Privacy Policy

Version 2.0.0 · Last updated: June 9, 2026

LeadzTrak is a product of MatrixTrak (“we,” “us,” or “our”). LeadzTrak is a Chrome extension that works inside LinkedIn. This policy explains what data we collect, how we use it, and what we never do with it.

1. Local-First Architecture

LeadzTrak is designed so your lead data never leaves your browser unless you explicitly trigger a feature that requires it. All lead records, notes, follow-up dates, and outreach drafts are stored locally using chrome.storage.local. We do not operate a central database that stores your LinkedIn contacts or pipeline data.

2. What We See

License validation. When the extension starts, it sends your license key to our backend to verify your subscription status. We log the license key and IP address for fraud prevention. This is the only routine call made to our servers on extension load.
Payment data. Purchases are processed by Stripe. We receive a confirmation of successful payment and the email address used at checkout. We never see your full card number or billing details.
LinkedIn identity.During onboarding, the extension detects your LinkedIn profile URL handle (e.g., “john-doe”) from the page you are viewing. This is used to link your license to your LinkedIn account and is stored locally. It is transmitted to our backend only during license activation and free registration.
Installation and account identifiers. A randomly generated installation ID and, if you create an account, an account ID are stored locally and sent during license validation to associate your license with your device.
Anonymous error telemetry.If the extension encounters an error, a structured event (action name, error level, timestamp) is logged locally in your browser storage. You can view and clear these events at any time from the extension’s bug report flyout. These events are not automatically transmitted; they are included only if you choose to submit a bug report.
Feedback submissions. If you use the in-extension feedback form, the subject and description you provide are sent to our support system. No lead data, profile content, or browsing history is included.

3. What We Do Not See

Your LinkedIn profile or the profiles of people you view.
Your lead records, notes, outreach drafts, or follow-up dates.
Your browsing history or which LinkedIn pages you visit.
Your LinkedIn login credentials. We use your existing LinkedIn session.
Any data you export via CSV or JSON.

4. Data Collection Inventory

The following table summarises every category of data the extension collects, how it is collected, where it is stored, and whether it is transmitted externally.

Data category	Collected?	How	Storage	Transmitted?
LinkedIn profile data (name, title, company, location, photo)	Yes — on user action	DOM scraping on “Extract” or “Enrich” click	`chrome.storage.local`	To AI provider only if you enable AI enrichment; to your Supabase instance only if you enable cloud sync
Your LinkedIn profile handle	Yes — during onboarding	Detected from current LinkedIn page URL	`chrome.storage.local`	To license validation server during activation
AI provider API keys	Yes — user-provided	Entered by you in extension settings	`chrome.storage.local`	Directly to your chosen AI provider (never to our servers)
License key	Yes — user-provided	Entered by you during activation	`chrome.storage.sync`	To license validation server
Supabase credentials (URL, anon key)	Yes — user-provided	Entered by you in sync settings	`chrome.storage.local`	To your own Supabase instance (never to our servers)
Cloud sync data (leads, groups, templates)	Yes — user opt-in	Uploaded when you trigger a sync	Your own Supabase instance	To your own Supabase instance (never to our servers)
Telemetry / error events	Yes — automatic, local-only	Logged to local storage on extension actions	`chrome.storage.local`	Not transmitted automatically; included only if you submit a bug report
Feedback submissions	Yes — user-submitted	Via in-extension feedback form	Our support system	To leadztrak.com feedback endpoint
Subscription / payment data	Minimal	Processed by Stripe; we receive confirmation only	Stripe	Handled by Stripe — we receive email and payment confirmation

5. AI Enrichment

When you use AI features (field enrichment, outreach draft generation, or template suggestions), limited profile data — such as name, title, company, and location as visible on the current LinkedIn page — is sent to the AI provider you have configured to generate the result. You choose your provider and bring your own API key.

Supported AI providers: OpenAI, Anthropic (Claude), Google (Gemini), Grok (xAI), DeepSeek, Qwen (Alibaba), Zhipu AI, Moonshot, and any OpenAI-compatible custom endpoint. The list may expand over time.

Data sent to your chosen AI provider is processed under that provider’s API terms and is not used to train their models (per their API usage policies). AI features are opt-in; we do not send any data to an AI provider unless you actively trigger them. Your API key is stored locally and sent directly to your chosen provider — it is never transmitted to our servers. We do not proxy AI requests through leadztrak.com.

6. Third-Party Services

Service	Purpose	Data shared
Stripe	Payment processing	Email, billing address, payment method (handled by Stripe)
AI providers (user-chosen)	AI field enrichment & draft generation	Visible profile fields (name, title, company, location) — only when you trigger AI. You choose your provider and bring your own API key. Supported providers: OpenAI, Anthropic (Claude), Google (Gemini), Grok (xAI), DeepSeek, Qwen (Alibaba), Zhipu AI, Moonshot, and any OpenAI-compatible custom endpoint.
Supabase	License validation, onboarding, cloud sync (opt-in)	License key, installation ID, LinkedIn handle, IP address. If you enable cloud sync, lead data is stored in your own Supabase instance — we have zero access to your sync data.
Google Analytics (GA4)	Website analytics (page views, referrer)	Anonymous page view data, referrer URL. Used on the marketing website only — not in the extension.
Microsoft Clarity	Website usability analytics	Anonymous session replay and click heatmaps. Used on the marketing website only — not in the extension.

7. Extension Permissions

LeadzTrak requests the following permissions in manifest.json. Each is explained below:

activeTab — Allows the extension to access the currently active LinkedIn tab when you click the extension icon or a button in the panel. This is how we read the LinkedIn page content to extract lead data. The permission is limited to the active tab only when you take an action — no background access to other tabs.
scripting — Required by Manifest V3 to inject the content script into the LinkedIn page when you open the panel or click Extract. Without this, the extension cannot run its lead-capture logic on the page.
storage — Enables saving all lead data, groups, templates, settings, and license state to your browser using chrome.storage.local andchrome.storage.sync. All data stays on your machine unless you explicitly enable cloud sync.
Host permission: https://www.linkedin.com/*— Restricts the extension to operate only on www.linkedin.com, where all lead capture and enrichment happens. The extension does not function on any other website.
Optional host permission: https://*/*— Requested only when you configure a cloud sync endpoint (your own Supabase instance) or a custom AI provider endpoint. The extension works fully offline without granting this permission.

No other permissions are requested or used. The extension does not request tabs, cookies,webNavigation, notifications, or any other Chrome API permissions beyond the three listed above.

8. Cookies

The LeadzTrak marketing website (leadztrak.com) uses:

Google Analytics (GA4)for anonymous page-view analytics and referral tracking. Google’s privacy policy is available at policies.google.com/privacy. You can opt out via the Google Analytics opt-out browser add-on.
Microsoft Clarityfor anonymous session replay and heatmap analytics to improve website usability. Microsoft’s privacy policy is available at privacy.microsoft.com/privacy.
Session cookies for website continuity (e.g., keeping you logged into your account dashboard).

We do not use advertising cookies, cross-site tracking cookies, or any third-party tracking beyond the analytics tools listed above. The Chrome extension itself does not set cookies on LinkedIn or any other website.

10. Data Retention, Export, and Deletion

Local retention. All lead data, notes, groups, and templates are stored locally in your browser usingchrome.storage.local. This data persists until you explicitly clear it or uninstall the extension. Uninstalling the extension removes all local data.

Export your data. You can export all your leads as CSV or JSON at any time using the export button in the extension panel. No server access is required.

Delete local data.You can delete individual leads, groups, or templates from the extension UI. To clear everything, go to Chrome → Extensions → LeadzTrak → “Clear storage” or use the “Clear all data” option in extension settings.

Delete server-side data. If you have a paid subscription, we hold license records, payment history, and your LinkedIn handle on our servers. To request deletion of this data, contact us via our support form. Deletion requests are processed within 30 days. If you cancel your subscription, your license is deactivated but your local data is unaffected.

Sync data.If you use cloud sync with your own Supabase instance, you control that data directly — delete it from your Supabase dashboard. We have no access to your sync data.

11. Children’s Privacy

LeadzTrak is not directed at children under 13, and the extension requires use of LinkedIn, which mandates users be at least 18 years old. By using LeadzTrak, you confirm that you are at least 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this policy from time to time. When we do, we will update the version number and “Last updated” date above and, for material changes, notify users by email or via an in-extension notice. We review this policy at least every 90 days to ensure it remains accurate. We encourage you to review this policy periodically.

13. Changelog

Version	Date	Changes
2.0.0	June 9, 2026	Complete rewrite for Chrome Web Store compliance. Added: data collection inventory (Section 4), AI enrichment with all 9 supported providers (Section 5), third-party services including GA4 and Clarity (Section 6), extension permissions explanations (Section 7), expanded data retention, export, and deletion (Section 10), 18+ age requirement (Section 11), versioning and changelog (Sections 12–13).
1.0.0	May 31, 2026	Initial privacy policy published.

14. Contact

Questions about this policy? Use our contact form or email us (address on that page).