Circles LogoCircles

Privacy Policy

Effective Date: 8/21/2025

1. Introduction

Welcome to Circles ("we", "our", "us"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our Chrome Extension ("Service"). By using Circles, you agree to the collection and use of information in accordance with this policy.

Data Controller: Circles Extension

Contact: support@circles-extension.com

Data Protection Officer: support@circles-extension.com

This Privacy Policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and French data protection laws.

2. Information We Collect

2.1 Information You Provide

Account Information

  • Email address
  • Name (optional)
  • Profile photo (if using Google SSO)
  • Password (encrypted and managed by Firebase)

User-Created Content

  • Tags you create for organizing connections
  • Notes you add to LinkedIn profiles
  • Custom tag colors and preferences
  • Import/export data files

2.2 Information Collected Automatically

Usage Data

  • Features used within the extension
  • Number of tags, connections, and notes created
  • Last activity timestamps
  • Subscription status and plan type

Technical Information

  • Chrome extension ID
  • Browser type (Chrome)
  • Authentication tokens (managed by Firebase)
  • Error logs for troubleshooting

2.3 LinkedIn Data

Profile Information (stored locally only)

  • LinkedIn profile IDs
  • Connection names
  • Profile URLs
  • Profile metadata (when you interact with profiles)

Important: We do not directly access your LinkedIn account. The extension only processes publicly visible information from pages you visit.

3. How We Use Your Information

3.1 Provide Core Functionality

  • Enable tagging and note-taking features
  • Store and retrieve your organizational data
  • Synchronize data across browser sessions
  • Process import/export operations

3.2 Maintain and Improve Service

  • Authenticate and manage user accounts
  • Enforce usage limits for different plan tiers
  • Provide customer support
  • Fix bugs and improve performance
  • Develop new features

3.3 Communications

  • Send important service updates
  • Respond to support requests
  • Send email verification for new accounts

4. Legal Basis for Processing (GDPR)

4.1 Contract Performance

Processing necessary to provide the Service you've requested, including:

  • Account creation and management
  • Core functionality delivery
  • Customer support

4.2 Legitimate Interests

Processing for our legitimate interests, including:

  • Service improvement and development
  • Security and fraud prevention
  • Technical troubleshooting
  • Usage analytics (anonymized)

4.3 Consent

Where you've given explicit consent for:

  • Optional features
  • Marketing communications (if applicable)
  • Data sharing with third parties (when requested)

4.4 Legal Obligations

Processing necessary to comply with legal requirements, including:

  • Tax and accounting obligations
  • Court orders and legal requests
  • Data protection regulations

You may withdraw consent at any time where consent is the legal basis for processing.

5. Data Storage and Security

5.1 Where We Store Data

Local Storage

  • Connection data, tags, and notes are primarily stored in Chrome's local storage
  • This data remains on your device unless explicitly synced

Cloud Storage (Firebase)

  • Authentication credentials
  • User account information
  • Subscription status
  • Backup data (if opted in)

5.2 Data Isolation

Each user's data is stored with unique identifiers (user_[uid]_*) ensuring complete isolation between accounts.

5.3 Security Measures

  • Encrypted data transmission (HTTPS/TLS)
  • Firebase Authentication security protocols
  • Secure password hashing
  • Regular security updates
  • Access controls and authentication requirements

6. Data Sharing and Disclosure

6.1 We Do NOT:

  • Sell your personal information
  • Share your tags or notes with other users
  • Access your LinkedIn credentials
  • Share data with advertisers
  • Use your data for marketing without consent

6.2 We May Share Data:

  • With Service Providers: Firebase (Google) for authentication and data storage (with appropriate data processing agreements)
  • For Legal Requirements: If required by law, court order, or government request
  • With Your Consent: When you explicitly authorize sharing
  • Business Transfers: In case of merger, acquisition, or sale of assets (with notification)

All data processors are required to comply with GDPR requirements.

7. Your Rights and Choices (GDPR Enhanced)

7.1 Your Rights Under GDPR

As an EU resident, you have the following rights:

Right to Access (Article 15 GDPR)

  • Request a copy of your personal data
  • Receive information about how we process it
  • Obtain confirmation whether we process your data

Right to Rectification (Article 16 GDPR)

  • Correct inaccurate personal data
  • Complete incomplete personal data

Right to Erasure/"Right to be Forgotten" (Article 17 GDPR)

  • Request deletion of your personal data
  • Applies when data is no longer necessary or consent is withdrawn

Right to Restrict Processing (Article 18 GDPR)

  • Limit how we use your data
  • Applies while we verify accuracy or assess legitimate interests

Right to Data Portability (Article 20 GDPR)

  • Receive your data in a structured, machine-readable format
  • Transfer your data to another service provider

Right to Object (Article 21 GDPR)

  • Object to processing based on legitimate interests
  • Object to direct marketing at any time

7.2 Exercising Your Rights

To exercise any of these rights:

  1. Contact us at support@circles-extension.com
  2. We will respond within 30 days
  3. We may request identity verification
  4. These rights are provided free of charge

Right to Lodge a Complaint

File a complaint with the French Data Protection Authority (CNIL)

Website: www.cnil.fr

Address: 3 Place de Fontenoy, 75007 Paris, France

7.3 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects.

8. Data Retention

8.1 Active Accounts

We retain your data as long as your account is active and for the duration necessary to provide our services.

8.2 Inactive Accounts

  • Accounts inactive for 12 months may be flagged for deletion
  • You will be notified before any deletion occurs

8.3 After Account Deletion

  • Most data is deleted immediately
  • Some data may be retained for up to 90 days in backups
  • Anonymized usage statistics may be retained

9. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the new policy with an updated date
  • Sending an email notification (for registered users)
  • Displaying a notice in the extension

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@circles-extension.com

Website: www.circles-extension.com/privacy

Data Protection Officer: support@circles-extension.com

Last Updated: 8/21/2025

By using the Circles Chrome Extension, you acknowledge that you have read and understood this Privacy Policy.