Browser Extension Privacy Policy - Trobyx Platform Connector

1. Introduction and Overview

The Trobyx Platform Connector is a browser extension designed to securely connect your LinkedIn and Twitter accounts to the Trobyx automation platform. This privacy policy explains our data practices, your rights, and our commitment to protecting your information.

🔐 Key Privacy Principles:

• We never collect or store your passwords
• You manually log into platforms - we only capture session cookies
• All data is encrypted before transmission and storage
• You maintain full control over your connections and data
• We do not share your data with third parties

2. Information We Collect

Session Authentication Data

• Session cookies from LinkedIn and Twitter (only after you manually log in)
• Authentication tokens for platform access
• Connection timestamps and status
• Platform-specific session identifiers

Basic Profile Information

• Your Trobyx account email address
• Username and display name from connected platforms
• Profile URLs for connected accounts
• Account verification status

Technical Data

• Extension version and browser information
• Error logs for debugging (no personal data included)
• Performance metrics for service improvement
• Security monitoring data

❌ What We DO NOT Collect:

• Your passwords or login credentials
• Private messages or direct message content
• Personal files or documents
• Browsing history outside platform domains
• Financial or payment information

3. Browser Permissions Explained

Our extension requires specific browser permissions to function. Here's exactly why we need each permission:

🟢 activeTab

Purpose: Detect when you complete login on LinkedIn or Twitter

Access: Only the currently active tab, only when you click our extension

🍪 cookies

Purpose: Capture authentication session cookies after you manually log in

Access: Only LinkedIn and Twitter authentication cookies

💾 storage

Purpose: Store your preferences and connection status locally

Access: Local browser storage only, no external access

📋 tabs

Purpose: Open LinkedIn and Twitter login pages when you connect accounts

Access: Only to open specific platform login URLs

🔔 notifications

Purpose: Show connection status alerts and important updates

Access: Browser notification system only

🖱️ contextMenus

Purpose: Add right-click options for quick platform connections

Access: Browser context menu system only

🌐 Host Permissions

Domains: linkedin.com, twitter.com, x.com, trobyx.com

Purpose: Communicate with these platforms and our secure backend

4. How We Use Your Information

🔗 Platform Authentication

Maintain secure connections to LinkedIn and Twitter for automation features

⚙️ Service Provision

Enable Trobyx automation features and workflows on connected platforms

🛠️ Technical Support

Provide customer support and troubleshoot connection issues

🔒 Security Monitoring

Detect and prevent unauthorized access or fraudulent activity

📊 Service Improvement

Analyze usage patterns to improve extension performance and reliability

5. Data Security and Storage

🔐 Security Measures

• HTTPS encryption for all data transmission
• Industry-standard AES-256 encryption for stored data
• Regular security audits and penetration testing
• Secure API endpoints with rate limiting
• Multi-factor authentication for backend access
• Zero-trust network architecture

💾 Data Storage

• All data encrypted before storage in secure Trobyx backend
• Session cookies expire according to platform policies
• Local browser storage cleared when extension is uninstalled
• Regular automated backups with encryption
• Geographically distributed secure data centers

⚠️ Important Security Notes

• We never store passwords - you log in manually each time
• Session cookies are encrypted and have limited lifespans
• All communication uses end-to-end encryption
• Immediate revocation available through your Trobyx dashboard

6. Data Sharing and Third Parties

✅ Our Commitment

We do not sell, rent, or share your personal data with third parties.

Limited Exceptions (Legal Requirements Only):

• Legal compliance when required by law
• Protection of rights, property, or safety
• Fraud prevention and security investigations
• Business transfers (with same privacy protections)

🤝 Service Providers

We may work with trusted service providers (hosting, analytics) who are contractually bound to protect your data and cannot use it for their own purposes.

7. Your Rights and Controls

You have complete control over your data and connections:

🔌 Disconnect Anytime

Remove platform connections instantly through your Trobyx dashboard

🗑️ Delete All Data

Request complete data deletion through your account settings or hello@trobyx.com

📄 Export Your Data

Request a copy of all your data in machine-readable format

✏️ Correct Information

Update or correct any inaccurate personal information

🛑 Uninstall Extension

Removing the extension automatically deletes all local data

🌍 GDPR Rights (EU Users)

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

🏛️ CCPA Rights (California Users)

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising privacy rights

8. Legal Basis for Processing (GDPR)

✅ Consent

You explicitly consent by connecting your accounts through our extension

📋 Contract

Processing necessary for providing the Trobyx automation services you requested

🔒 Legitimate Interest

Security monitoring and fraud prevention to protect our users and service

9. Data Retention Policies

🔗 Active Connections

Retained until you disconnect accounts or delete your Trobyx account

🗑️ Deleted Accounts

All data permanently deleted within 30 days of account deletion

🛡️ Security Logs

Kept for maximum 90 days for security and fraud prevention

💾 Backup Data

Encrypted backups retained for maximum 1 year, then permanently deleted

10. International Data Transfers

Our servers are located in secure data centers with appropriate safeguards:

EU-US Data Privacy Framework compliance
Standard Contractual Clauses (SCCs) for EU data
Adequacy decisions recognition where applicable
Regular compliance audits and certifications

11. Children's Privacy (COPPA)

⚠️ Age Requirement

Our extension is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete such information. Parents who believe their child has provided personal information should contact us at hello@trobyx.com.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time. When we do:

We will update the "Last Updated" date at the top of this policy
Material changes will be communicated via email or extension notification
Continued use of the extension constitutes acceptance of changes
Previous versions available upon request

13. Contact Information

For privacy-related questions, concerns, or requests, please contact us:

📧 Contact Details

Privacy Email: hello@trobyx.com

Website: https://trobyx.com

Support: https://trobyx.com/support

Response Time: We aim to respond within 48 hours

🚀 Data Subject Requests

For GDPR or CCPA requests (access, deletion, portability), please email hello@trobyx.com with "Data Subject Request" in the subject line. Include your Trobyx account email for verification.