Welcome to Offerloop.ai ("Offerloop.ai," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our application and services (collectively, the "Services"). Please read this Privacy Policy carefully. If you do not agree with the terms, please do not use the Services.

We may update this Privacy Policy at any time. If we do, we will update the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically to remain informed.

1. Information We Collect

We may collect information about you in the following ways, depending on how you use the Services:

a. Personal Data You Provide to Us

Account Information: When you register for an account, we collect your name, email address, and authentication information from your chosen provider (e.g., Google ID or Microsoft ID, via Firebase).

Profile Information: To enhance your networking and outreach experience, you may provide details such as your university, class year, major, work experience, organizations, extracurricular activities, personal interests, target job roles, target locations, and resumes. You may also choose to sync your LinkedIn profile.

User-Generated Content: Email templates you create or customize, notes you take on contacts, and any content you generate within our performance-tracking modules.

b. Data Related to Your Use of the Services

Contact and Professional Information: Information about professionals you connect with through Offerloop.ai, including names, positions, companies, contact details, and any notes or status updates you log. Some of this data may also be provided by trusted third-party data providers such as People Data Labs (PDL) to help you discover relevant professionals and enrich connections.

Email Data (Content & Metadata): If you connect your Gmail or Outlook account, we process:

Email drafts saved via Gmail API (when you use our service to prepare outreach emails).
Draft, sent, and received email data (subjects, bodies, recipients, timestamps, thread IDs, conversation IDs, Message-IDs) that you choose to manage through Offerloop.ai.

Tracking Information: We may include tracking pixels and tracked links in emails to measure open rates, clicks, IP addresses, approximate locations, devices, and timestamps of activity.

Performance Data: Outreach performance metrics, such as emails sent, open rates, response rates, meeting conversions, template effectiveness, and connection growth.

c. Information from Third-Party Services

Authentication (Firebase with Google/Microsoft): When registering or logging in, we receive your name, email, profile picture, and authentication token. Encrypted access/refresh tokens are stored to connect to your email provider.

AI Services (OpenAI/ChatGPT): When using AI-powered personalization or explanations, relevant data may be securely sent to AI providers to generate responses.

Payment Processors (Stripe): Stripe processes all payments. We only receive subscription details and a Stripe Customer ID—not full payment card details.

Hosting Providers (Render, Firebase Hosting): Used for backend infrastructure and secure data storage.

Analytics Tools: Used to monitor performance and improve our Services.

Data Partners: External data labs such as People Data Labs may provide professional contact information to supplement your searches and improve connection opportunities.

d. Technical & Usage Data

Device & Connection Info: IP address, browser type, device type, OS, and related metadata.

Usage Data: Features accessed, time spent, click paths, and other interactions within the Services.

2. How We Use Your Information

Create and manage your account.
Provide, operate, and maintain the Services (e.g., connecting to email providers, saving drafts in Gmail, sending emails, managing contacts, generating analytics).
Personalize emails and generate AI-powered content suggestions.
Process subscriptions and payments securely through Stripe.
Deliver analytics, dashboards, and outreach performance insights.
Communicate updates, support responses, and account notices.
Detect, investigate, and prevent fraud, misuse, or security issues.
Comply with legal obligations.
Ensure compliance with privacy and anti-spam laws such as GDPR, CCPA, and CAN-SPAM.

3. Legal Bases for Processing (GDPR)

Consent: When you provide explicit consent (e.g., connecting your Google account).
Contract: When processing is necessary to provide the Services under our Terms of Service.
Legal Obligation: When processing is required to comply with applicable laws or regulations.
Legitimate Interests: When processing is necessary for our legitimate business interests, such as improving the Services, preventing abuse, or analyzing usage, provided those interests are not overridden by your rights.

4. Security Measures

Encryption in Transit & At Rest: TLS (HTTPS) for data in motion; AES-256 for sensitive data like OAuth tokens.
Access Controls: Restricted to authorized personnel/systems.
Monitoring & Auditing: Logging and vulnerability audits.
Compliance: Best practices aligned with the Google API Services User Data Policy.

5. Disclosure of Your Information

By Law / Protection of Rights: As required to comply with law, legal process, or enforce our rights.
Third-Party Providers: For authentication (Firebase), email (Gmail API, Microsoft Graph API), AI processing (OpenAI), payments (Stripe), hosting (Render, Firebase Hosting), and analytics. All are bound by contractual obligations to protect your data.
Third-Party Data Sources: Data from People Data Labs (PDL) and similar providers is used only for professional networking/recruiting functionality.
Business Transfers: If we undergo a merger, acquisition, or sale.
No Sale of Data: We do not sell, rent, or trade personal data.
No Advertising Use: We do not use Google user data or third-party data for advertising or unrelated marketing.
With Your Consent: We share data only for purposes you explicitly approve.

6. Google API Services User Data Policy

Offerloop.ai's use and transfer of information received from Google APIs strictly adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We only access Gmail data with your explicit consent through Google OAuth.
Requested scopes (e.g., gmail.readonly, gmail.compose, gmail.modify, gmail.metadata, gmail.insert, gmail.send, openid, userinfo.email, userinfo.profile) are used to:
- Save outreach emails into your Gmail Drafts folder at your request.
- Schedule and send emails on your behalf.
- Detect replies and update email status.
We never sell Gmail data or use it for advertising.
Humans cannot access Gmail content except with your explicit consent, for abuse/security investigations, to comply with law, or after anonymization/aggregation for service operations.
We do not use Gmail or Google Workspace data to train general AI/ML models.
You may revoke access at any time via your Google Account Security Settings.
Upon account deletion or revocation, associated Google data is promptly deleted from our systems, except where retention is legally required.

7. Data Retention

Account Data: Stored as long as your account is active.
Drafts & Emails: Retained only as long as needed to fulfill Service functions (draft storage, scheduling, reply detection).
Analytics Data: May be anonymized/aggregated for long-term storage.
Deletion Requests: Honored within 30 days, except where retention is legally required.
Export Rights: Users may request an export of their personal data in a machine-readable format (e.g., CSV or JSON) before deletion.

8. Your Rights & Choices

Depending on your jurisdiction, you may request:

Access to personal data we hold.
Correction of inaccuracies.
Deletion of personal data (with some legal/operational exceptions).
Restriction or objection to processing.
Data portability in machine-readable format.
Revocation of consent (e.g., disconnecting Google/Microsoft accounts).
Email tracking opt-out by disabling image loading in your client.
The right to lodge a complaint with a supervisory authority if you believe our processing violates applicable law.

Requests may be made via privacy@offerloop.ai or support@offerloop.ai.

9. Chrome Extension ("Offerloop for LinkedIn")

Our Chrome browser extension ("Offerloop for LinkedIn") provides additional functionality on LinkedIn. This section explains what data the extension accesses, how it is used, and how it complies with Chrome Web Store policies.

a. Browser Permissions

The extension requests the following Chrome permissions, each limited to what is necessary for its features:

tabs — Detects when you are viewing a LinkedIn profile or job posting so the extension can activate relevant features.
activeTab — Reads publicly visible LinkedIn page content (name, headline, company, position) when you click the extension icon.
storage — Saves your authentication state and preferences locally in your browser.
identity — Authenticates you via Google OAuth through the Chrome Identity API.
contextMenus — Provides right-click menu options for quick access to extension features.
notifications — Displays browser notifications when actions complete (e.g., draft saved).
downloads — Enables downloading of generated PDFs (Coffee Chat Prep, Interview Prep).

Host permissions are limited to https://*.linkedin.com/* (to read LinkedIn page content) and our backend server (to process requests).

b. Data the Extension Collects

LinkedIn Profile & Job Page Data: When you click the extension icon on a LinkedIn page, the extension reads publicly visible information from that page — such as the person's name, headline, current position, company, and profile URL, or job title, company, and description — and transmits it to our servers to power features like email lookup, outreach drafting, Coffee Chat Prep, Interview Prep, and cover letter generation.

Authentication Data: Your Google account email and profile information are collected during sign-in via Google OAuth (Chrome Identity API) and used solely for authentication.

Local Preferences: Settings and authentication state are stored locally in your browser using Chrome's storage API. This data never leaves your device.

c. How Extension Data Is Used

Looking up professional email addresses via our backend (People Data Labs).
Generating personalized outreach emails using AI (OpenAI).
Saving email drafts to your connected Gmail account at your request.
Generating Coffee Chat Prep and Interview Prep documents.
Generating cover letters based on job posting details.
Tracking your credit usage and subscription status.

d. What the Extension Does NOT Do

Does not track or store your general browsing history.
Does not collect data from any website other than LinkedIn.
Does not run in the background — it only activates when you click the extension icon or use the right-click menu.
Does not sell, rent, or trade any data collected through the extension.
Does not use any collected data for advertising, remarketing, or any purpose unrelated to Offerloop's core networking features.
Does not use data to train general AI or machine learning models.

e. Chrome Web Store User Data Policy Compliance

Offerloop for LinkedIn's use of data complies with the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically:

Data is used only to provide or improve the extension's single purpose: professional networking and outreach on LinkedIn.
Data is not transferred to third parties except as necessary to provide the service (e.g., our backend server, OpenAI for email generation, People Data Labs for email lookup).
Data is not used for personalized advertising, retargeting, or interest-based ads.
Humans do not read user data except (a) with your explicit consent for support purposes, (b) for security or abuse investigation, (c) to comply with applicable law, or (d) when aggregated and anonymized for internal operations.

f. Remote Code

The extension loads the Firebase Authentication SDK from Google's official CDN (gstatic.com) to securely handle user authentication. No other remote code is loaded.

g. Revoking Extension Access

You may uninstall the extension at any time from chrome://extensions. Upon uninstallation, all locally stored data is automatically removed. To request deletion of data stored on our servers, contact us at privacy@offerloop.ai.

10. Children's Privacy

The Services are not intended for children under 13 (or 16 in certain regions). We do not knowingly collect data from children under these ages. If such data is discovered, it will be deleted promptly.

11. International Data Transfers

Your information may be stored on servers located outside your home country (e.g., via Render and Firebase Hosting). By using the Services, you consent to international transfers as permitted by law.

12. Third-Party Websites & Services

Our Services may link to third-party sites (LinkedIn, Stripe, AI providers, etc.). We are not responsible for their practices; please review their privacy policies separately.

13. Cookies & Tracking Technologies

We use:

Session Cookies for secure navigation.
Preference Cookies for saved settings.
Analytics Cookies for performance insights.
Tracking Pixels & Links for email activity monitoring.

You may disable cookies in browser settings, though this may impact functionality.

14. Service Availability Disclaimer

The Services may rely on third-party infrastructure providers (e.g., Firebase, Render, OpenAI). While we use industry-standard practices to maintain availability, we cannot guarantee uninterrupted or error-free operation, and availability may depend on those providers.

15. Changes to This Policy

We may update this Privacy Policy periodically. Updates are effective immediately once posted with a new "Last Updated" date.

16. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

support@offerloop.ai (general inquiries)
privacy@offerloop.ai (privacy and data protection inquiries)