Influenbase Privacy Policy
Last updated: 6 November 2025
Effective date: 6 November 2025
IMPORTANT
This policy applies to:
• Distribution and operation of our Chrome extension (“the Extension”)
in the Chrome Web Store;
• Gmail-API-related features integrated in the Extension (e.g.,
sending emails on your behalf, draft sync).
By installing, enabling, or otherwise using the Extension you confirm
that you have read and agree to all terms below. If you do not agree,
uninstall and disable the Extension immediately.
Information We Collect
1. Chrome-Extension scenario
• Product data: you may paste product links or manually enter
product names/descriptions for creator search.
• Creator filters: country/region, follower range, engagement rate,
GMV, etc., used by the matching algorithm.
Email credentials:
• – Non-Gmail: account username and password (or SMTP auth code);
– Gmail: only an OAuth2 access token; passwords are never
stored (see “Gmail-API scenario”).
• TikTok DM content: the Extension reads the latest incoming message
text only after you turn on “Auto-reply”, solely to trigger
keyword-based replies.
2. Gmail-API scenario (triggered only after you actively link Gmail)
• OAuth scopes: gmail.readonly, gmail.modify, gmail.compose,
gmail.labels.
• Data types: message metadata (from, to, subject, timestamp,
labels), body/attachments (fetched temporarily only when you open a
message), your Google account email address, public nickname and
avatar.
• Data-minimisation: the Extension never requests Google-service
data unrelated to the above (e.g., Contacts, Calendar, Drive,
Location).
How We Use Information
1. Core Extension functions
• Generate creator shortlists based on products and filters;
• AI-generated pitch copy (calls third-party LLM APIs with
de-identified content);
• Send emails or TikTok DMs on your behalf and trigger auto-replies
under your keyword rules;
• Store GMV, engagement rate, etc. in anonymised form to improve
matching algorithms.
2. Gmail-API-only functions
• Display your Gmail inbox in the built-in “Mail view”;
• Save drafts or one-click-send messages according to your campaign
tasks;
• Auto-label or archive messages per your rules for easier tracking.
We commit to:
• Never use Gmail data to train general-purpose AI or for ad
targeting;
• Never analyse or store message content beyond Extension
functionality.
Data Storage & Retention
| Data category |
Storage location |
Encryption |
Retention |
Expiry action |
| Product/creator keywords |
Local IndexedDB |
AES-256 |
During session, max 30 days |
Auto-deleted |
| Non-Gmail credentials |
Local Chrome Storage |
AES-256 + OS keystore |
Until you delete or uninstall |
Wiped instantly |
| Gmail access token |
Local Chrome Storage |
AES-256 + OS keystore |
Until you revoke |
Auto-cleared |
| Email metadata |
Local encrypted cache |
AES-256-GCM |
30 days |
Auto-deleted |
| Email body/attachments |
Stream-only, not written to disk by default; if “offline
reading” on, local encrypted cache
|
AES-256-GCM |
7 days |
Auto-deleted |
| TikTok DM content |
In-memory variable |
n/a |
Destroyed when session ends |
Instant destruction |
Note: any cloud backup contains only encrypted binary blobs; keys are
held by the cloud provider’s KMS—we cannot technically read plaintext.
Sharing, Transfer & Public Disclosure
• The Extension never sells, shares or provides personal data to any
third party.
• AI-copy API calls are de-identified (product brands, emails, URLs
replaced); vendors cannot identify you.
• If data must be transferred due to merger, acquisition or asset
sale, we will notify you in advance and obtain explicit consent again.
• We may disclose data without prior consent when required by law,
litigation, arbitration or competent authorities, but will strictly
follow statutory procedures.
Security Measures
• Transmission: all network requests use TLS 1.3 + certificate
pinning.
• Storage: local data encrypted with OS-level keystores (iOS Keychain
/ Android Keystore / Windows DPAPI / macOS Keychain).
• Access control: internal ops follow “least privilege + MFA + VPN
bastion host”.
• Auditing: database & backend audit logs kept ≥12 months; third-party
penetration test at least annually.
• Incident response: notify regulators and affected users within 72 h
and provide mitigation.
Your Rights & How to Withdraw
1. Access & correction
Settings page offers “View saved data”; you may edit or correct at
any time.
2. Deletion & account closure
• Tap “Clear all local data” to erase cache instantly.
• Uninstalling the Extension triggers Chrome Storage
wipe—irrecoverable.
• Email privacy@yourcompany.com; we complete deletion and confirm
within 24 h.
3. Revoking Gmail authorisation (three equivalent ways)
a) Extension → “Account Management – Revoke Gmail auth”;
b) Google Account permissions page
(https://myaccount.google.com/permissions) remove [Product Name];
c) Email request (see above).
4. Complaints
If you believe we violate Chrome Web Store or Gmail API User Data
Policy, contact:
• Us: privacy@yourcompany.com
• Google: Chrome Web Store report or Gmail API complaint channel
• Your local data-protection authority.
Children’s Information
The Extension is not directed to children under 13. If you are a
child, use it only with guardian guidance. If we discover data of a
child under 13, we will delete it upon notice.
Policy Changes
We may update this policy when features expand, regulations change, or
Google policies update. Material changes will be notified via
in-extension pop-ups or prominent notices, and we will re-request
explicit consent for Gmail-API data access. The updated policy takes
effect when published; continued use constitutes acceptance.
Contact Us
Chengdu Pinbao Technology Co., Ltd.
Email: privacy@yourcompany.com
Support: +86-199 3455 4154 (09:30-18:00 weekdays)
Appendix – Google Required Disclosures
• The Extension’s use of the Gmail API is subject to Google’s Gmail
API Services User Data Policy.
• We request only the minimal OAuth scopes necessary for stated
features.
• We do not sell, rent or otherwise provide Gmail data to third
parties for ads, general AI training or user profiling.
• You may revoke authorisation at any time via Google Account settings
or the in-extension button; we will delete all Gmail data copies
within 24 h.