PRIVACY NOTICE

LOBSTR, located at 14 AV DU GENERAL DE GAULLE 94160 SAINT-MANDE - RCS Créteil 841840499, acting as a data processor as defined by Regulation (EU) 2016/679 (GDPR) and by the amended Law No. 78-17 of 6 January 1978, attaches great importance to the protection of personal data.

This policy (the “Policy”) applies to all websites and services, including the LOBSTR Chrome Extension (together the “Services”) offered by LOBSTR (“We”, “Us”).

1. DEFINITIONS AND DATA COLLECTION

Through this Policy, We wish to inform You of the means used and the purposes pursued for the collection of any information that identifies You (“Personal Data”).

When using our Services, We may collect:

• Identity Data: Name, email address, company.
• Technical Data: IP address, browser type, and operating system.
• Authentication Data (Chrome Extension): Session cookies and authentication headers required to facilitate the connection between your browser and our scraping automation tools.

2. PURPOSES OF PROCESSING

Your Personal Data is processed for the following purposes:

• Management of your access to and use of our Services.
• Execution of automated data extraction (scraping) as requested by the User.
• Sending newsletters and promotional offers (subject to your consent).
• Compliance with our legal and regulatory obligations.

3. SPECIFIC DISCLOSURE FOR CHROME EXTENSION USERS

3.1 Use of Session Cookies

The LOBSTR Chrome Extension accesses session cookies (specifically from platforms like LinkedIn) for the sole purpose of allowing You to synchronize your authenticated account with the LOBSTR cloud platform. This allows our automated agents to perform tasks on your behalf without requiring your plain-text password.

3.2 Google API “Limited Use” Compliance

LOBSTR’s use and transfer of information received from Google APIs to any other app will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements:

• Purpose Limitation: We only use the session data to provide the automation services explicitly triggered by the User.
• No Data Sale: We do not sell, trade, or rent your session cookies or any Personal Data to third parties.
• No Advertising: Your data is never used for serving advertisements, retargeting, or building marketing profiles.
• Human Review Limitation: Our employees do not access your session cookies unless it is strictly necessary for security purposes, to comply with applicable law, or for internal troubleshooting (after your express consent).

4. DATA SECURITY AND TRANSMISSION

All data collected by the LOBSTR Services is transmitted via secure, encrypted HTTPS protocols. We implement strict technical and organizational measures to ensure that session data is handled with the highest level of security.

Authentication tokens and cookies are stored using encryption and are only kept for the duration necessary to execute the automation tasks requested by the User.

5. RECIPIENTS OF YOUR DATA

Your Personal Data is only accessible to:

1. Authorized LOBSTR staff: For technical support and service management.
2. Our technical subcontractors: Who host our servers or provide specialized tools (e.g., cloud infrastructure), provided they offer the same level of protection as required by the GDPR.

6. DATA RETENTION

Personal Data is kept only for as long as necessary for the purposes for which it was collected:

• Account Data: Kept as long as your account is active, plus three years after the last contact.
• Session Data (Cookies): Kept temporarily for the execution of automation tasks and deleted periodically.

7. YOUR RIGHTS

In accordance with Regulations, You have the following rights:

• Right of access, rectification, or erasure of your Personal Data.
• Right to limit or object to the processing.
• Right to data portability.
• Right to withdraw consent at any time.

To exercise these rights, contact Us at: contact@lobstr.io

8. AMENDMENTS

We may update this Policy to comply with legal or technical developments. We recommend checking this page regularly.