Overview

CritPost ("we", "us", or "our") operates the CritPost Chrome Extension and web application at app.critpost.com. This privacy policy explains how we collect, use, and protect your information.

Information We Collect

1. Content You Submit

When you use our Chrome Extension to analyze LinkedIn posts, we collect:

• Post text content
• Post metadata (author name, timestamp, engagement metrics, URL)
• Topic and industry categories (if specified)
• Whether the submission is marked public or private

2. Authentication Information

We use Clerk (a third-party authentication service) to manage user accounts. Clerk collects:

• Email address
• Authentication session data
• Account creation and login timestamps

See Clerk's Privacy Policy for details.

3. Usage Data

We automatically collect:

• API token usage (input/output tokens for AI processing)
• Estimated costs per analysis
• Submission timestamps and status
• Error logs (anonymized)

4. Technical Data

• Browser type and version
• Extension version
• IP address (logged temporarily in server logs)

How We Use Your Information

AI-Powered Analysis

Your submitted content is processed by third-party AI services to provide feedback:

• Anthropic Claude - Primary AI analysis provider
• OpenAI GPT - Secondary/fallback AI provider

When you submit content for analysis, we send:

• Your post text
• Context (topic, industry)
• Metadata (author, timestamp - optional)

We DO NOT send:

• Your email address or user ID to AI providers
• Your authentication credentials

Service Improvement

We use aggregated, anonymized data to:

• Improve analysis quality
• Monitor system performance
• Calculate usage costs

Account Management

We use your authentication data to:

• Verify your identity
• Manage your submissions
• Track your usage quota

Data Sharing & Third Parties

Third-Party Services We Use:

We DO NOT:

• Sell your data to third parties
• Use your content for training AI models (subject to third-party AI providers' policies)
• Share your private submissions publicly without your consent
• Share your email or personal information with AI providers

Data Retention

Active Submissions

• Analyzed content is stored indefinitely for your reference
• You can view and delete individual submissions via the web app

Deleted Submissions

• When you delete a submission, it is permanently removed from our database
• Deletion is immediate and irreversible

Account Deletion

• If you delete your account, all your submissions are permanently deleted
• Deletion occurs within 30 days
• Some aggregated, anonymized analytics may be retained

Your Privacy Rights

Access Your Data

• View all your submissions via the CritPost web app
• Export your data in JSON format (coming soon)

Delete Your Data

• Delete individual submissions via the web app
• Request full account deletion by contacting privacy@critpost.com
• GDPR Right to Erasure applies (EU residents)

Control Data Sharing

• All submissions are private by default (only visible to you)
• Optionally mark submissions as "public" to share with the community
• Change privacy settings at any time via the web app

Opt-Out

• You can stop using the service at any time
• Uninstall the Chrome Extension to stop data collection
• Request data deletion to remove stored content

Data Security

We implement industry-standard security measures:

• HTTPS encryption for all data transmission
• Secure authentication via Clerk (OAuth, JWT)
• Cookie-based sessions with HTTPOnly and Secure flags
• Rate limiting to prevent abuse
• Access controls (you can only access your own data)
• PostgreSQL database with role-based access control

Note: No system is 100% secure. We cannot guarantee absolute security.

Children's Privacy

CritPost is not intended for users under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact privacy@critpost.com.

International Data Transfers

Your data may be transferred to and processed in countries outside your residence. By using CritPost, you consent to these transfers. We ensure adequate safeguards are in place (e.g., Standard Contractual Clauses).

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted at this URL. Continued use after changes constitutes acceptance.

California Privacy Rights (CCPA)

If you are a California resident, you have:

• Right to know what data we collect
• Right to request deletion
• Right to opt-out of sale (note: we do NOT sell data)

Contact privacy@critpost.com to exercise these rights.

EU Privacy Rights (GDPR)

If you are an EU resident, you have:

• Right to access your data
• Right to rectification (correct inaccurate data)
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

Contact privacy@critpost.com to exercise these rights.

Chrome Extension-Specific Information

LinkedIn Extension (Live)

Our LinkedIn extension is currently available in the Chrome Web Store.

Permissions Used:

• activeTab - To read LinkedIn posts when you click "Analyze"
• storage - To cache authentication state locally
• host_permissions (LinkedIn) - To inject content extraction script

X (Twitter) Extension (Coming Soon)

Our X extension is currently in development. When released, it will require similar permissions:

• activeTab - To read tweets/posts when you click "Analyze"
• storage - To cache authentication state locally
• host_permissions (X/Twitter) - To inject content extraction script

Data Storage:

• Authentication session stored in Chrome local storage
• No content stored locally after submission
• All analyzed content stored on CritPost servers

Third-Party Requests:

• API calls to app.critpost.com (our servers)
• Clerk authentication (via cookies)
• No direct calls to AI providers from extension

Contact Us

For privacy-related questions or requests: