← Back to home

Privacy Policy

Last updated: April 5, 2026

Who we are

Outreachbox is a CRM tool built for LinkedIn. It is developed and operated by Rajorshee Biswas, trading as Indievalley, based in India. When this policy says "we", "us", or "Outreachbox", it refers to Rajorshee Biswas / Indievalley.

If you have any questions, reach out at support@outreachbox.co.

What data we collect

We collect two types of data:

  • Account data — your name, email address, and authentication method (email/password or Google OAuth) when you sign up.
  • LinkedIn lead data — when you use the Outreachbox Chrome extension on LinkedIn, it can capture publicly visible information from LinkedIn profiles you choose to save: name, job title, location, company, and profile URL. This data is sent to our servers and stored in your account so you can manage it as part of your pipeline.

We do not scrape LinkedIn automatically or in the background. Data is only captured when you explicitly trigger it from the extension.

Users are responsible for ensuring their use of Outreachbox complies with LinkedIn's own Terms of Service.

How we use your data

  • To provide the core functionality of Outreachbox — your CRM, pipeline, and outreach tools.
  • To authenticate you and keep your account secure.
  • To understand how the product is used so we can improve it (via PostHog analytics).
  • To process payments through Polar. We never see or store your payment card details.

We do not sell your data. We do not use it for advertising. We do not share it with anyone beyond the services required to run Outreachbox (listed below).

Third-party services we use

  • Supabase — our database and authentication provider. All your data is stored and authenticated through Supabase, which uses industry-standard encryption at rest and in transit.
  • PostHog — product analytics. We use this to see which features are used and how users navigate the product. No personally identifiable data is sent unless you are logged in, and even then it is pseudonymous.
  • Polar — handles subscription payments. We receive confirmation of your plan status but never your card details.

Data storage and security

Your account and lead data is stored in Supabase with encryption at rest and in transit. We follow secure development practices and keep dependencies up to date. No system is perfectly secure — if you ever notice anything suspicious, please email us immediately. In the event of a data breach, we will notify affected users within 72 hours of becoming aware.

The Outreachbox Chrome extension uses chrome.storage (Chrome's built-in extension storage API) to persist your session state and local preferences on your device. This data stays on your device and is not transmitted to our servers beyond what is necessary for authentication and sync.

Your rights

You can, at any time:

  • Request a copy of the data we hold about you.
  • Ask us to correct any inaccurate data.
  • Delete your account — when you do, all your data is permanently deleted from our systems.

To exercise any of these, email us at support@outreachbox.co.

Data retention

We retain your data for as long as your account is active. When you delete your account, we delete your data. There is no retention period — it goes when you go.

GDPR — EEA users

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal basis for processing. We process your data on the basis of contract performance (to provide the service you signed up for) and legitimate interests (product analytics to improve the service).
  • Right to erasure. You can request deletion of all personal data we hold about you at any time.
  • Right to portability. You can request an export of your data in a machine-readable format.
  • Right to object. You can object to processing based on legitimate interests at any time.
  • Right to lodge a complaint. You have the right to lodge a complaint with your local data protection authority.

To exercise any GDPR right, email support@outreachbox.co. We will respond within 30 days.

Governing law

This policy and any disputes arising from it are governed by the laws of India, including the Information Technology Act, 2000 and applicable rules thereunder. If you are an EEA user, nothing in this clause affects your statutory rights under GDPR or the laws of your country of residence.

Changes to this policy

If we make meaningful changes to this policy, we will update the date at the top and, for significant changes, notify you by email. Continued use of Outreachbox after changes means you accept the updated policy.