Privacy Policy for Honeypot
Effective Date: November 3rd, 2025
1. Introduction
Welcome to [Your App Name] ("we," "us," "our"). Your privacy is of the utmost importance to us. This Privacy Policy outlines how we collect, use, disclose, secure, and otherwise process your personal data when you use our application and our associated Chrome Extension (collectively, the "Service").
This policy is designed to comply with the EU's General Data Protection Regulation (GDPR).
Data Controller: For the purposes of the GDPR, the data controller is: Hagen Hoferichter, operating as Honeypot.to Reuterstr. 1, 12053 Berlin, Germany hagen@honeypot.to
2. Information We Collect
To provide our Service, we collect several types of information.
A. Information Collected via our Chrome Extension (with your explicit permission):
- LinkedIn Authentication Cookie: Our Chrome Extension reads your active LinkedIn authentication cookie from your browser. This cookie is then transmitted to our secure servers and stored in an encrypted format. This is essential for our Service to perform automated actions on your behalf on the LinkedIn platform.
- Browser Fingerprint Data: To ensure our automated actions appear as natural user behavior and to enhance security, we collect a "browser fingerprint." This includes technical, non-personally identifiable information such as your User-Agent string, screen resolution, installed fonts, browser plugins, and language settings. We do not collect your IP address as part of this fingerprint.
B. Information You Provide to Us:
- Account and Authentication Information: When you register for our Service, we collect your email address and a hashed password. This process is managed by our third-party authentication provider, Clerk. You may also sign up using your Google account, in which case we receive your name and email address from Google.
- Payment Information: To process subscriptions, we use Stripe, a third-party payment processor. When you subscribe, you provide payment information (like credit card details) directly to Stripe. We do not store your full credit card number on our servers. We may only store a reference token and the last four digits of your card for verification purposes.
C. Information Processed from LinkedIn on Your Behalf:
- To act as your intelligent agent and carry out the tasks you define, our Service interacts with the LinkedIn platform on your behalf. This involves processing information that you would otherwise access manually, such as posts within your feed and the public profiles of users who have engaged with that content. This processing is done solely to identify potential contacts and perform the actions you have authorized.
- Analytics Data: We use Google Analytics to collect data about how you interact with our Service (e.g., features used, session duration). This helps us understand user behavior, improve the user experience, and optimize our Service.
3. How We Use Your Information (Purpose and Legal Basis for Processing)
Our use of your personal data is strictly for the purposes of providing and improving the Service you have requested.
-
To Provide the Core Service (Legal Basis: Art. 6(1)(b) GDPR - Performance of a Contract):
- Automating Sales Prospecting as Your Copilot: The primary purpose of our Service is to act as your copilot, automating the prospecting and outreach tasks typically performed by a Sales Development Representative (SDR). We use your stored LinkedIn cookie and browser fingerprint to perform the following tasks on your behalf and under your direction:
- Analyze your LinkedIn feed to identify relevant posts based on your criteria.
- Identify the profiles of individuals who have engaged with these posts.
- Pre-qualify these profiles to identify high-intent prospects (Ideal Customer Profiles) based on your specifications.
- Automatically send connection requests and personalized initial messages to these prospects.
- Account Management & Payments: We use your account and payment information to manage your subscription, process payments, and provide customer support.
- Automating Sales Prospecting as Your Copilot: The primary purpose of our Service is to act as your copilot, automating the prospecting and outreach tasks typically performed by a Sales Development Representative (SDR). We use your stored LinkedIn cookie and browser fingerprint to perform the following tasks on your behalf and under your direction:
-
To Improve Our Service (Legal Basis: Art. 6(1)(f) GDPR - Legitimate Interests):
- We analyze usage and analytics data to identify bugs, understand feature popularity, and develop new functionalities that serve our users' needs.
-
To Ensure Security (Legal Basis: Art. 6(1)(f) GDPR - Legitimate Interests):
- We use browser fingerprint data and monitor activity to prevent fraud, secure your account, and ensure the integrity of our platform.
4. Data Sharing and Third-Party Sub-processors
We do not sell your personal data. To provide our Service, we share data with trusted third-party service providers (sub-processors) who are contractually obligated to protect your data.
- Hosting and Infrastructure:
- Vercel: Hosts our front-end application.
- Google Cloud: Provides backend infrastructure and AI/ML models for data processing and analysis.
- Modal: Used for scalable, on-demand computational tasks.
- Database:
- Neon: A cloud-based database provider where we securely store application data, including your encrypted LinkedIn cookie.
- Authentication:
- Clerk: Manages user sign-up, login, and session management, including "Sign in with Google."
- Payment Processing:
- Stripe: Securely handles all payment processing for subscriptions.
- Analytics:
- Google Analytics: Provides insights into how our Service is used.
International Data Transfers: Many of our sub-processors (including Google, Vercel, Clerk, Neon, Modal, and Stripe) are based in the United States. The transfer of your personal data to the US is secured through appropriate legal mechanisms, such as the EU-U.S. Data Privacy Framework and/or the European Commission's Standard Contractual Clauses (SCCs), which ensure your data is protected to a standard equivalent to that of the GDPR.
5. Data Security
We implement robust technical and organizational security measures to protect your personal data.
- Encryption: Your data, including the highly sensitive LinkedIn authentication cookie, is encrypted both in transit (using TLS/SSL) and at rest in our database.
- Access Control: Access to personal data is strictly limited to authorized personnel who require it to perform their job functions.
- Third-Party Security: We select our sub-processors based on their commitment to security and data protection.
Despite these measures, no method of transmission over the Internet or method of electronic storage is 100% secure.
6. Data Retention
We retain your personal data only for as long as necessary to provide you with our Service and as required by law. If you delete your account, we will take steps to delete your personal data from our active systems within a reasonable timeframe, subject to any legal obligations to retain certain information (e.g., for financial records).
7. Your Rights Under GDPR
As a resident of the European Economic Area (EEA), you have the right to:
- Access, rectify, or erase your personal data.
- Restrict or object to the processing of your data.
- Data portability (receive your data in a structured, machine-readable format).
- Withdraw consent at any time, where consent is the legal basis for processing.
- Lodge a complaint with a supervisory authority.
To exercise these rights, please contact us at hagen@honeypot.to.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Effective Date." We recommend you review this policy periodically.
9. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us:
- By email: hagen@honeypot.to
- By mail: Hagen Hoferichter, Reuterstr. 1, 12053 Berlin