Free B2B Leads — Privacy Policy
Prospect Intelligence Chrome Extension · v5.3.3
1. What This Extension Does
Free B2B Leads is a Chrome extension that provides B2B contact intelligence in a persistent side panel. When you visit a business website, it can look up company information and contacts using third-party data supplier APIs.
2. Data We Collect
We do not operate any data collection servers. The extension connects directly to third-party APIs using API keys that you provide. No data flows through our servers unless you explicitly enable optional features (see below).
3. What Runs Automatically
- Content script (domain detection) — Runs on every page you visit. Reads only: the website domain name, page title, meta description tag, and script/stylesheet URLs for technology-stack detection. Does NOT read page body text, form inputs, passwords, or browsing history.
- LinkedIn Person Mode — On LinkedIn profile pages (
linkedin.com/in/...), the content script additionally reads: the person's name, job title, company, and location from JSON-LD structured data, OpenGraph meta tags, and page heading elements. Only publicly visible profile information is read — no login credentials, messages, or connection data.
- Background health checks — Polls
localhost:8000 and localhost:9090 (your own local apps) every 30 seconds to check if Hunt Leads or Cockpit are running. No external servers are contacted.
- License check — Validates paid license keys against the configured license server (see Settings). A background alarm may re-check periodically. Local Hunt Leads / Cockpit health polling is separate.
4. What Runs Only When You Act
- Domain lookup — When a domain is detected or you trigger a lookup, the extension calls third-party APIs (Apollo, Hunter, PDL, etc.) using your API keys.
- CRM push — Contact data is sent to HubSpot, Salesforce, Pipedrive, or your webhook only when you click a push button.
- Auto-Sync — If you enable this optional feature in Settings, contacts are automatically pushed to a configured CRM destination after each lookup, with a 3-second cancellable delay. Off by default. You control which CRM destination receives auto-pushed contacts.
- AI analysis — If you provide an OpenAI API key, company summaries and lead scoring insights are generated by sending company metadata (name, domain, industry, employee count) to the OpenAI API. No personal contact data is sent to OpenAI — only company-level information. Alternatively, AI analysis can be routed through your local Hunt Leads instance for fully offline classification.
- Gmail compose assist — On Gmail pages, the extension can insert AI-drafted outreach text into a compose window when you click "Draft Outreach." It reads the recipient email address from the compose header to personalize the template. It does not read message bodies, attachments, or inbox content.
5. Data Storage
- API keys — Stored in
chrome.storage.local (device-only, not synced to Google cloud). Can be encrypted with AES-256-GCM when you set a passphrase in Settings.
- Preferences — UI settings stored in
chrome.storage.sync (synced across Chrome profiles). No sensitive data — only display preferences, AI model selection, and CPS template names.
- Cached data — Domain lookups cached in
chrome.storage.local with automatic pruning (max 200 entries, configurable TTL).
- Push history — A local log of contacts pushed to CRM destinations, used for duplicate prevention. Stored in
chrome.storage.local. Never transmitted externally.
6. Optional Contributor Mode
Off by default. When enabled, discovered contacts may be shared with the DatabaseEmailer network. This is clearly labeled in Settings and requires you to enter a contributor email and verify it. This feature is currently marked "Coming Soon" and is not active.
7. Third-Party APIs
The extension may connect to the following services using API keys you provide:
- Apollo.io, Hunter.io, People Data Labs, Seamless.AI, FullContact — contact enrichment
- BuiltWith — technology detection
- Google Places, Abstract — business data and email validation
- Serper, SerpAPI, Google Custom Search — prospect search
- OpenAI — AI company analysis (optional, user-supplied key, only company metadata sent)
- HubSpot, Salesforce, Pipedrive — CRM push (optional)
- Custom Webhook URL — universal integration (Zapier, Make, n8n, etc.)
Each service has its own privacy policy. We encourage you to review them.
8. Permissions Explained
- Content scripts (http/https matches) — General pages use
content.js; LinkedIn and Gmail use dedicated inject scripts. They read only metadata needed for enrichment (domain, title, meta tags, script URLs; LinkedIn public profile fields where applicable). No passwords, messages, or inbox body scraping.
- Host permissions - Declared API endpoints (suppliers, CRM, OpenAI, license server, Gmail, etc.). Optional broad
http(s)://*/* can be granted by the user for full-page features.
storage / unlimitedStorage — Save settings and cached lookups locally.identity — Used where Chrome identity flows are required for connected features.scripting — Used by scanPageForDomains() to inject an on-demand domain scanner when you are browsing for prospects.alarms — Hourly license re-check (backs off to daily if services are offline).contextMenus — Adds right-click menu options for manual domain lookup, CPS queue, Hunt Leads enrichment, and Clip to Notes (captures page title, URL, and selected text into your local per-domain notes — stored only in chrome.storage.local, never transmitted).
9. Chrome Web Store Limited Use Disclosure
This extension's use of information received from Chrome APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements:
- Data obtained through Chrome APIs is used solely to provide and improve the extension's user-facing features (domain enrichment, contact discovery, CRM push, and AI analysis).
- Data is not sold to third parties.
- Data is not used for advertising, user profiling, or creditworthiness assessment.
- Data is not transferred to third parties except as necessary to provide the features you configure (e.g., sending contacts to your CRM when you click Push, or querying supplier APIs with your keys).
- Human access to user data is limited to debugging with user consent or as required by law.
10. No Tracking
This extension contains no analytics, no telemetry, no advertising, and no tracking pixels. We do not collect usage data. There are no calls to Google Analytics, Mixpanel, Segment, or any other analytics service from extension code.
11. Contact
For privacy questions, contact privacy@databaseemailer.com
Last updated: March 19, 2026 · v5.3.3