Kadar Candidate Collector Privacy Policy
Last updated February 26, 2026
Extension behavior
The extension:
- Runs only on linkedin.com
- Is activated manually by the user
- Does not run background scraping
- Does not crawl multiple profiles automatically
- Process only currently opened profle page
Data extraction happens only after explicit user action (button click).
Data sources
Data is collected exclusively from:
- The currently active LinkedIn profile page (linkedin.com/in/...)
- Publicly visible DOM content
No data is collected from:
- Private messages
- Logged-in session tokens
- Cookies
- Browser history
- Other tabs or websites
Data fields extracted
Depending on implementation, the extension may extract:
- Full name
- Skills
- Education
- Experience
- Public profile URL
- Other publicly visible proffesional metadata
Extraction is DOM-based and limited to visible content
Data flow
Step 1 - Collection (Client-Side)
- DOM parsing inside active tab
- Data temporarily stored in sessionStorage
- Data structured into JSON object
Step 2 - Transmission
- Data sent to backend API via HTTPS
- Authenticated request (Bearer token)
Step 3 - Backend Processing
- Data validated
- Stored in database
- Associated with authenticated user
Storage details
Data is:
- Stored in backend database
- Linked to tenant/account
- Persisted until explicitly deleted or retention policy triggers removal
No data is stored:
- In local browser storage long-term
- Outside backend infrastructure
Permissions used
Active tab
Used to:
- Access DOM of currently active LinkedIn tab
- Extract visible profile data after user action
Host permission: https://www.linkedin.com/*
Used to:
- Allow extension execution only on LinkedIn
- Enable DOM access on profile pages
No wildcard permissions for urelated domains
Security controls
- HTTPS for all API communication
- Backend authentication required
- Tenant isolation enforced
- No third-party analytics enabled in extension
- No data shared with advertisers
Data retention
Data is retained
- Until explicitly deleted
- Or according to backend retention configuration
No automatic scraping archive.
No shadow storage.
What does the extension does not do
- No background scraping
- No automated crawling
- No mass profile harvesting
- No selling of data
- No cross-site tracking
- No cookie extraction
- No reading of authentication tokes