Chrome Extension Privacy Policy

Effective: June 11, 2025

Last updated: March 11, 2026

This privacy policy describes how the GenuineLink Chrome browser extension (the "Extension", Manifest V3) collects, uses, shares, stores, and protects information. It is published by Genuinelink B.V. ("Genuinelink", "we", "us", "our"), established in the Netherlands. Genuinelink B.V. is the data controller responsible for the processing of personal data described below.

This document covers only the Chrome Extension. It supplements, and should be read together with, our main Privacy Policy at https://legal.genuinelink.ai/privacy-policy, which governs the broader GenuineLink web application and services.

LinkedIn non-affiliation disclaimer: GenuineLink is an independent product. We are not affiliated with, endorsed by, sponsored by, or otherwise associated with LinkedIn Corporation or its affiliates. "LinkedIn" is a trademark of LinkedIn Corporation, used here only to describe interoperability.


1. Single Purpose of the Extension

The Extension has a single purpose: to help an authenticated GenuineLink user connect their own LinkedIn account to their GenuineLink company account using their existing LinkedIn browser session, so that they do not have to type their LinkedIn credentials into our web app.

The Extension assists only with this account-linking flow. It does not scrape third-party LinkedIn profiles, does not send LinkedIn messages or connection requests on its own, does not run in the background on arbitrary websites, does not sell data, and does not use data for advertising, profiling, or any purpose unrelated to account linking.


2. Where the Extension Runs

The Extension operates only on the following sites and surfaces:

  • GenuineLink (*://*.genuinelink.ai/*): A content script communicates with our web app (via window.postMessage) to exchange connection data when the user initiates linking.
  • LinkedIn (https://www.linkedin.com/*): A content script monitors whether the user is logged into LinkedIn during a guided login flow only (it polls for the presence of the li_at session cookie).
  • Background service worker: Coordinates cookie reads, API calls, the side panel, and secure messaging.
  • Side panel UI: Displays connection status (for example: guest, go to account page, log into LinkedIn, ready to connect, already connected).

3. Chrome Permissions and Why We Need Them

The Extension requests the following permissions:

  • cookies — Read the LinkedIn session cookie (li_at) and the GenuineLink auth_token cookie to verify login state and enable account linking.
  • tabs — Detect when the user is on the GenuineLink LinkedIn Accounts page, and navigate or update tabs during the connect flow.
  • storage — Temporarily store the connection payload between steps of the connect flow; this is cleared after use.
  • sidePanel — Display the Extension's user interface in the Chrome side panel.
  • webNavigation — Detect LinkedIn logout navigation for edge-case session cleanup.
  • declarativeNetRequest — Block the LinkedIn logout URL during the specific connect flow, to prevent accidental loss of the LinkedIn session mid-connection.

Host permissions:

  • *://*.genuinelink.ai/* — communicate with our web application.
  • https://*.linkedin.com/* — read LinkedIn session state and call LinkedIn's own logged-in profile endpoint using the user's existing session.
  • *://api.genuinelink.ai/* (and our app API) — check connection status with our backend.

4. What Information the Extension Collects

The Extension collects only the data needed to link the user's own LinkedIn account to their GenuineLink company account.

4.1 GenuineLink Authentication Data

The auth_token cookie from GenuineLink domains, read via the chrome.cookies API, used to verify that the user is logged into GenuineLink and to authenticate API requests as a Bearer token. Sent to our API only.

4.2 LinkedIn Session Cookies

LinkedIn cookies from linkedin.com, including the session cookie li_at and related cookies, read via the chrome.cookies API only when the user initiates a connection or the Extension prepares connection data. These are required to link the user's LinkedIn account without password entry. They are transmitted to the GenuineLink API for secure, server-side account linking and are not retained long-term in the Extension.

4.3 LinkedIn Profile Information (Logged-In User Only)

The member URN, first name, last name, profile image URL, and headline of the logged-in user, retrieved from LinkedIn's own logged-in profile endpoint using the user's existing browser session (never a separate password). Used to display the user's profile in the connect UI, identify the account for duplicate or reconnect checks, and associate the correct LinkedIn identity with the GenuineLink company account. Sent to the GenuineLink web app and API.

4.4 Company Account Context

The companyId, parsed from the GenuineLink page URL (/account/{companyId}/linkedin-accounts) or passed in Extension messages, used to link the LinkedIn account to the correct GenuineLink company workspace. Sent to the GenuineLink API.

4.5 Minimal Browser Context

Standard browser context implied by normal Extension operation, and the active tab URL on genuinelink.ai (used only for feature gating). At connect submission, the web app also records the User-Agent string for security and session verification. This is used for security, session verification, and fraud prevention for cookie-based connection, and is not used for unique fingerprinting beyond normal API security.

Data the Extension Does NOT Collect

  • LinkedIn passwords (never requested by the Extension)
  • LinkedIn messages, connections lists, or inbox content
  • Browsing history on sites other than genuinelink.ai and linkedin.com (and only for the features described above)
  • Payment or billing information
  • Contacts or leads from LinkedIn

5. How the Extension Collects Information

Information is collected through the Chrome extension APIs (chrome.cookies, chrome.tabs, chrome.storage), through secure window.postMessage exchanges with the GenuineLink web app, and — for the logged-in user's own profile — through a request to LinkedIn made with the user's existing browser session. Collection of LinkedIn session and profile data occurs only when the user actively initiates the account-linking flow.


6. How the Extension Uses Information

Extension-collected data is used only to:

  1. Authenticate the user to GenuineLink.
  2. Determine whether the user is logged into LinkedIn and whether an account is already connected.
  3. Facilitate linking the user's own LinkedIn account to their GenuineLink company account.
  4. Display connection status in the Extension's user interface.

We do not sell Extension data, do not use it for advertising, and do not use it for any purpose unrelated to account linking and GenuineLink service delivery.


7. Sensitive Data Handling

LinkedIn session cookies (including li_at) and the GenuineLink auth_token are authentication and session data and are treated as sensitive. They are accessed only when the user initiates linking, transmitted over encrypted connections to the GenuineLink API for server-side processing, and not retained in the Extension after the handoff. You should install and use the Extension only if you are comfortable entrusting GenuineLink with your LinkedIn session for the sole purpose of account linking described in this policy.


8. How Information Is Shared

Extension data is transmitted to:

  • GenuineLink servers (our API at api.genuinelink.ai and app.genuinelink.ai).
  • Authorized service providers who process data on our behalf under contract, including our LinkedIn connectivity infrastructure provider, solely to operate the LinkedIn account-linking functionality.

Extension data is not shared with advertisers, data brokers, or any social network other than the user's own LinkedIn session being used for the linking they initiated.


9. Storage and Retention

  • chrome.storage.session: Temporary connection payload, removed after the first read or after a successful handoff to the web app.
  • Extension UI session storage: Values such as extensionCompanyId and extensionAppOrigin, cleared when the user leaves the account context.
  • Local Extension state: Short-lived values such as panel refresh timestamps and login-monitor flags.
  • Server-side: Once data reaches GenuineLink servers, retention and deletion are governed by our main Privacy Policy.
  • Uninstall: Uninstalling the Extension removes its local storage. It does not delete LinkedIn account data already stored in GenuineLink; to remove that, the user must disconnect the account from the GenuineLink dashboard.

10. Security

We protect Extension data through HTTPS/TLS for all API communication, transmission of the auth token as a Bearer header rather than in URLs where avoidable, and by restricting the Extension's communication to GenuineLink origins and our API. API calls require the user to be logged into GenuineLink. We recommend keeping your browser and the Extension updated to the latest version.


11. Your Choices and Rights

  • Do not install the Extension if you do not want cookie-based account linking.
  • Log out of LinkedIn or uninstall the Extension to stop the Extension's access to LinkedIn cookies.
  • Disconnect your LinkedIn account at any time from the GenuineLink dashboard.
  • Manage Extension permissions at chrome://extensions, where you can review or remove the Extension.
  • GDPR and Dutch law rights: If you are in the EU, you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. You may exercise these rights, or request deletion, by contacting [email protected]. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). The full description of rights and lawful bases is set out in our main Privacy Policy.

12. Children's Privacy

The Extension is not intended for use by anyone under the age of 16, consistent with our main Privacy Policy. We do not knowingly collect data from children.


13. Changes to This Policy

We may update this Extension privacy policy from time to time. Material changes will be posted at https://legal.genuinelink.ai/chrome-extension-privacy-policy with an updated effective date.


14. Contact

Genuinelink B.V. (Netherlands). Contact us at [email protected].

  • Website: https://www.genuinelink.ai
  • Main Privacy Policy: https://legal.genuinelink.ai/privacy-policy