Flocurve
Flocurve

Privacy Policy

Last updated: March 3, 2026

1. Introduction

Flocurve (“we”, “us”, “our”) provides an AI-powered LinkedIn outreach platform, including a web application and a Chrome browser extension. This Privacy Policy explains what data we collect, why we collect it, and how we protect it.

By using our services you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

2.1 Account information

When you sign up we collect your name, email address, and an encrypted password (or an OAuth token if you sign in with Google). We also store your company name and website URL if you provide them during onboarding.

2.2 LinkedIn session data

To automate outreach on your behalf, we need access to your LinkedIn session. Depending on the method you choose, we store:

  • Session cookie (li_at) — a token that authenticates you with LinkedIn. This is read by our Chrome extension or entered manually.
  • User agent string — the browser identifier used when the session was created, so our requests match your browser fingerprint.
  • LinkedIn credentials (optional) — if you enable auto-reconnect, we store your LinkedIn email, an encrypted password, and TOTP secret key to refresh expired sessions automatically.

2.3 Chrome extension data

The Flocurve — LinkedIn Connector Chrome extension reads your li_at cookie from linkedin.com and your browser's user agent string. This data is transmitted only to Flocurve servers over HTTPS and is never shared with any other party. The extension does not track your browsing history, inject ads, or collect any data beyond what is described here.

2.4 Lead and campaign data

We store the leads your agents discover (name, title, company, LinkedIn URL, email if enriched), campaign configurations, message templates, and outreach analytics (sends, replies, meetings).

2.5 Usage and analytics

We collect standard usage data such as pages visited, features used, and error logs to improve the product. We do not use third-party tracking scripts or advertising cookies.

2.6 Payment information

Payments are processed by Stripe. We never see or store your full credit card number. Stripe may collect information in accordance with their own Privacy Policy.

3. How We Use Your Data

  • Provide the service — authenticate with LinkedIn, run outreach campaigns, enrich leads, and deliver analytics.
  • Improve the product — understand usage patterns, fix bugs, and develop new features.
  • Communicate with you — send transactional emails (account verification, billing receipts) and occasional product updates. You can unsubscribe from non-essential emails at any time.
  • Ensure security — detect fraud, prevent abuse, and protect the integrity of our platform.

4. Third-Party Services

We share data with the following services only as needed:

  • Supabase — authentication and database hosting.
  • Stripe — payment processing and subscription management.
  • PhantomBuster — executing LinkedIn automation actions (profile visits, connection requests, messages) using your session cookie.
  • OpenAI — generating ICP profiles, outreach messages, and lead scoring. We send anonymised lead context (job title, company, industry) but never your LinkedIn credentials.
  • HubSpot / Pipedrive (optional) — if you connect a CRM integration, lead data is pushed to your own CRM account.
  • Slack (optional) — if you connect Slack, we send notifications to your chosen channel.

We do not sell, rent, or trade your personal data to any third party.

5. Data Security

All data is transmitted over HTTPS/TLS. LinkedIn session cookies and credentials are stored in encrypted database columns. We follow industry-standard practices for access control, logging, and incident response.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we remove all personal data within 30 days, except where retention is required by law (e.g. billing records).

LinkedIn session cookies are automatically replaced when they expire and are deleted when you disconnect your LinkedIn account.

7. Your Rights

Depending on your jurisdiction (including under GDPR and CCPA), you have the right to:

  • Access — request a copy of all data we hold about you.
  • Rectification — correct inaccurate data.
  • Deletion — request that we delete your account and all associated data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to certain types of processing.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at privacy@flocurve.com.

8. Cookies

Our web application uses essential cookies only — authentication session cookies set by Supabase. We do not use advertising or analytics cookies.

9. Children's Privacy

Flocurve is a B2B service and is not directed at individuals under the age of 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a prominent notice in the application. The “Last updated” date at the top reflects the most recent revision.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us at privacy@flocurve.com.