Briefly Extension — Privacy Policy

Last updated: May 14, 2026

      Short version: The extension reads company names from pages you're already viewing. It sends that name to Briefly servers to look up a competitive brief. It stores only your API token locally. We don't track your browsing or sell your data.
    

What the extension reads

The extension injects content scripts into four surfaces: Salesforce Lightning, HubSpot CRM, Gmail, and LinkedIn. On each surface, it reads a single piece of data:

Salesforce: The account or opportunity name from the record header.
HubSpot: The company or deal name from the record header.
Gmail: The sender's email domain (e.g., acme.com from alice@acme.com). Free email providers (gmail.com, yahoo.com, outlook.com, etc.) are excluded — the extension takes no action on those threads.
LinkedIn: The company name from a company page, or the employer listed on a person's profile.

The extension reads only the company name or domain string visible on screen. It does not read message bodies, contact lists, deal values, CRM field data, or any other page content.

What the extension sends to Briefly servers

When a company is detected, the extension sends a single API request to https://briefly-8.polsia.app/api/extension/match containing:

The detected company name or domain string.
Your API token (for authentication — see below).
The surface type (salesforce | hubspot | gmail | linkedin) — used for aggregate analytics only.

The server returns the matching competitive brief if one exists in your account or Briefly's public library. No other data leaves your browser.

What the extension stores locally

The extension stores one item in Chrome's chrome.storage.local:

Your Briefly API token — so you don't have to paste it on every visit. You generate this token from your account settings and can revoke it at any time.

No browsing history, no page content, no company names are persisted locally.

Analytics

When the extension sidebar is opened or a brief is viewed, an anonymous event is logged to /api/extension/event. This event includes:

The event type (sidebar_open, brief_viewed, generate_clicked).
The surface (salesforce | hubspot | gmail | linkedin).
A random install ID generated once on install and stored locally — this is not tied to your identity unless you authenticate.

We use these aggregate counts to understand which surfaces get the most usage. Individual events are not shared with third parties and are not used for advertising.

Permissions explained

storage: Stores your API token locally so you stay authenticated between sessions.
activeTab: Allows the popup to interact with the currently active tab when you click the extension icon.
host_permissions (Salesforce, HubSpot, Gmail, LinkedIn): Required to inject the sidebar content script that reads the company name and displays the brief. The extension is inactive on all other sites.

Data retention

Extension event logs are retained for 90 days for analytics purposes and then deleted. API tokens you revoke are deleted immediately from our servers.

Children's privacy

Briefly is a B2B product intended for use by professionals. We do not knowingly collect information from anyone under 18.

Changes to this policy

We'll update the "Last updated" date above if this policy changes. Material changes will be announced in the extension update notes in the Chrome Web Store.

Questions?
Email us at support@polsia.com. We typically respond within one business day.