Legal

Privacy Policy

Last updated 2026-05-28

What we collect

When you sign up for Icebreakr we collect:

Your email address. If you sign in with Google, we also receive your name and profile picture from your Google account; if you use the email-code fallback, we only receive the email itself.
The information you enter on the onboarding form: name, LinkedIn URL, intent, target roles, optional pitch, optional resume text.
A cached snapshot of your public LinkedIn profile, fetched via a third-party API after you provide the URL — used to ground the messages we draft on your behalf.
For each research session: the URL of the LinkedIn profile you researched and the messages we generated. We keep this so you can review your history later.
Outcome signals you record against a message (sent, copied, replied, scheduled, no reply). We use these to power your dashboard; we never share them.
Anonymous product-usage analytics. When you use the extension or browse our website, we record non-identifying events — such as the extension popup opening, a message being generated, or a page being viewed — tied to a random analytics ID, not to your name or email. These never include your message contents or the profiles you research.

What we do with it

Personalize the messages we draft for you. Your data goes into the prompt sent to a third-party AI provider.
Show you your research history.
Send you transactional emails (sign-in codes only).
Understand how the product is used — which features people open, where they drop off — so we can improve it. This relies on the anonymous usage analytics described above.

We do not sell your data, share it with advertisers, or use it to train any AI model. We do not run ads or use advertising/retargeting trackers. The only third parties that receive any of your data are the service providers listed below, acting on our behalf.

Where it lives

Your data is stored on servers operated by us (Fly.io for compute, Neon for the Postgres database). When messages are generated, your data is sent — for the duration of that single API call — to a third-party AI provider, under their privacy policy.

Our marketing site and dashboard are hosted on Vercel. Vercel sees only the standard request metadata required to serve pages (IP, user-agent) — no application data passes through it.

Authentication is handled by WorkOS. When you choose "Sign in with Google," WorkOS brokers the OAuth handshake with Google on our behalf; both Google and WorkOS see the authentication request, and we receive your verified email, name, and profile picture from the response. When you choose the email-code fallback, WorkOS receives your email to deliver the one-time code. We never receive your Google password — Google handles that directly.

To fetch the public LinkedIn profiles you ask us to research, we call licensed third-party data providers. The profile URL you provide is sent to whichever provider answers; they do not receive your account email or your own profile.

For product analytics we use Google Analytics and Microsoft Clarity. They receive anonymized usage events — and, for Clarity, anonymized session interactions (clicks, scrolls, mouse movement) on the website — tied to a random analytics ID, never your name, email, or the contents of the messages we draft. Each operates under its own privacy policy.

Your rights

Delete everything.Open Settings → Account → Delete account, or contact support and we'll do it for you.
Export.Email us and we'll send you a JSON dump of every row associated with your account.
Sign out everywhere. Settings → Account → Sign out everywhere. Revokes all active sessions across all devices.

Cookies & analytics

Our own cookie is ib_session — an opaque session identifier set after sign-in. HttpOnly + Secure, scoped to our own API.

Our website also loads Google Analytics and Microsoft Clarity, which set their own cookies and local-storage entries (such as _ga, _clck, and _clsk) to measure usage and, for Clarity, record anonymized session interactions. These are analytics cookies — we do not use advertising, retargeting, or cross-site tracking cookies.

The Icebreakr Chrome extension does not use cookies for analytics. It stores a random analytics ID in the extension's own local storage and sends anonymized usage events directly to Google Analytics.

Contact

Questions or requests: samrat.mukherjee2022@gmail.com.

← Back home

What we collect

When you sign up for Icebreakr we collect:

Your email address. If you sign in with Google, we also receive your name and profile picture from your Google account; if you use the email-code fallback, we only receive the email itself.

The information you enter on the onboarding form: name, LinkedIn URL, intent, target roles, optional pitch, optional resume text.

A cached snapshot of your public LinkedIn profile, fetched via a third-party API after you provide the URL — used to ground the messages we draft on your behalf.

For each research session: the URL of the LinkedIn profile you researched and the messages we generated. We keep this so you can review your history later.

Outcome signals you record against a message (sent, copied, replied, scheduled, no reply). We use these to power your dashboard; we never share them.

Anonymous product-usage analytics. When you use the extension or browse our website, we record non-identifying events — such as the extension popup opening, a message being generated, or a page being viewed — tied to a random analytics ID, not to your name or email. These never include your message contents or the profiles you research.

What we do with it

Personalize the messages we draft for you. Your data goes into the prompt sent to a third-party AI provider.

Show you your research history.

Send you transactional emails (sign-in codes only).

Understand how the product is used — which features people open, where they drop off — so we can improve it. This relies on the anonymous usage analytics described above.

Where it lives

Our marketing site and dashboard are hosted on Vercel. Vercel sees only the standard request metadata required to serve pages (IP, user-agent) — no application data passes through it.

Your rights

Delete everything.Open Settings → Account → Delete account, or contact support and we'll do it for you.

Export.Email us and we'll send you a JSON dump of every row associated with your account.

Sign out everywhere. Settings → Account → Sign out everywhere. Revokes all active sessions across all devices.

Cookies & analytics

Our own cookie is ib_session — an opaque session identifier set after sign-in. HttpOnly + Secure, scoped to our own API.

The Icebreakr Chrome extension does not use cookies for analytics. It stores a random analytics ID in the extension's own local storage and sends anonymized usage events directly to Google Analytics.