Kbot LinkedIn Connect — Privacy Policy

Last updated: 2026-06-06

Kbot LinkedIn Connect is a Chrome extension that helps Kbot customers connect their LinkedIn session to their Kbot dashboard so Kbot can perform outreach actions on the customer's behalf. This page explains exactly what data the extension touches, where it goes, and what it does not do.

What the extension collects

When — and only when — you click Connect via Extension on your Kbot dashboard, the extension reads two cookies from your linkedin.com browser session:

• li_at — your LinkedIn session token.
• JSESSIONID — your LinkedIn session anti-CSRF token.

These are the same cookies your own browser already has from being logged in. The extension does not read any other LinkedIn data, does not scrape pages, and does not interact with LinkedIn outside of cookie access.

Where the data goes

The two cookie values are sent over HTTPS to the Kbot dashboard origin that initiated the connection (for example, https://kasercorp.com/api/integrations/linkedin or your own tenant's hostname). That origin is determined by the calling tab — the page cannot trick the extension into sending the data to a different server.

No data is sent to Anthropic, Google, Microsoft, LinkedIn, or any other third party.

What is stored locally

The extension does not persist the cookie values to its own storage. The values pass through memory, get POSTed once, and are discarded. Your Kbot server encrypts the values at rest before writing them to the database (see the KBOT_ENCRYPTION_KEY secret in your tenant's deploy config).

Permissions used and why

• cookies — read li_at and JSESSIONID from linkedin.com. Required for the core function.
• tabs — open linkedin.com/login in a new tab if you are not signed in.
• storage — remember which Kbot tenant origin initiated the connect, so the result can be sent back to the right page. No cookie data is stored here.
• scripting — inject a tiny marker into Kbot dashboard pages so the dashboard knows the extension is installed and can show the "Connect via Extension" button instead of "Install Connector".
• host_permissions for *.linkedin.com and your Kbot tenant origins — required so the cookie read and the POST can cross the relevant origins.

What the extension does not do

• No telemetry. No analytics SDKs. No third-party tracking.
• No background activity. The service worker only wakes when you click Connect.
• No data sent to Anthropic, Kbot, Inc., or any party other than the Kbot tenant origin you yourself opened.
• No logging in the extension. Console output is for development only and contains no cookie values.

Single-purpose statement

The single purpose of this extension is to capture an authenticated LinkedIn browser session and forward it to the user's own Kbot dashboard over HTTPS. The extension performs no other function.

Removing access

You can disconnect at any time from your Kbot dashboard's Integrations page — this clears the encrypted cookie copy on the Kbot server. You can also remove the extension itself from chrome://extensions; future LinkedIn connect flows will then fall back to the manual cookie-paste form in the dashboard.

Contact

Questions about this policy: support@kbot.kasercorp.com.