LinkedIn Profile Extractor — Privacy Policy

1. Introduction

This privacy policy describes how the LinkedIn Profile Extractor browser extension (hereafter "the extension") handles information when you use it. The extension is published by JSK Business Solutions Pvt Ltd under the NameToProfile brand and is distributed from the same codebase to every browser we support — currently the Chrome Web Store, Firefox Add-ons (addons.mozilla.org), and Microsoft Edge Add-ons, with additional browser stores added as we expand. This policy applies identically across all of those distributions.

The extension has one purpose: to let you extract the LinkedIn profile in your active tab to a local JSON, CSV, or Excel file. It works on profile pages you have explicitly opened in your logged-in LinkedIn session. A premium Bulk Capture mode lets you accumulate multiple extractions across a single session and download them together as one Excel / CSV / JSON file.

This policy applies only to the LinkedIn Profile Extractor browser extension. It does not cover other NameToProfile products, services, or website features.

2. What data the extension accesses

The extension runs only on LinkedIn URLs — specifically the profile page pattern https://www.linkedin.com/in/<slug>/. It does nothing on any other website. On a LinkedIn profile page, when you click Extract Profile, the extension reads the profile fields that LinkedIn already renders to your logged-in browser session, including sections that load lazily as you scroll and the "Contact info" modal when you open it. No additional login or credential collection happens — the extension uses the LinkedIn session your browser already holds.

The extracted fields can include (depending on which sections you tick):

• Intro: name, headline, location, country, industry, photo URL, banner URL, profile URL, pronoun
• About / summary text
• Experience: title, company, employment type, start / end date, duration, location, description
• Education: institution, degree, field of study, start / end year, grade, activities, description
• Skills, languages, certifications, projects, volunteering, accomplishments, recommendations, services, interests, causes
• Contact info (only when the contact-info modal is opened at your direction): email, phone, websites, profile URL, Twitter, birthday, connected-since
• Network counts: followers, connections
• Creator website

Whether any individual field returns a value depends on the profile owner's privacy settings — the extension can only see what LinkedIn itself renders to your logged-in browser.

The extension does not access:

• Profiles you have not actively opened in your browser
• Any non-LinkedIn website
• Your LinkedIn password — the extension only uses the session cookies your browser already holds
• Your browsing history, search history, bookmarks, downloads, or unrelated tabs
• LinkedIn pages other than the active profile tab (no background crawling)

The extension does not perform any form of general browsing tracking and never crawls in the background.

3. What data is stored locally in your browser

The extension stores the following items in your local browser profile using the standard browser extension local-storage API (chrome.storage.local in Chromium-based browsers such as Chrome, Edge, Brave, and Opera; the equivalent browser.storage.local WebExtensions API in Firefox). This data is kept on your device and is not transmitted to us or to any third party:

• apiKey — your NameToProfile API key (required for the extension to function)
• keyStatus — last-validated timestamp, used / remaining / limit credits, key prefix
• lpe_section_prefs — which sections you want included in downloads, plus per-section numeric limits
• lpe_bulk_session — profiles you captured in a Bulk Capture session
• lpe_bulk_session_active — whether Bulk Capture is currently on

All locally stored data lives only on your device and is never uploaded anywhere by the extension.

Signing out from the account menu removes the API key and cached auth state. Bulk Capture → Clear all empties the captured-profile list. Uninstalling the extension removes everything.

4. What data is sent to our API

The extension contacts only one backend endpoint, operated by NameToProfile:

https://api.nametoprofile.com

The extension sends requests to this endpoint for the following purposes:

• API key validation — POST /v1/auth/validate. Sent when you connect a key on the onboarding screen.
• Credit balance reads — GET /v1/usage. Sent on user-initiated Refresh-balance actions and when the account menu is opened.
• Bulk Capture gate check — POST /v1/usage/check. Sent to verify that your account has at least 500 credits available before Bulk Capture is enabled. The endpoint inspects the balance and never deducts credits.
• Approved brief list — GET /v1/briefs?status=approved. Lists your approved ICP briefs so you can pick one to score against. Does not consume credits.
• Prospect scoring — POST /v1/prospect/score (Fast, 1 credit) or POST /v1/prospect/deep-score (Deep, 20 credits). Sent only when you click Fast score or Deep score. This is the only call that carries profile fields (a limited snapshot — see below) and the only one that consumes credits. Results are cached 24 hours per profile per brief (a cache hit costs nothing).

Every request carries your NameToProfile API key (in the X-API-Key header) and standard HTTP metadata (method, path, timestamp, your IP address as seen by the server).

Scoring additionally sends a limited profile snapshot: the profile's LinkedIn URL, name, headline, location, About text, current company name, and tenure in the current role, plus your selected brief's ID.

No request — scoring included — ever carries:

• Contact info extracted from a profile (email, phone, websites, birthday)
• The full extracted profile, skills, education, certifications, or recommendations
• Page HTML/DOM, browsing history, bookmarks, cookies, or form contents

The extension never calls POST /v1/usage/consume; credits are deducted server-side only, and only when you score.

5. Extraction and export run in your browser; scoring is the one exception

The one exception is scoring (section 4): when you click Fast score or Deep score, a limited profile snapshot (LinkedIn URL, name, headline, location, About, current company and tenure) is sent to the NameToProfile API to be scored against your selected brief. This happens only on that click; contact info and the rest of the profile are never sent.

6. How the data is used

• Locally stored data is used solely to operate the extension's user-facing features: maintaining your saved API key, displaying your settings, holding the preview of an extracted profile, supporting the Bulk Capture session, and producing downloads.
• Data sent to our API (API key and request metadata) is used solely to validate your account, read your remaining credit balance, and check the Bulk Capture credit gate.
• No data collected by the extension is used for advertising, profiling, analytics tracking, behavioural targeting, or any purpose unrelated to the user-facing extraction and export feature.

The extension does not inject advertisements or any third-party content into any web page.

7. Data sharing

We do not sell, rent, trade, or share data collected by the extension. Specifically:

• We do not sell or share extracted LinkedIn profile data (the extension never has it on our servers in the first place).
• We do not share your API key or account-status data with any third party.
• We do not use extracted profiles for advertising purposes.
• We do not provide data collected by the extension to data brokers, marketing partners, or affiliates.

The only transmission of data outside your device that the extension performs is the account-status API calls described in section 4, and those calls go only to our own backend at https://api.nametoprofile.com.

8. Retention and deletion of locally stored data

All data stored by the extension lives in your own browser's local storage on your device. You remain in control of that data at all times:

• Clearing within the extension — The account menu's Sign out removes the saved API key and cached auth state. Bulk Capture → Clear all empties the captured-profile list. Removing individual captured entries is also supported from the Bulk Capture tab.
• Clearing via your browser — Use your browser's built-in extension settings. In Chromium-based browsers (Chrome, Edge, Brave, Opera): open chrome://extensions (or edge://extensions in Edge) → find LinkedIn Profile Extractor → Details → "Clear storage". In Firefox: open about:addons → Extensions → LinkedIn Profile Extractor → the gear icon → Remove. Uninstalling removes all of the extension's locally stored data.
• Retention on our servers — we do not retain extracted profile data because we never receive it. Standard request logs for the three auth endpoints may be kept in server-side logs for a limited period for security, debugging, and rate-limit enforcement; those logs contain request metadata and the API key prefix, not profile fields.

9. User controls

You have the following controls over the extension's behavior and data:

• Install and uninstall. Uninstalling the extension removes all of its locally stored data from your browser.
• Enter, rotate, or remove your API key via the onboarding screen or the account menu. Rotating the API key from your NameToProfile dashboard invalidates the previous key immediately.
• Choose what to extract — the popup's Fields to extract panel lets you toggle any of the 17 selectable sections and cap the number of experience / education entries.
• Bulk Capture toggle — explicit Start / Stop. Captures only happen when you click Extract Profile while capture is on.
• Manage the extension's permissions via your browser's extension settings (chrome://extensions in Chrome, edge://extensions in Edge, about:addons in Firefox, and the equivalent in other browsers). You may disable the extension entirely without uninstalling it.

10. Browser permissions in use

The extension requests the following permissions. Each is used only for the purpose stated:

• activeTab — read the currently open LinkedIn profile tab when you click Extract Profile.
• scripting — inject the scroll / expand / modal-open helper into the active LinkedIn tab so sections that lazy-load become visible before extraction.
• storage — save the API key, settings, and the Bulk Capture session list to the browser's extension local storage (chrome.storage.local in Chromium-based browsers, browser.storage.local in Firefox).
• downloads — write the generated JSON / CSV / Excel file to your browser's downloads folder.
• tabs — read tab URL / title metadata to detect that the active tab is a LinkedIn profile and to label captures.
• Host permission for https://www.linkedin.com/* — required so the popup can read the profile data your active LinkedIn tab has already loaded, using your existing LinkedIn session.
• Host permission for https://api.nametoprofile.com/* — required for the three free auth / balance endpoints (see section 4).

The extension does not request: history, bookmarks, cookies, identity, geolocation, native messaging, USB / Serial / Bluetooth, web request blocking, the debugger API, declarativeNetRequest, or any other privileged API.

11. Security

We take reasonable steps to protect the extension and the limited data it transmits:

• All communication between the extension and our API (https://api.nametoprofile.com) is encrypted in transit using HTTPS.
• All reads from LinkedIn happen in your browser over your existing HTTPS LinkedIn session — the extension does not read, store, or forward your LinkedIn password or session cookies.
• The extension's API key is stored only in your own browser's local storage (chrome.storage.local in Chromium-based browsers, browser.storage.local in Firefox) and is transmitted only in the X-API-Key request header when the extension calls our API for the purposes described in section 4.
• The extension ships as un-minified, un-obfuscated JavaScript so its behavior can be verified by inspection. Independent reviewers can grep the source to confirm the only outbound NameToProfile endpoints are /v1/auth/validate, /v1/usage, and /v1/usage/check.
• If you suspect your API key has been exposed, you can rotate it immediately from your NameToProfile dashboard, which invalidates the previous key.

While we use reasonable safeguards, no method of electronic transmission or storage is perfectly secure. We cannot guarantee absolute security.

12. Children

The extension is not directed to children, and we do not knowingly collect information from children. If you believe a child has provided information in connection with the extension, please contact us at info@nametoprofile.com.

13. Changes to this policy

We may update this privacy policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and publish the revised version on this page.

14. Contact

If you have questions about this policy or about the extension's handling of your data, contact us at:

• Email: info@nametoprofile.com
• Publisher: JSK Business Solutions Pvt Ltd (operating as NameToProfile)
• Website: https://nametoprofile.com

15. Chrome Web Store Limited Use statement