SourceLens logo

Privacy Policy

SourceLens Chrome Extension

1. Introduction

The SourceLens Chrome extension helps recruiters export LinkedIn profiles to the SourceLens platform for AI-driven employer context analysis.

This privacy policy explains what data we collect, how we use it, and what rights you have. We take your privacy seriously and operate fully in accordance with the General Data Protection Regulation (GDPR).

Who are we?

  • Company name: Highrank BV trading as Brand New Sales
  • Product: SourceLens.ai
  • Contact: arthur@sourcelens.ai
  • Website: www.sourcelens.ai

2. What data do we collect?

2.1 LinkedIn Profile URLs

The extension exclusively collects the URLs of LinkedIn profiles that you manually export.

What we collect:

  • LinkedIn profile URLs (for example: linkedin.com/in/person-name)
  • No name, job title, work experience or other profile data
  • Only the URL that refers to the profile

Why only URLs?

LinkedIn's terms of service prohibit scraping profile data. Our extension fully respects this. We only export the URL as a reference. All profile data is later retrieved by our platform through official methods.

2.2 User Preferences

We store locally in your browser:

  • Export notification preferences (on/off)
  • Last used export settings
  • Chrome extension version number

This data stays entirely on your device and is not sent to our servers.

2.3 Technical Data

When exporting to SourceLens, we send:

  • Number of exported URLs
  • Export timestamp
  • Extension version number
  • Browser type (Chrome/Edge/etc.)

We use this data only for:

  • Counting export limits (per subscription)
  • Detecting technical issues
  • Improving the extension

2.4 What we do NOT collect

The extension never collects:

  • Personal data about you as a user (name, email, etc.)
  • Profile data of LinkedIn candidates
  • Your browsing history
  • Your location or IP address
  • Financial or medical data
  • Cookies or tracking data
  • Data from websites other than linkedin.com

3. How do we use this data?

3.1 LinkedIn URLs

The exported URLs are:

  1. Sent to your SourceLens account via our secure API
  2. Processed by our AI platform for employer context analysis
  3. Stored in your SourceLens account (under your control)

You decide:

  • Which profiles you export
  • When you export
  • How many profiles you export

3.2 User Preferences

We use locally stored preferences to:

  • Make the extension work the way you want
  • Show notifications (if you enable them)
  • Remember your settings between browser sessions

This data stays on your device.

3.3 Technical Data

We use technical metadata for:

  • Tracking your subscription limit (number of exports per month)
  • Identifying and resolving bugs
  • Improving extension functionality
  • Displaying relevant error messages

4. Storage and Security

4.1 Where do we store data?

Locally (on your device):

  • User preferences
  • Extension settings
  • Temporary export status

On our servers:

  • Exported LinkedIn URLs (linked to your SourceLens account)
  • Technical metadata (export counts, timestamps)

Server location:

  • Europe (GDPR-compliant)
  • Hosting: Vercel (US, but with EU data residency)

4.2 How do we secure data?

Transport:

  • All communication between the extension and SourceLens is via HTTPS (SSL/TLS encryption)
  • No data over unsecured connections

Storage:

  • LinkedIn URLs are stored in secure databases
  • Access only for authorised personnel
  • Regular security audits

Access:

  • Your SourceLens account is protected by a password
  • No third party has access to your exported data

4.3 How long do we retain data?

LinkedIn URLs:

  • Retained as long as you have an active SourceLens account
  • Automatically deleted 30 days after account cancellation

Technical metadata:

  • Retained for 12 months (for support and bug-fixing)
  • Automatically anonymised thereafter

Local data:

  • Stays on your device until you remove the extension
  • Removing the extension = local data deleted

5. Sharing with Third Parties

5.1 Do we share data with others?

No. We do not sell, rent or share your data with third parties for marketing or commercial purposes.

5.2 Service Providers (data processing agreement)

We use external services for technical infrastructure:

ServicePurposeData sharedLocation
VercelHosting platformLinkedIn URLs, metadataUS (EU residency)
DeepSeek AIEmployer context analysisLinkedIn URLs (for looking up company data)China*
Anthropic ClaudeMatch score calculationAnonymous profile dataUS

*DeepSeek AI only receives company names/employers (no personal candidate data). This happens in the SourceLens application, not in the Chrome extension.

Data processing agreements:
All service providers have GDPR-compliant data processing agreements with security guarantees.

5.3 Legal Obligation

We only share data if:

  • Legally required (court order)
  • Necessary for legal protection
  • Necessary for the protection of users

In such cases, we only share the minimum required.

6. Your Rights (GDPR)

As a user in the European Union, you have the following rights:

6.1 Right of Access

You can request what data we have stored about you.

How: Send an email to arthur@sourcelens.ai
Response time: Within 30 days you will receive an overview of all stored data.

6.2 Right to Rectification

You can request that incorrect data be corrected.

How: In your SourceLens account you can delete or edit searches.

6.3 Right to Erasure ("Right to be forgotten")

You can request that all your data be deleted.

How:

  • Email arthur@sourcelens.ai with your request
  • Or cancel your SourceLens account (data will be deleted within 30 days)

6.4 Right to Data Portability

You can request your data in a machine-readable format.

How: Via CSV export in your SourceLens account (Professional tier) or via email request.

6.5 Right to Object

You can object to certain forms of data processing.

How: Email arthur@sourcelens.ai with your objection.

6.6 Right to Restriction

You can request a temporary restriction of data processing.

How: Email arthur@sourcelens.ai with your request.

6.7 Filing a Complaint

You can file a complaint with the Dutch Data Protection Authority:

  • Website: autoriteitpersoonsgegevens.nl
  • Phone: (+31) 70 888 8500
  • Address: Postbus 93374, 2509 AJ The Hague, The Netherlands

7. Cookies and Tracking

7.1 Does the extension use cookies?

No. The SourceLens Chrome extension does not use cookies, tracking pixels, or analytics tools.

7.2 Tracking by the SourceLens platform

When you log in to sourcelens.ai (the web application, not the extension), we use:

Functional cookies:

  • Login session (necessary for authentication)
  • Language preference (if you change it)

Analytics cookies (optional):

  • Plausible Analytics (privacy-friendly, no IP addresses, no cross-site tracking)
  • You can decline this via the cookie banner

The Chrome extension itself does not use any of these cookies.

8. Security and Incidents

8.1 What do we do in case of a data breach?

If a data breach occurs that threatens your rights and freedoms:

  1. Within 72 hours: Notification to the Dutch Data Protection Authority
  2. Within 7 days: Direct notification to affected users via email
  3. Within 14 days: Publication of an incident report on sourcelens.ai

8.2 How do you report a security issue?

Have you discovered a security problem?

  • Email: arthur@sourcelens.ai (mention "SECURITY" in the subject line)
  • Response time: Within 48 hours
  • Responsible disclosure: We ask you to wait 90 days before publication

9. Children and Privacy

The SourceLens Chrome extension is intended for professional recruiters.

Age limit: 16 years (GDPR minimum age for consent)

We do not knowingly collect data from individuals under 16 years of age. If you notice that a minor is using the extension, please contact us at arthur@sourcelens.ai.

10. International Data Transfers

10.1 Data outside the EU

Some data is processed by services in the United States:

  • Vercel (hosting) - EU data residency enabled
  • Anthropic Claude (AI) - Standard Contractual Clauses (SCCs)

Safeguards:

  • GDPR-compliant data processing agreements
  • Standard Contractual Clauses (SCCs) as per the EU Commission
  • EU-US Data Privacy Framework compliance

10.2 China (DeepSeek AI)

DeepSeek AI (China) only receives:

  • Company names of employers (no personal candidate data)
  • Public company information (industry, size, etc.)

No candidate names, contact details or personal data are sent to DeepSeek.

11. Changes to this Policy

11.1 When do we update this policy?

We may update this privacy policy when:

  • New extension functionality is added
  • Changes in legislation (GDPR, ePrivacy)
  • Feedback from users or authorities

11.2 How will you receive updates?

For material changes:

  • Email to all users
  • Notification via the extension
  • Update on sourcelens.ai/privacy

For minor adjustments:

  • Update on the website (date at the top will be updated)
  • No direct notification

11.3 Version History

VersionDateChange
1.031 January 2026Initial version at extension launch

12. Contact and Questions

12.1 Questions about your privacy?

Email: arthur@sourcelens.ai
Subject: Privacy Policy question
Response time: Within 5 working days

12.2 Requests (access, deletion, etc.)

Email: arthur@sourcelens.ai
Subject: GDPR request [type of request]
Response time: Within 30 days (legal deadline)

Required information:

  • Your name
  • Your SourceLens account email
  • Type of request (access/deletion/rectification/etc.)
  • Any additional explanation

12.3 Data Protection Officer

At this stage (pre-revenue startup) we do not have a separate DPO (Data Protection Officer). All privacy queries are handled by:

Arthur Balabrega
Founder SourceLens / Highrank BV
arthur@sourcelens.ai

When we grow to 250+ employees or large-scale processing of special categories of personal data, we will appoint a separate DPO.

13. Company Details

Trade name: SourceLens.ai
Legal entity: Highrank BV trading as Brand New Sales
Website: www.sourcelens.ai
Contact: arthur@sourcelens.ai

Data controller:
Highrank BV
The Netherlands

Summary (TL;DR)

What do we collect?

  • Only LinkedIn profile URLs that you export
  • Technical data (number of exports, timestamp)
  • No personal data about you or candidates

What do we do with it?

  • Send URLs to your SourceLens account for AI analysis
  • Technical data for limits and bug-fixing

Do we share data?

  • No, we sell nothing
  • Only with technical services (hosting, AI) under GDPR agreements

Your rights:

  • Access, deletion, rectification, objection
  • Contact arthur@sourcelens.ai

Security:

  • HTTPS encryption
  • EU data residency where possible
  • Password-protected account

Last updated: 31 January 2026
Next review: 31 July 2026

This privacy policy has been drawn up in accordance with the General Data Protection Regulation (GDPR) and the ePrivacy Directive. For legal advice, please consult a specialised lawyer.