data

Like most websites, our servers may process standard HTTP information such as IP address, user agent, and approximate region derived from IP or CDN headers (for example, to show region-based pricing on finance pages). We do not use this to track you across unrelated websites inside the extension.

3. How we use information

  • Provide accounts, authentication, and email verification.
  • Operate extension features tied to your account (usage limits, history in the dashboard).
  • Process payments and subscriptions through Midtrans.
  • Send operational emails you request (such as payment reminders when enabled).
  • Improve reliability, security, fraud prevention, and support.
  • Comply with legal obligations.

4. Sharing with third parties

  • Midtrans — payment processing for subscriptions.
  • Google — if you choose Google Sign-In, subject to Google’s terms.
  • Hosting / infrastructure providers where the dashboard and database run.
  • Email delivery provider configured in your deployment (SMTP or mail API).
  • Authorities when required by applicable law or lawful requests.

We do not sell your personal information to data brokers.

5. Legal bases (summary)

Depending on your region, we rely on appropriate bases such as performance of a contract (providing the service you signed up for), legitimate interests (security and abuse prevention), and consent where required (for example, optional marketing—currently we focus on transactional notices tied to billing).

6. Retention

We retain account, billing, and extension event data as needed to operate the service and meet legal, tax, and accounting requirements. You may request deletion of your account subject to applicable law and legitimate retention needs (for example, finalized invoices).

7. Security

We use industry-standard practices such as HTTPS for API traffic, hashed passwords and API tokens, and access controls on servers. No method of transmission or storage is 100% secure; use a unique API token and revoke it from the dashboard if you suspect compromise.

8. Your rights

Depending on applicable privacy laws (including GDPR and Indonesian PDP rules where relevant), you may have rights to access, correct, delete, restrict, or object to certain processing, and to lodge a complaint with a supervisory authority. Contact us using the email above to exercise these rights.

9. Children

The service is not directed at children under 16. Do not register if you are not able to enter a binding agreement where you live.

10. Third-party services

LinkedIn is operated by LinkedIn Corporation / Microsoft. Your use of LinkedIn is governed by LinkedIn’s policies. We are not responsible for LinkedIn’s processing of your LinkedIn account data.

11. Changes

We may update this policy from time to time. We will adjust the effective date at the top when we do. Continued use after changes means you accept the updated policy unless otherwise required by law.

This document is provided as a practical template and does not constitute legal advice. Have qualified counsel review it for your entity and jurisdiction before relying on it in regulated contexts.