Version 1.0 · Last updated: 2026-05-11
Mainder Sourcer — Chrome Extension Privacy Notice
This notice describes the personal data processed by the Mainder Sourcer browser extension for Google Chrome. It complements the Mainder Privacy Policy.
Scope
This notice applies exclusively to the Mainder Sourcer extension distributed via the Chrome Web Store. For the general processing of personal data by Mainder, see the Privacy Policy.
Data controller
Genius for People S.L. ("Mainder"), NIF B44879849, registered office at C/ Badajoz 32, 08005 Barcelona, Spain. Contact: privacy@mainder.ai.
Data the extension accesses
The extension only accesses the data strictly necessary to operate the LinkedIn account connection flow that the user initiates explicitly.
LinkedIn session cookies
When the user clicks the "Connect LinkedIn" button, the extension reads two LinkedIn session cookies on linkedin.com: li_at and li_a. These cookies represent the user's active LinkedIn session.
Browser User-Agent
The extension reads the User-Agent string from an open LinkedIn tab. This value is required by the LinkedIn session protocol to keep the session valid on the server side.
No other data is collected
The extension does not access browsing history, form contents, passwords, files, location, contacts, microphone, camera, or any data outside the explicit connection flow.
Purpose
The extension is used solely to facilitate the integration between the user's LinkedIn session and the Mainder platform, so that the user can manage their own professional communication and sourcing workflow inside Mainder without switching tabs. The user initiates this connection explicitly, and all actions performed through the integration are carried out on the user's behalf, under the user's responsibility, and through their own LinkedIn account.
What the user can do through the integration
Once the user has explicitly connected their LinkedIn account, they can use Mainder to assist their own LinkedIn workflow:
- Read and reply to their professional messages within Mainder, without leaving the platform.
- Send professional outreach to candidates and accept inbound professional contacts from within Mainder.
- Use sourcing tools that act on the user's professional network with the user's authorisation.
These actions are limited to what the user could do manually through LinkedIn's own interface, executed on the user's behalf at the user's request.
Professional account integrator
The technical integration with the user's LinkedIn session is delivered by Unipile SAS, a subprocessor located in France (EU) that operates as a professional account integration provider. Unipile is listed in the Mainder Subprocessor Register and processes data under a Data Processing Agreement bound by Art. 28 GDPR.
Permissions
cookies
Required to read the two LinkedIn session cookies above when the user initiates the connection. Requested only at that moment, not at install time.
tabs
Used to (1) read the User-Agent string from an open LinkedIn tab, (2) open the LinkedIn login or Recruiter page if the user is not authenticated, guiding them through sign-in, and (3) broadcast a UI refresh message to active tabs after a successful connection so the extension reflects the current state.
Host permission for linkedin.com
Required to access LinkedIn-scoped cookies. No other domain is accessed.
Important notice on the user's LinkedIn account
The user should be aware of the following before connecting their account:
- Use of any LinkedIn account through third-party tooling is subject to the LinkedIn User Agreement and Professional Community Policies applicable to that user. It is the user's responsibility to ensure their own use of LinkedIn complies with those terms.
- LinkedIn may, at its sole discretion, apply restrictions to any account whose pattern of use it considers atypical, regardless of the tool used. Such restrictions are imposed by LinkedIn on the user's account, not on Mainder.
- Mainder configures the integration with conservative usage patterns and prudent daily limits designed to keep the user's activity within reasonable professional ranges, but residual risk cannot be eliminated and remains with the user's LinkedIn account.
- The user may disconnect the integration at any time from within Mainder; doing so immediately ends the underlying integrator session and stops any further activity through the user's account.
How data is transmitted
Cookie values and User-Agent are transmitted over HTTPS (TLS 1.2+) to the Mainder backend configured by the user's organization. No third party receives this data.
Storage and retention
The extension does not store cookie values locally, does not log them, and does not share them with third parties. Once transmitted to the Mainder backend, cookie values are stored encrypted and used only to maintain the LinkedIn integration. Retention follows the Mainder Privacy Policy.
Third parties
The extension itself does not communicate with any third party other than the Mainder backend. The Mainder Privacy Policy lists the subprocessors that may process data downstream on the platform side.
User controls
Revoke connection
The user can disconnect the LinkedIn integration at any time from inside the Mainder platform (Settings → Integrations → LinkedIn → Disconnect). Disconnection deletes the stored credentials and stops all related sourcing actions.
Uninstall the extension
Removing the extension from Chrome stops all data access immediately. To delete data already transmitted to the Mainder backend, exercise your rights under GDPR (see below).
Your rights (GDPR Arts. 15-22)
You can request access, rectification, erasure, restriction, portability and objection regarding personal data processed by Mainder. See the full Data Subject Rights guide for the procedure and request template, or write to privacy@mainder.ai. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD, www.aepd.es).
International transfers
Mainder's primary servers are located in the European Economic Area. Where downstream subprocessors process data outside the EEA, Mainder relies on Standard Contractual Clauses (Commission Decision 2021/914) and supplementary technical and organisational measures. Details in the Privacy Policy.
Changes to this notice
Material changes to this notice will be reflected in the version and last updated date above. Significant changes that affect user privacy will be communicated through the Mainder platform.
Contact
Questions, complaints or rights requests: privacy@mainder.ai.