Last updated: 26 March 2026
Mosaico Limited (“we”, “us”, “our”) operates the Mosaico LinkedIn Bridge Chrome extension (the “Extension”). This policy describes what data the Extension accesses, how it is used, and how it is protected.
The Extension connects your Mosaico CRM account to LinkedIn. It polls the Mosaico server for pending tasks — such as company lookups, people searches, connection syncing, and messaging — and executes them through your authenticated LinkedIn browser session.
LinkedIn Data
When you are logged into LinkedIn and have active tasks in Mosaico, the Extension reads the following through LinkedIn's browser APIs:
- Your LinkedIn profile URN (a unique identifier for your account)
- Profile information of other LinkedIn members as returned by LinkedIn's Voyager API during task execution (names, headlines, profile pictures, connection status)
This data is retrieved using your existing LinkedIn session — the Extension does not ask for or store your LinkedIn password.
Mosaico Authentication
The Extension reads your AWS Cognito authentication cookie from mosaico.one domains to obtain a JSON Web Token (JWT). This token is used solely to authenticate requests to the Mosaico CRM server. The cookie is read, not modified or created.
Locally Stored Data
The Extension stores a small amount of operational data in Chrome's local storage:
- Your cached LinkedIn profile URN
- Daily API call metrics (request counts, success and error rates)
- Development mode preferences (used only during internal testing)
No browsing history, keystrokes, mouse movements, or location data is collected.
All data accessed by the Extension is used exclusively to execute CRM tasks that you initiate through the Mosaico platform. Specifically:
- LinkedIn profile data is sent to your Mosaico CRM account to fulfil task results (e.g. populating a company database or syncing connections).
- Your Cognito JWT authenticates you with the Mosaico server so that tasks are tied to your account.
- API metrics are stored locally on your device to help diagnose rate-limiting and errors. They are not transmitted externally.
We do not sell, rent, or transfer your data to third parties. Data flows only between your LinkedIn browser session and your own Mosaico CRM account.
We do not use or transfer user data for purposes unrelated to the Extension's single purpose of connecting Mosaico CRM to LinkedIn.
We do not use or transfer user data to determine creditworthiness or for lending purposes.
- Locally stored data (profile URN, API metrics) remains on your device until you uninstall the Extension or clear Chrome's extension storage.
- Task results sent to Mosaico are retained according to the Mosaico CRM data retention policies applicable to your account.
- All network communication uses HTTPS.
- Authentication tokens are obtained from secure, httpOnly cookies and are never exposed to web pages.
- The Extension does not execute remote code — all scripts are bundled within the extension package.
| Permission | Why it is needed |
|---|---|
| alarms | Keeps the background service worker alive so it can poll for tasks |
| cookies | Reads your Mosaico authentication cookie to verify your identity |
| scripting | Injects a small script into LinkedIn tabs to read your profile URN |
| storage | Caches your profile URN and daily API metrics locally |
| tabs | Finds open LinkedIn tabs to communicate with the content script |
| Host: linkedin.com | Calls LinkedIn's API to execute CRM tasks on your behalf |
| Host: mosaico.one | Communicates with the Mosaico CRM server |
- Uninstall the Extension at any time to stop all data access and delete locally stored data.
- Disable the Extension from Chrome's extensions page to pause it without losing stored data.
- You can clear the Extension's local storage from Chrome's settings under Extensions > Mosaico LinkedIn Bridge > Details > Clear data.
The Extension is not directed at children under 13 and we do not knowingly collect data from children.
The Extension automates actions within your LinkedIn browser session. LinkedIn's User Agreement prohibits the use of automated tools. By using the Extension, you acknowledge that your LinkedIn account may be subject to restrictions or suspension at LinkedIn's discretion. Mosaico is not responsible for any action taken by LinkedIn against your account. You use the Extension at your own risk.
If we make material changes, we will update the “Last updated” date at the top of this page. Continued use of the Extension after changes constitutes acceptance of the updated policy.
If you have questions about this policy, contact us at hello@mosaico.one.
