This Privacy Policy describes how Cherlok collects, uses, and protects its users' data. Protecting your personal data is a priority. Cherlok operates through a Chrome extension connected to a secure dashboard at app.cherlok.com, minimizing the exposure of your data.
In SaaS mode, Cherlok stores data in your secure account on app.cherlok.com. The Chrome extension transmits data collected from LinkedIn to this dashboard. Here are the categories of data:
- User profile: first name, professional bio, booking links, prospecting preferences.
- LinkedIn session: session cookies used to verify LinkedIn login status. These cookies are never transmitted to a third-party server.
- Contact history: names of people contacted and dates, to prevent duplicates.
- Prospect data: enriched information from LinkedIn contacts (headline, conversation summary).
- Blacklist: names and companies to exclude from prospecting.
All data is stored in your secure Cherlok account (Supabase database hosted in Europe). It is never sold or shared with third parties.
To generate personalized messages, Cherlok sends requests to an artificial intelligence model via a secure proxy (Cloudflare Worker). The only data transmitted is:
- The LinkedIn contact's first name.
- The contact's headline (professional title).
- The content of the current conversation (for contextual replies).
- Your profile information needed for message personalization (bio, offer).
None of this data is stored server-side. The proxy forwards the request to the AI provider and returns the response without retaining a copy. All requests are encrypted in transit via HTTPS.
The Cherlok Chrome Extension collects the following data when you use LinkedIn:
- Names, professional headlines, and profile URLs of LinkedIn contacts (during search scans, conversations, and profile visitor views)
- LinkedIn conversation content (for generating personalized AI replies)
- LinkedIn search results (for sending targeted connection invitations)
- Engagement activity on your posts (likes, comments — for intent signal detection)
This data is transmitted to app.cherlok.com to power the campaign management dashboard. It is never sold or shared with third parties.
Data collected by the extension is transmitted exclusively to the following services:
- app.cherlok.com: campaign management dashboard (campaign logs, prospect CRM, contact history, AI generation)
- Secure Cloudflare proxy: encrypted relay to the Anthropic API for AI message generation
No data is sold to third parties. No data is shared with advertisers. All transmissions are encrypted via HTTPS. The proxy retains no copies of data after processing.
The Cherlok extension uses the following Chrome permissions:
- storage: saves your preferences, authentication token, and campaign settings
- alarms: schedules periodic checks (autopilot timing, connection status verification)
- tabs: navigates between LinkedIn tabs during campaign execution
- activeTab: accesses the content of the active tab when a user-initiated action occurs
- cookies: verifies LinkedIn login status
- Access to linkedin.com: injects automation scripts on LinkedIn pages
- Access to app.cherlok.com: enables real-time synchronization with the dashboard
No remote code is executed. All JavaScript in the extension is bundled locally in the package.
For Pro plan users, the subscription is validated via Stripe. Only the Stripe customer ID is used during this verification. No additional personal data is sent. The validation result is cached for 1 hour to limit network calls.
Cherlok uses PostHog for product analytics (pages visited, key actions) and Sentry for technical error monitoring. No advertising cookies are used. No data is shared with advertisers. The only session cookies are LinkedIn's, required for the tool to function, and the Supabase authentication cookie for the dashboard.
In accordance with the General Data Protection Regulation (GDPR), you have the following rights:
- Right of access: all your data is accessible from the Cherlok dashboard at app.cherlok.com.
- Right to rectification: you can modify your data at any time via the dashboard.
- Right to erasure: you can request the deletion of your account and all associated data by contacting us.
- Right to data portability: you can export your prospect data in CSV format from the dashboard.
Data is retained in your Cherlok account as long as it remains active. Deleting your account results in the deletion of all stored data. No data is retained on a remote server after AI requests are processed.
Cherlok implements the following security measures:
- Secure authentication via magic link (Supabase Auth).
- HTTPS encryption for all network communications (AI proxy, dashboard, license validation).
- Supabase database with Row Level Security (RLS) — each user can only access their own data.
- Anthropic API key stored server-side only (Cloudflare proxy) — never exposed on the client side.
For any questions regarding the protection of your personal data, you can contact us at the following address: contact@cherlok.com
This Privacy Policy may be updated to reflect changes in the application or applicable regulations. Users will be notified of any substantial changes via the application.
Last updated: March 2026