Privacy Policy

Last updated: 31 March 2026

1. Who we are

CleanedIn is a Chrome browser extension that filters and highlights LinkedIn posts using AI classification. It is operated by Phil Paquignon, trading as CleanedIn.

2. Data we collect

We collect data in two categories, matching the Chrome Web Store data disclosure categories:

Personally Identifiable Information (PII)

This category includes data that can identify you as an individual:

• Email address — collected at account creation. Used to authenticate you and manage your subscription.
• User ID — a unique identifier assigned to your account by our authentication provider (Supabase).
• Subscription status — whether your account is on the free, Pro Monthly, or Pro Yearly tier.
• Daily usage count — the number of posts classified today, used to enforce the free tier limit (20 posts/day).

Website Content

This category includes content from websites you visit while using the extension:

• LinkedIn post text (temporary) — the visible text of LinkedIn posts in your feed is read by the extension and transmitted to our server for AI classification. This text is used solely to generate a classification result and is not written to any database after the result is returned.
• Flagged post excerpts (optional, permanent) — when you voluntarily click the 🚩 flag button on a post, up to 500 characters of that post's text are permanently stored in our database, along with the post hash, filter category, and your user ID. This is used solely to improve filter accuracy. Use of the flag button is entirely optional.

3. Data we do not collect

• Your LinkedIn profile, connections, messages, or private data
• Browsing history or activity outside linkedin.com
• Location data or IP address
• Health or financial information
• Any data from websites other than linkedin.com
• Payment card details — these are handled entirely by Stripe and never transmitted to or stored by us

4. How we handle your data

LinkedIn post text — classification flow

1. The extension reads the visible text of posts on your LinkedIn feed.
2. The text is transmitted over HTTPS/TLS to our Supabase Edge Function.
3. The Edge Function forwards the text to Anthropic's Claude API for classification.
4. The classification result is returned to the extension.
5. The post text is immediately discarded. It is not written to any database or log.

Account data — storage flow

1. Your email address, user ID, usage count, and subscription status are stored in our Supabase Postgres database.
2. This database is hosted on AWS in the us-east-1 (US East) region.
3. Data is accessed only to authenticate you and enforce usage limits.

Local extension storage — on your device only

The extension stores the following locally on your device using chrome.storage.local. This data does not leave your device except as described above:

• Session token (JWT) — to keep you logged in
• Classification result cache — hashed post identifiers and results, to avoid duplicate API calls
• Filter preferences — which filter categories you have enabled
• Sensitivity setting — your chosen filter sensitivity level
• Usage statistics — posts seen, posts hidden, posts spotlighted (for display in the extension popup)
• Subscription tier — cached locally to reduce server requests

5. Third-party data sharing

We only transfer data to third parties when necessary to provide the core functionality of CleanedIn. We do not sell user data to any third party.

6. Data storage, security, and retention

Security

• In transit: All data is encrypted during transmission using HTTPS/TLS.
• At rest: Data stored on our servers is encrypted at rest using industry-standard AES-256 encryption.
• Access control: API keys and credentials are stored server-side only and never included in extension files. Database access is restricted using row-level security policies.
• Authentication: User sessions are managed via short-lived JWT tokens with automatic expiry.

Retention

We retain account information only as long as necessary to provide our service:

• Active accounts: Account data (email, usage count, subscription status) is retained for the duration of your active use of CleanedIn.
• Deletion requests: Upon receiving a deletion request, all personal data is permanently purged from our production databases within 30 days. You will receive confirmation by email.
• Flagged post excerpts: Retained indefinitely for filter improvement purposes, unless you request deletion.
• Local device data: Classification cache, preferences, and stats stored locally on your device are deleted when you uninstall the extension or clear browser storage.

7. Your rights

Under the UK GDPR and EU GDPR, you have the following rights:

• Right of access — request a copy of the data we hold about you
• Right to rectification — ask us to correct inaccurate data
• Right to erasure — ask us to permanently delete your data
• Right to restriction — ask us to limit how we process your data
• Right to data portability — request your data in a machine-readable format
• Right to object — object to how we use your data

To exercise any of these rights, email getcleanedin@gmail.com. We will respond and act within 30 days.

8. Children's privacy

CleanedIn is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it immediately.

9. Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date at the top of this page. Continued use of CleanedIn after changes are posted constitutes acceptance of the updated policy.

10. Contact

For all privacy-related questions, data requests, or deletion requests:
Email: getcleanedin@gmail.com