SmartHuntBack to home

Privacy Policy

Last updated: April 24, 2026

Who we are

SmartHunt is a self-hosted LinkedIn outreach and networking tool. SmartHunt Connector is the browser extension that links a user's LinkedIn session to their own SmartHunt instance and lets them add likers and commenters of LinkedIn posts to an outreach list in one click.

What the extension accesses

  • LinkedIn session cookies (li_at, optional li_a) — read from linkedin.com only when the user clicks Connect LinkedIn in the extension popup. Sent over HTTPS to the SmartHunt backend the user downloaded the extension from. Used to authenticate the user's LinkedIn account for automation via Unipile. Not stored by the extension.
  • SmartHunt session cookies (sh_csrf) — read from the user's SmartHunt backend origin and echoed back as an X-CSRF-Token header on state-changing API calls.
  • LinkedIn post metadata — when the user clicks + SmartHunt on a post, the extension extracts the post URN and sends it to the user's SmartHunt backend to fetch likers and commenters for the selected outreach list.
  • User preferences — a single toggle (hide + SmartHunt button) stored in chrome.storage.local on the user's device.

What we do not do

  • We do not collect or transmit browsing history.
  • We do not read cookies from any site other than linkedin.com and the user's SmartHunt backend origin.
  • We do not sell, rent, or share user data with third parties.
  • We do not use user data for advertising, profiling, or credit scoring.
  • We do not execute remotely hosted code. All JavaScript is bundled in the extension package.

Where data goes

All data the extension transmits goes only to the SmartHunt backend the user configured at download time (self-hosted). No data is sent to the extension author's servers. LinkedIn session cookies are forwarded from that backend to Unipile, the LinkedIn API provider SmartHunt uses to send invitations and messages on the user's behalf.

Data SmartHunt collects (separate from the extension)

When a user creates a SmartHunt account, the application stores their name, email, hashed password, and any LinkedIn contacts discovered through their configured hunts. This data lives on the user's own SmartHunt instance (self-hosted) and is governed by the deployment operator.

Retention

LinkedIn session cookies are stored on the user's SmartHunt backend for as long as the user keeps their LinkedIn account connected. Users can disconnect at any time from SmartHunt Settings, which deletes the stored credentials. Account data is retained until the user deletes their account.

Security

  • All transport is HTTPS.
  • CSRF protection is enforced on every state-changing API call.
  • SmartHunt session cookies are HttpOnly.
  • Passwords are hashed with bcrypt.

Your rights

Users can access, export, or delete their data from SmartHunt Settings, or by emailing the contact below. Users in the EU, UK, or California have the additional rights granted by GDPR, UK GDPR, and the CCPA respectively.

Changes

We will update the Last updated date above whenever this policy changes materially. Continued use of the extension after an update constitutes acceptance of the revised policy.

Contact

hello@smarthunt.app