Privacy Policy

1. Introduction

SHARECO DEVELOPMENT INC. ("ShareCo," "we," "our," or "us") is a corporation incorporated under the laws of the Province of Alberta, Canada. We operate SalesSync, a Chrome browser extension and web application that helps sales professionals save LinkedIn profile information to Salesforce and Google Sheets.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website (shareco.ca), our Chrome extension, and any related services (collectively, the "Service"). By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

We collect the following categories of information in connection with the Service:

2.1 Account Information

When you create an account, we collect your name, email address, and password. Passwords are never stored in plain text; we store only a cryptographic hash. If you sign in with Google, we receive your email and basic profile information from Google.

2.2 LinkedIn Profile URLs

When you browse LinkedIn with the extension active, we read the URL of the LinkedIn profile page you are viewing. We do not read, scrape, or extract any content from the LinkedIn page itself. The extension reads only window.location.href and document.title to identify the profile.

2.3 Salesforce Connection Data

When you connect your Salesforce account, we store OAuth access and refresh tokens to maintain your connection. These tokens are encrypted at rest using AES-256-CBC encryption. We also store your Salesforce instance URL and organization ID to route API requests correctly.

2.4 Google Account Information

If you use the Google Sheets integration, we authenticate through Chrome's identity API to obtain an OAuth token scoped to Google Sheets. We store only the minimum information necessary to write data to your selected spreadsheet.

2.5 Contact Data You Save

When you save a contact through the extension, we store the contact record including names, job titles, company names, email addresses, phone numbers, LinkedIn profile URLs, and any enrichment data you request. This data is used to provide duplicate detection, sync history, and usage tracking.

2.6 Extension Usage Data

We collect usage metrics including the number of profiles saved, enrichment requests made, ICP scores generated, and feature interactions. This data is used to enforce plan limits, generate usage analytics for your dashboard, and improve the Service.

2.7 ICP Documents

If you upload an Ideal Customer Profile (ICP) document, it is processed by AI to extract structured scoring criteria (industries, company sizes, job titles, and other attributes). The original document content is processed during parsing and stored as structured criteria in our database.

3. How We Use Your Data

We use the information we collect for the following purposes:

• •Provide the Service: Save contacts to Salesforce and Google Sheets, detect duplicates, enforce plan limits, and display your sync history
• •Process enrichment requests: Send contact identifiers to third-party enrichment providers to find verified email addresses and phone numbers on your behalf
• •Generate AI ICP scores: Score LinkedIn prospects against your uploaded ICP criteria using AI models
• •Send transactional emails: Account verification, password resets, billing notifications, and important service updates via Resend
• •Process payments: Manage your subscription, process charges, and handle billing through Polar.sh
• •Monitor errors: Identify and resolve bugs and performance issues through Sentry error tracking
• •Improve the Service: Analyze aggregate usage patterns to inform product development and improve features

4. Data Storage and Security

We take the security of your data seriously and implement the following measures:

• •Database: All account and contact data is stored in a PostgreSQL database with encryption at rest
• •Token encryption: Salesforce OAuth tokens are encrypted using AES-256-CBC with a dedicated encryption key before being stored
• •Transport security: All data in transit is protected by HTTPS (TLS). No unencrypted connections are accepted
• •Infrastructure: The Service is hosted on self-managed infrastructure (Coolify) with access controls, automated backups, and security monitoring
• •Password security: User passwords are hashed using industry-standard algorithms and are never stored in plain text

We never store your Salesforce password or Google password. Authentication uses OAuth 2.0 — we receive a revocable access token, not your credentials. Tokens are encrypted with AES-256-CBC and can be revoked at any time from your Salesforce or Google account settings.

5. Third-Party Services

We share data with third-party services as necessary to operate the Service. Each service receives only the minimum data required for its function:

• •Salesforce: Contact data is sent to your Salesforce instance to create or update records. Your use of Salesforce is governed by Salesforce's own privacy policy.
• •Google Workspace (Sheets API): Contact data is written to your selected Google Sheet. Governed by Google's privacy policy.
• •AI processing: ICP document content is sent to AI providers for parsing and structuring. These providers process data per their API data usage policies and do not use API inputs to train their models.

We also use industry-standard third-party services for email delivery, payment processing, error monitoring, and contact data enrichment. These services process data in accordance with their own privacy policies. We do not sell your data to any third party.

6. Chrome Extension Permissions Explained

The SalesSync Chrome extension requests the following permissions. Each permission is used only for the purpose described:

• •storage: Save your preferences, authentication tokens, and cached data locally in your browser using Chrome's storage API
• •tabs: Detect when you navigate to a LinkedIn profile page so the extension can display the save panel
• •cookies: Maintain your authentication session with the ShareCo service
• •identity: Authenticate with Google for the Google Sheets integration using Chrome's built-in OAuth flow
• •alarms: Schedule background tasks for enrichment result polling and session management
• •Host permission for linkedin.com: Display the SalesSync panel on LinkedIn profile pages and read the page URL
• •Host permission for shareco.ca: Communicate with the ShareCo API for authentication, contact saves, enrichment, and ICP scoring
• •Host permission for sheets.googleapis.com: Write contact data to your Google Sheets spreadsheet

7. Data Retention

We retain your data for the following periods:

• •Account data: Retained for as long as your account is active. When you delete your account, all associated data is permanently removed from our systems.
• •Enrichment cache: Cached enrichment results are retained for 30 days, after which they are automatically purged.
• •ICP scores: Cached ICP scoring results are retained for 7 days before being automatically refreshed.
• •Extension sessions: Inactive or expired extension sessions are cleaned up daily through automated maintenance.

8. Your Rights

You have the following rights regarding your personal information:

• •Access: You can view your account information, saved contacts, and usage data through the web dashboard and extension at any time
• •Deletion: You can delete your account and all associated data through Settings, then Delete Account in the web dashboard. This action is permanent and cannot be undone.
• •Export: You can request a copy of your personal data by contacting us at hello@shareco.ca
• •Withdraw consent: You may withdraw your consent to data processing at any time by discontinuing use of the Service and deleting your account. You may also uninstall the Chrome extension to immediately stop all extension-related data collection.

9. Cookies

We use a minimal set of cookies to operate the Service:

• •Session cookies: We use secure, HTTP-only session cookies to maintain your authentication state. These are set by our authentication system (better-auth) and are essential for the Service to function.
• •No third-party tracking cookies: We do not use any third-party tracking or analytics cookies.
• •No advertising cookies: We do not serve advertisements and do not use any advertising cookies or tracking pixels.

10. PIPEDA Compliance

As a Canadian corporation, we comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). In accordance with PIPEDA, we:

• •Obtain your consent before collecting, using, or disclosing your personal information
• •Collect only the personal information necessary for the purposes we have identified
• •Use and disclose your personal information only for the purposes for which it was collected
• •Protect your personal information with appropriate security safeguards
• •Provide you with access to your personal information upon request
• •Respond to complaints and inquiries about our data practices

If you are located outside Canada, your information may be transferred to, stored, and processed in Canada. By using the Service, you consent to such transfers.

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@shareco.ca and we will promptly delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify you via email at the address associated with your account. We encourage you to review this policy periodically. Your continued use of the Service after any changes take effect constitutes your acceptance of the revised policy.

13. Contact

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about our data practices, please contact us: