Privacy Policy
Last updated: June 11, 2026
Who This (“we”, “us”) provides a Chrome extension and companion web app that surface CRM contact data on LinkedIn profiles. This policy explains what data we collect, why we collect it, and who has access to it. If you have any question after reading this, email us at supportwhothis@gmail.com.
What we collect
- Account data. Your name and email address, used to create your Who This account and sign you in. Provided by you at sign-up, or shared by Google when you choose Google sign-in.
- Authentication data. A session cookie and an install ID that identify your browser to our backend. Stored locally by the extension and required for the extension to work.
- LinkedIn profile URLs you view in the extension. When the extension is enabled on a LinkedIn profile page, the profile URL is sent to our backend to look up the matching contact in your CRM. The profile URL, together with the visible name, title, and company parsed from the page, is also stored in your workspace to power the extension’s visit-history feature. Visits are recorded only while the extension is active on a profile page — never while it is closed or paused — and you can turn the feature off entirely with the “Save visit history” toggle in the extension settings, in which case nothing is stored.
- Public profile metadata read from the page. The visible name and headline parsed from the LinkedIn page DOM, used as additional signal to identify the right CRM record. We do not read messages, connection lists, or any data behind LinkedIn authentication walls.
- CRM data you connect. When you connect a CRM (e.g. HubSpot) via OAuth, we store the access and refresh tokens encrypted at rest, plus the field mappings you configure. We read and write to your CRM only the records relevant to the contacts you look up or create through the extension.
- Usage and error telemetry. Standard server logs (timestamps, IP, request paths, status codes) and application errors. Used for debugging and to keep the service reliable.
How we use it
- To operate the extension’s core feature — surfacing CRM context on LinkedIn profiles and letting you create or update contacts.
- To authenticate you and keep you signed in across sessions.
- To support and debug the product when something breaks.
- To send transactional emails (e.g. workspace invites, password resets). We do not send marketing emails.
We do not sell your data, share it with advertisers, train AI models on it, or use it to determine creditworthiness.
Who we share it with
We use a small number of infrastructure providers under standard data-processing terms. None of them receive your data for their own purposes.
- Vercel — hosts the web app and API.
- Neon — hosts our PostgreSQL database and authentication service.
- Resend — delivers transactional emails.
- HubSpot (or other CRMs you choose to connect) — receives the contact reads and writes you initiate from the extension. We exchange data with your CRM through its official OAuth API.
- Google — only when you sign in with Google. Google sees your sign-in event; we receive your name and email from Google.
Retention
Account data and CRM connection settings are kept for as long as your account is active. Server logs are kept for up to 30 days for debugging. Visit-history entries are deleted automatically after 30 days. When you delete your account, we delete your account data and revoke CRM tokens within 30 days, except where we are required by law to retain certain records.
Your rights
You can access, correct, export, or delete your account data at any time by emailing supportwhothis@gmail.com. If you are in the EU/EEA, UK, or California, you have additional rights under GDPR / UK GDPR / CCPA, including the right to lodge a complaint with your local data protection authority.
Children
Who This is built for professional use. We do not knowingly collect data from anyone under 16.
Changes to this policy
If we make material changes, we will update the “Last updated” date above and, where appropriate, notify you by email.