EngagePath Privacy Policy

1. Purpose and Scope

This Privacy Policy primarily applies to information that we collect online, but it may also apply to information collected offline (e.g., phone or mail communications).

Additionally, while providing our services on behalf of our registered users, we may collect information related to viewers. The use of information collected on behalf of our users is governed primarily by our contractual agreements with them and their privacy policies. We are not responsible for third-party privacy policies or their data collection practices.

For users of the EngagePath Chrome Extension, additional privacy considerations apply, including:

• Permissions requested and their purposes
• Handling of browsing data and local storage
• Data security and retention practices

2. How We Collect Data About You

We may collect different types of data depending on how you use EngagePath.

A. Data Provided by Registered Users

Account Creation and Login

When you use the EngagePath Chrome Extension, create an account, or log into your account, we may collect the following personal information:

• First name
• Last name
• Social media account (if linked)
• Email address
• Password

B. Data Collected Through Automated Means

1. System Data

We may collect technical data about your device to improve functionality and performance, such as:

• Device type
• Operating system
• Browser type and version (for Chrome Extension users)
• IP address

2. Browsing Data (Only for Chrome Extension Users)

If permitted by the user, the EngagePath Chrome Extension may access limited browsing data to enable features such as:

• Interacting with specific social media platforms
• Enhancing productivity and automation features

We do NOT collect your full browsing history, nor do we track your activity beyond what is necessary for the extension's intended use.

3. User-Generated Content

We collect information and materials that users voluntarily provide, including:

• Text, photos, and videos associated with their EngagePath account
• Comments, messages, or other content generated within the service

C. Data Collected from Third Parties

Integration with Third-Party Services

When you connect EngagePath to your social media accounts or other third-party services, we may store data relevant to enabling the Service.

For Chrome Extension users:

• The extension may request permissions to interact with social media accounts but does not store login credentials.
• Some integration data may be stored locally on your device to improve functionality.

D. Data Collected During Transactions

For users engaging in paid services or transactions, we may collect:

• Type of service requested
• Order details
• Payment & transaction information (merchant name, payment method, amount)
• Date and time of the transaction

We use third-party payment processors for transactions and do not store credit card or banking details on our servers.

3. Chrome Extension-Specific Data Collection

When you install and use the EngagePath Chrome Extension, we may collect and process specific information necessary to support its core functionality, particularly in its integration with LinkedIn.

A. Permissions and Justification

The EngagePath Chrome Extension may request the following permissions:

• "tabs" permission – Used to access metadata like the current tab's URL and title. This ensures the extension only activates on supported LinkedIn pages and injects content appropriately. It also enables the opening of specific tabs, such as dashboards or onboarding settings, as part of the user flow.
• "storage" permission – Enables saving of user preferences (e.g., Ideal Customer Profile (ICP) criteria, display settings, and recently viewed LinkedIn profiles) locally in the browser. This creates a consistent and personalized user experience across sessions. The API token is also stored locally to persist login state between browser sessions.
• "cookies" permission – Used to detect the user's logged-in state on LinkedIn and maintain session context for accurate and personalized profile analysis. This ensures the extension can deliver insights tied to the correct account without storing sensitive cookie data.
• "alarms" permission – Functions as a job scheduler, enabling the extension to periodically refresh session tokens and monitor tab activity. This allows for continuous real-time analysis without requiring constant user interaction and prevents session timeout issues.
• Host permissions – Required for https://www.linkedin.com/*. These permissions allow the extension to read profile data, analyze information in real-time, and present results directly within the LinkedIn UI. This access is essential to deliver the extension's primary features.
• Remote code usage – The extension loads some resources (e.g., AI logic, UI components) from secure, version-controlled remote servers such as https://cdn.engagepath.com/. This allows real-time updates to the extension's capabilities without requiring users to manually reinstall it. All remote code is rigorously tested to ensure safety and performance.

We do not collect or store full browsing history or personal data beyond what is explicitly required for the extension to function effectively.

B. Local Storage and Data Retention

• Certain data (e.g., user settings, session tokens, and browsing context relevant to LinkedIn) is stored locally in the user's browser via Chrome's local storage API.
• This data is only transmitted to our servers if necessary—for instance, to authenticate users or sync data between the Chrome Extension and our SaaS platform.
• Uninstalling the Chrome Extension removes all locally stored data associated with the extension from the user's browser.

4. How We Use Your Personal Information

We use your data to:

• Provide and improve our services
• Manage your account and authentication
• Respond to customer support inquiries
• Enable Chrome Extension features
• Prevent fraud and ensure security

5. Who Has Access to Your Data?

A. Within Our Organization

Access to user data is limited to employees who require it for service delivery, including:

• Customer support
• Product development
• Marketing (if the user has opted in)

B. Third-Party Processors

We may use service providers for:

• Payment processing
• Analytics
• Data hosting
• Feature enablement

We ensure these providers adhere to strict data protection policies through contractual agreements.

Some of our processors may operate outside your country of residence, including in the United States. When data is transferred internationally, we ensure that appropriate safeguards are in place - such as Standard Contractual Clauses (SCCs) or equivalent frameworks - to comply with applicable data protection laws, including the GDPR.

C. Compliance with Legal Obligations

We may disclose personal information when required to do so by law or when such disclosure is necessary to:

• Comply with a legal obligation, regulation, subpoena, or court order
• Respond to lawful requests by public authorities
• Protect the rights, property, or safety of Full Scale LLC, our users, or others

D. Transfer of Business

If we (or our assets) are acquired, or if we go out of business, enter bankruptcy or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party.

6. Data Retention and Deletion Policy

We retain your data only as long as necessary for the purposes outlined in this policy. For most users, server-stored data is retained for a standard period of 60 days following account termination unless otherwise required by law or regulatory compliance.

For Chrome Extension users:

• Locally stored data is deleted when the extension is uninstalled.
• Data synced with our servers (e.g., authentication tokens or usage activity) is subject to the same 60-day retention window after account deletion or inactivity.

To request deletion, email us at privacy@EngagePath.com.

7. Security Measures

We employ a combination of technical, administrative, and organizational safeguards to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption protocols to protect data during transmission (e.g., HTTPS/SSL) and, where applicable, at rest
• Secure access controls, such as multi-factor authentication and role-based permissions, to ensure that only authorized personnel can access sensitive data
• Regular security audits and vulnerability assessments to identify and mitigate risks
• Employee training on data privacy, security best practices, and phishing awareness

While we follow industry best practices, no method of data transmission or storage is completely secure. Therefore, we encourage users to take their own precautions as well - such as using strong passwords, logging out from shared devices, and promptly reporting any suspicious activity.

8. Your Rights Under GDPR & CCPA

If you are located in the European Union (EU) under the General Data Protection Regulation (GDPR), or in California under the California Consumer Privacy Act (CCPA), you are entitled to certain rights regarding your personal data. These rights may include:

• The right to access the data we hold about you
• The right to request deletion of your personal data
• The right to correct or update inaccurate or incomplete personal data
• The right to opt out of data processing for marketing or analytics (where applicable)
• The right to know what categories of personal information we collect and how it is used
• The right to withdraw consent at any time if our processing is based on your consent
• The right to request a copy of your data in a structured, commonly used, and machine-readable format (data portability)

Under the GDPR, we process your personal data based on one or more of the following legal bases:

• Your consent, which you may withdraw at any time
• Our contractual obligation to deliver EngagePath services
• Our legitimate interest in operating, maintaining, and improving the platform

To exercise any of these rights, or if you have questions about how we process your data, please contact us at privacy@EngagePath.com. We will respond to your request within a reasonable timeframe, typically within 30 days.

9. Our Policy on Children's Data

EngagePath is not directed to children under the age of 13, and we do not knowingly collect personal information from anyone under 13 in accordance with the Children's Online Privacy Protection Act (COPPA). Additionally, our services are intended only for individuals aged 18 and older. If we learn that we have inadvertently collected personal data from a child, we will take steps to delete it promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal obligations, or for other operational reasons.

When we make material changes - such as updates to the types of data we collect, how we use it, or who we share it with - we will take appropriate steps to notify you. This may include:

• Posting an updated version of the policy on our website
• Updating the "Last Updated" date at the top of the policy
• Sending you an email or in-app notification (if you are a registered user)

For changes that affect users in jurisdictions with enhanced data protection laws (such as the GDPR or CCPA), we will comply with applicable notification or consent requirements.

We encourage you to review this Privacy Policy periodically. Continued use of EngagePath after changes become effective constitutes your acceptance of the updated policy.

11. Contact Us

If you have privacy-related questions or concerns, please reach out to us at privacy@EngagePath.com, or for general inquiries, use support@EngagePath.com.