SCube builds Chrome extensions that connect LinkedIn, Gmail, and Salesforce to streamline sales and development workflows. This policy covers all three published extensions:
We do not sell, rent, lease, or otherwise share your personal data with any third party for marketing or advertising purposes.
What this extension does: Reads publicly visible data from LinkedIn profile pages, company pages, search results, posts, and events, then saves that data as records (Leads, Contacts, Accounts) in the CRM you connect.
Data accessed on LinkedIn:
| Data field | Source | Sent to SCube? | Stored where? |
|---|---|---|---|
| Full name, headline, title, company | LinkedIn profile DOM | Never | Your CRM only |
| Location, industry, profile photo URL | LinkedIn profile DOM | Never | Your CRM only |
| Connection count, LinkedIn profile URL | LinkedIn profile DOM | Never | Your CRM only |
| Company size, founding year, specialties | LinkedIn company DOM | Never | Your CRM only |
| Post reaction profiles (bulk mode) | LinkedIn feed DOM | Never | Your CRM only |
Chrome permissions used and why:
| Permission | Why it's needed |
|---|---|
| activeTab | Read the currently open LinkedIn page to extract profile/company data |
| scripting | Inject content scripts on LinkedIn pages to read the DOM |
| storage | Store your CRM connection settings, OAuth tokens, field mappings, lead scoring rules, and bulk queue โ locally in your browser only |
| identity | Launch OAuth 2.0 authentication flow for Salesforce, HubSpot, Zoho, Dynamics 365, and Pipedrive |
| alarms | Schedule periodic token refresh to keep CRM connections alive without user action |
| optional: <all_urls> | Only requested if you enable enrichment via Hunter.io, Apollo.io, or Clearbit for email lookup; not requested by default |
Host permissions (network access):
| Domain | Purpose |
|---|---|
| linkedin.com | Read profile, company, search, and post pages |
| *.salesforce.com, *.force.com | Create/update Leads, Contacts, Accounts, Campaigns in Salesforce |
| api.hubapi.com, api.hubspot.com | Create/update Contacts and Companies in HubSpot (if connected) |
| *.zohoapis.com (all regions) | Create/update Leads, Contacts, Accounts in Zoho CRM (if connected) |
| login.microsoftonline.com, *.dynamics.com | OAuth and record creation for Microsoft Dynamics 365 (if connected) |
| api.pipedrive.com | Create Persons and Organizations in Pipedrive (if connected) |
| api.hunter.io | Email enrichment via Hunter.io โ only called when you click "Enrich" and have configured a Hunter API key |
| api.apollo.io | Email enrichment via Apollo.io โ only called when you click "Enrich" and have configured an Apollo API key |
| prospecting.clearbit.com | Email enrichment via Clearbit โ only called when you click "Enrich" and have configured a Clearbit API key |
What this extension does: Embeds a developer and admin toolkit directly into your Salesforce org UI โ SOQL editor, permission analyser, metadata explorer, code coverage viewer, REST API tester, org switcher, and debug log viewer. All data remains within your own Salesforce org.
Chrome permissions used and why:
| Permission | Why it's needed |
|---|---|
| activeTab | Interact with the currently active Salesforce org tab |
| storage | Save your connected org list, SOQL query history, saved queries, and user preferences locally in your browser |
| cookies | Read the Salesforce session cookie (sid) from the active org tab to make authenticated REST API calls on your behalf โ the cookie is never sent outside the Salesforce domain |
| scripting | Inject overlay UI (SOQL editor, field metadata overlays, permission audit panel, component locator, etc.) into Salesforce pages |
| contextMenus | Add right-click context menu shortcuts for quick SOQL runs and record lookups inside Salesforce pages |
Host permissions:
| Domain | Purpose |
|---|---|
| *.salesforce.com | All Salesforce Lightning and Classic org pages (login, setup, app) |
| *.force.com | Salesforce custom domains (my.salesforce.com / community / Experience Cloud) |
| *.cloudforce.com | Salesforce infrastructure domains used by some orgs |
| *.visualforce.com | Visualforce page domains used in Salesforce Classic and embedded components |
Data accessed:
| Data | Sent to SCube? | Stored where? |
|---|---|---|
| Salesforce session token (sid cookie) | Never | Browser memory only (not persisted) |
| SOQL query results (records, fields) | Never | Displayed in-page, not stored |
| Metadata (objects, fields, permissions) | Never | Cached locally for performance |
| Saved SOQL queries & org list | Never | chrome.storage.local (your device) |
| Code coverage data, debug logs | Never | Read from SF, displayed in-page only |
sid session cookie solely to make REST API calls to your own Salesforce org. The token is held in browser memory for the duration of your session and is never transmitted to any external server, logged, or persisted to disk.What this extension does: Injects a sidebar into Gmail that lets you log email threads as Salesforce Tasks, match senders to Leads/Contacts, summarise threads using AI, inline-edit Salesforce records, schedule emails with Send Later, and auto-log outgoing messages.
Chrome permissions used and why:
| Permission | Why it's needed |
|---|---|
| storage | Store your Salesforce OAuth tokens, API keys (Consumer Key/Secret), AI provider API keys, settings (auto-log, smart-mute rules, send-later queue) โ all locally in your browser only |
| identity | Launch Salesforce OAuth 2.0 authentication flow via chrome.identity.launchWebAuthFlow |
| tabs | Detect active Gmail tab to coordinate content script messaging; open linked Salesforce records in a new tab |
| alarms | Power the Send Later feature โ fire a scheduled alarm at the time you chose, then reopen and send the saved draft |
| notifications | Show a brief desktop notification after a successful auto-log or when a Send Later draft fires |
Host permissions:
| Domain | Purpose |
|---|---|
| mail.google.com | Inject the SyncForce sidebar and "Log to Salesforce" button into Gmail threads; read sender email addresses, subject lines, and body text of threads you choose to log |
| *.salesforce.com, *.force.com | Query Leads/Contacts by email, create Tasks, post Chatter messages, upload file attachments to ContentDocument, and inline-edit records |
| api.anthropic.com | AI thread summarisation using Claude โ only called if you provide your own Anthropic API key; your email thread text is sent to Anthropic per their Privacy Policy |
| api.openai.com | AI thread summarisation using OpenAI โ only called if you provide your own OpenAI API key; your email thread text is sent to OpenAI per their Privacy Policy |
| generativelanguage.googleapis.com | AI thread summarisation using Google Gemini โ only called if you provide your own Google AI API key |
Email data accessed:
| Data | When accessed | Sent to SCube? | Sent where? |
|---|---|---|---|
| Sender & recipient email addresses | When you open a thread with the sidebar | Never | Salesforce only (to match records) |
| Email subject line | When logging a thread | Never | Salesforce Task Subject field |
| Email body text | Only when AI Summary is triggered or when logging Comments | Never | Salesforce Task Comments / AI provider (BYOK) |
| File attachments | Only if you click "Attach to Salesforce" | Never | Salesforce ContentDocument |
chrome.storage.local on your local device. They are never transmitted to SCube or any server other than the respective authentication endpoints.SCube does not sell, trade, or rent your personal information to third parties. The only data flows that occur are those you explicitly configure:
We do not use analytics SDKs, advertising networks, or telemetry of any kind inside our extensions.
All settings, tokens, API keys, and cached data are stored in chrome.storage.local on your local device. This data is:
We do not control data you have saved to your CRM. For deletion of records saved to Salesforce, HubSpot, Zoho, Dynamics 365, or Pipedrive, please manage those records within your CRM platform.
All extensions use OAuth 2.0 for CRM authentication โ your CRM password is never seen or stored by the extension. Access tokens are stored locally and transmitted only over HTTPS to the respective CRM APIs. All three extensions are built on Chrome Manifest V3, which enforces stricter security policies including no remote code execution.
If you discover a security vulnerability in any SCube extension, please disclose it responsibly by emailing scubedevelopmentteam@gmail.com.
Our extensions are designed for use by business professionals in sales, administration, and software development roles. They are not directed at or intended for use by children under the age of 13. We do not knowingly collect any information from children.
We may update this Privacy Policy when we release new extension versions or add new features. When we make material changes, we will update the "Last updated" date at the top of this page. The current version is always available at this URL.
Continued use of the extensions after changes are posted constitutes your acceptance of the updated policy.
If you have any questions about this Privacy Policy, want to request deletion of data, or wish to report a concern, please contact us:
We typically respond within 2 business days.
โ๏ธ scubedevelopmentteam@gmail.com