PostDeck

Quick summary (non-legal)

The PostDeck extension imports content from your LinkedIn “Saved posts” page only when you click Import. By default, imported data stays on your device in Chrome storage. If you sign in and enable Pro sync, PostDeck stores synced data in Supabase so it can be available on your other devices. Billing is handled by Stripe.

Scope

This policy covers:

The PostDeck Chrome extension (“Extension”)
The PostDeck marketing website (“Website”)

Data the Extension processes

When you use Import, the Extension reads the LinkedIn Saved Posts page you are viewing to extract information needed to provide the product.

Depending on what LinkedIn displays, this may include:

Post text/content
Post URL and LinkedIn activity identifiers
Author name, profile URL, and (if available) author avatar URL
Basic engagement counts (e.g., reactions, comments) when visible
Media/attachment URLs (images, documents, articles) when visible
Your organization metadata in PostDeck: labels, folders, read/unread, archive state
Import timestamps and basic settings (e.g., last import time)

Where Extension data is stored

Extension data is stored locally in your browser using Chrome’s extension storage (typically chrome.storage.local).

If you choose Pro sync, PostDeck stores synced extension data in our Supabase database under your authenticated account so data can be accessed across devices.

Authentication and billing

Pro sync uses Google sign-in via Supabase Auth. Subscription and one-time payments are processed by Stripe Checkout. We do not receive or store your full payment card numbers.

Data sharing

We do not sell your data. We use service providers strictly to operate the product: Supabase (auth + synced data) and Stripe (billing). We do not share your imported LinkedIn saved posts with advertisers.

Extension permissions

The Extension requests permissions to function:

activeTab / scripting: to run the importer on the LinkedIn tab when you trigger an import.
storage: to store imported posts, labels, folders, and settings on your device.
identity: to sign in with Google via OAuth when you choose account-based Pro sync.
host permission for https://www.linkedin.com/*: limited to LinkedIn pages.
host permission for https://hnpsvrejirpuxayooivo.supabase.co/*: used for authentication, entitlement checks, and cloud sync.

Website analytics

The Website may use privacy-friendly analytics to understand traffic and improve the site. This analytics data (if enabled) is separate from Extension data and does not include your imported LinkedIn saved posts.

Data retention

Extension data remains in your browser until you delete it. You can remove Extension data by clearing the extension’s storage (via Chrome’s extension settings) or by uninstalling the Extension.

If Pro sync is enabled, synced data remains in Supabase until you delete it or request account/data deletion through support.

Security

We apply local-first storage, access controls (RLS in Supabase), signed webhook validation for Stripe events, and least-privilege extension permissions. No method of storage is 100% secure, but we continuously reduce exposure and review permissions.

Children’s privacy

PostDeck is not intended for use by children and we do not knowingly collect personal information from children.

Changes to this policy

We may update this policy from time to time. We will update the “Last updated” date at the top of this page.

How Extension data is used

Your locally stored data is used only to provide functionality such as search, labels, folders, archive, and export. If you enable Pro sync, synced data is used only to deliver cross-device access and entitlement-based features.

Contact

Questions? Contact us at hai.retail.online@gmail.com.

Privacy Policy