Legal

Privacy Policy

Last updated: May 2026 · Effective immediately

Overview

The short version: InMailAI does not sell your data, does not run ads, and does not store LinkedIn profile data. We collect only what is necessary to make the product work and to prevent abuse of our free tier.

InMailAI ("we", "our", "us") is a Chrome browser extension and associated backend service that helps sales professionals generate AI-powered prospect summaries, outreach messages, and find work email addresses directly within LinkedIn.

This Privacy Policy explains what information we collect, how we use it, and what rights you have. By installing and using InMailAI, you agree to the practices described here.

What we collect

We collect the minimum information necessary to provide the service:

Account information

When you create an InMailAI account, we collect your email address and a hashed password (stored securely by Supabase). We do not collect your name, phone number, or any other personal information at signup.

Usage data

We track the number of AI calls and email lookups you make per month to enforce your plan limits. We do not track which LinkedIn profiles you visit or which messages you generate.

Authentication tokens

When you sign in, a JWT is stored in your browser's extension storage (chrome.storage.local). It is stored only on your device and never sent to third parties.

Server logs

Our backend automatically generates standard server logs including request timestamps, API endpoints called, and HTTP response codes. These logs do not include the content of your prompts or generated messages. Logs are retained for 30 days.

What we don't collect

  • LinkedIn profile dataWe do not store any information from profiles you view. Profile data is sent to our AI service to generate a response and immediately discarded.
  • Generated messagesOutreach messages and summaries are not stored on our servers. They exist only in your browser until you copy or close them.
  • Browsing historyWe do not know which LinkedIn profiles you visit, how many you view, or your browsing patterns.
  • Payment detailsAll payments are processed by Stripe or Razorpay. We never see or store your full card number, CVV, or bank account details.
  • LinkedIn credentialsWe have no access to your LinkedIn username or password. InMailAI reads the visible page DOM only.

How we use data

We use the data we collect for the following purposes only:

  1. Providing the serviceauthenticating your requests, generating AI responses, finding emails, and enforcing plan limits.
  2. Preventing abusetracking usage counts to prevent free-tier abuse and ensure fair access for all users.
  3. Improving the productaggregate, anonymous usage metrics may be used to understand how the product is used. No individual user behaviour is tracked.
  4. Transactional emailswe may send emails related to your account (password resets, payment receipts, plan limit warnings). We do not send marketing emails without your explicit consent.

We do not use your data for advertising, profiling, or sale to third parties. Ever.

Third-party services

InMailAI uses the following third-party services. Each has its own privacy policy:

Supabasesupabase.com

Stores your account email address and usage counters. Data stored in EU region.

Privacy Policy →

Groqgroq.com

Processes AI requests. Profile data is sent to generate the response and not retained. Groq does not train models on API inputs.

Privacy Policy →

Hunter.iohunter.io

Used for email finding. The person's name and company domain are sent to Hunter.

Privacy Policy →

Vercelvercel.com

Hosts our backend API with standard server logs.

Privacy Policy →

Stripe / Razorpaystripe.com / razorpay.com

Process subscription payments. We share only what is necessary for payment processing.

Privacy Policy →

We do not share your data with any other third parties.

Data storage and security

Your account data is stored in Supabase's secure PostgreSQL database with row-level security — meaning our application can only access your own data, never another user's.

Your authentication token is stored in chrome.storage.local— a sandboxed storage area accessible only to the InMailAI extension. No website, including LinkedIn, can read this data.

All communication between the extension and our backend uses HTTPS (TLS 1.2+). We do not transmit data over unencrypted connections.

We retain account data for as long as your account is active. If you delete your account, we delete your data within 30 days.

Your rights

  • AccessRequest a copy of all personal data we hold about you.
  • CorrectionUpdate your email address through account settings.
  • DeletionRequest deletion of your account and all data at any time by emailing privacy@inmailai.com. We process deletion within 30 days.
  • PortabilityRequest an export of your data in JSON format.
  • ObjectionObject to any processing of your data at any time.

To exercise any of these rights, email privacy@inmailai.com. We respond within 14 business days.

LinkedIn compliance

InMailAI reads only the publicly visible LinkedIn page you are currently viewing. We do not:

  • Access LinkedIn's internal APIs or private endpoints
  • Automate any actions on LinkedIn (clicking, sending, connecting)
  • Scrape LinkedIn pages in bulk or programmatically
  • Store or resell LinkedIn profile data
  • Bypass LinkedIn's authentication or access controls

All AI generation and message drafting is done by you, the user — InMailAI assists but does not automate.

Children's privacy

InMailAI is intended for adults (18+) in a professional context. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact privacy@inmailai.com immediately.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date and, for material changes, notify you by email or by displaying a notice in the extension.

Continued use after changes are posted constitutes acceptance of the updated policy.

Contact us

For questions, concerns, or data requests:

InMailAI Privacy Team

Email: privacy@inmailai.com
General: hello@inmailai.com
Website: inmailai.com

We respond to all privacy-related enquiries within 14 business days.