Privacy policy
B2BCream · IA Social Chrome extension · Last updated 8 May 2026 · Version 0.7.48
This document describes what data the B2BCream · IA Social Chrome extension collects, transmits, and stores. It applies only to the browser extension; the B2BCream web service has its own privacy policy at /privacy that you should also read.
TL;DR
- The extension does not scrape LinkedIn’s HTML.
- The only data it reads from your browsing context is:
- The URL of the LinkedIn profile you are currently viewing (
linkedin.com/in/<slug>). - Your active B2BCream session cookie (so it can authenticate you against your B2BCream account).
- The URL of the LinkedIn profile you are currently viewing (
- All product context (strategies, portfolios, generated messages) is fetched from the B2BCream backend via HTTPS — the extension is just a thin client.
- No analytics, no fingerprinting, no third-party trackers, no advertising IDs. We do not sell or share data.
What we collect through the extension
| Data point | When | Why | Stored? |
|---|---|---|---|
| LinkedIn profile URL | Each time you open a /in/<slug> page | Looks up if the contact already exists in your B2BCream account | Sent to b2bcream.com backend; stored only if you click "Save contact" |
| Your B2BCream session cookie | On each backend request | Authenticates you with B2BCream | Set/managed by b2bcream.com itself; the extension does not read its value |
| Your selected strategy IDs | When you tick strategies in the panel | Determines which strategies the message is generated against | chrome.storage.local (your browser only) |
| Custom message instructions | When you type into “AI message customization” | Passed to Claude for the generation prompt | Sent to b2bcream.com backend; not persisted |
| Backend URL preference | When you set it in the extension's Options page | Allows pointing the extension at a different B2BCream deployment (e.g. localhost during development) | chrome.storage.local (your browser only) |
| Deep-link context (strategy_id, company_id, company_name) | When you click "Find on LinkedIn" on a strategy in the B2BCream dashboard | Pre-fills the company + pre-selects the strategy in the floating panel so you don't retype | Stored as a 2h-expiring cookie on b2bcream.com (NOT linkedin.com). The extension reads it once via /api/extension/context, then deletes it. |
What we DO NOT collect
- LinkedIn profile content (name, headline, education, work history, profile picture, message history, posts, comments). The extension does NOT read the LinkedIn page DOM — see
manifest.json’shost_permissionsandcontent_scriptsfields. The injected script only readswindow.location.href. - Browsing history beyond the LinkedIn tab.
- Passwords or any credentials. The extension authenticates via the B2BCream session cookie that LinkedIn-unrelated parts of your browser already manage; we never read or transmit your password.
- Cookies belonging to third-party sites.
- Device fingerprints, IP geolocation, screen size, installed fonts, or any other tracking signals.
Data we receive on the backend (B2BCream)
When the extension calls our backend, the following fields are visible in our access logs:
- Your B2BCream user ID (from the session cookie)
- The LinkedIn URL you sent
- The strategy ID(s) you selected
- The type of message requested (
linkedin/email) - Your custom instructions (if you typed any)
- The contact’s company name (if you typed it in the form)
Generated messages are returned to your browser and not stored permanently on the backend unless you click “Save contact” — at which point the contact and your saved notes become part of your own B2BCream account, governed by the main /privacy policy.
Third parties
We use the following sub-processors. None of them receive raw LinkedIn data — they only receive what we send for the specific task:
- Anthropic, PBC (Claude API) — receives the message generation prompt: your portfolio summary, the strategy context, the recipient company name, your custom instructions. Anthropic’s terms forbid them from training on customer API data. anthropic.com/legal
- Vercel — hosts the B2BCream web app. Receives standard HTTP request metadata. vercel.com/legal/privacy-policy
- Supabase — managed Postgres + auth. Stores your B2BCream data. supabase.com/privacy
Data retention and deletion
chrome.storage.localdata (your strategy selection + backend URL preference) lives in your browser until you uninstall the extension or clear it manually.- Account data on B2BCream is retained per the /privacy policy.
- To delete everything: uninstall the extension and delete your B2BCream account from /app/account. Account deletion cascades to all your strategies, contacts and saved messages.
Security
- All backend traffic is TLS 1.2+ HTTPS.
- The extension’s
manifest.jsonhost_permissionsare limited tolinkedin.com(read URL only) and the configured B2BCream host (read user data via authenticated API). - The extension does not request or use
<all_urls>,tabs.captureVisibleTab,webRequest, ordebuggerpermissions.
Children
B2BCream is a B2B product for pharma BD teams. The extension is not directed at children under 16 and we do not knowingly collect data from them.
Changes to this policy
We will update this document and the version number at the top when material changes happen. The current version is always hosted at b2bcream.com/extension/privacy.
Contact
- Email: privacy@b2bcream.com
- Postal address: available on request.
This page mirrors extension/PRIVACY.md in the extension repository — the source of truth for the same content.