This is a starting template. Have a UK solicitor review before going live.
Privacy Policy
Effective date: 30 April 2026
1. Who we are
1.1. SlopScan is operated by SlopScan Ltd, United Kingdom (referred to as "SlopScan", "we", "us", or "our"). We are the data controller for any personal data we process in connection with this service.
1.2. Contact us about privacy: privacy@slopscan.app
1.3. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (UK DPA 2018).
2. What data we collect and where it lives
2.1. Free tier: everything stays on your device. All processing happens locally in your browser. No data is transmitted to our servers. Specifically:
- Profile names and headlines of LinkedIn users whose content you view
- Rolling AI-likelihood scores for those profiles
- Your personal blocklist
These are stored in chrome.storage.local, which is private to you and your browser. We cannot access it. It is cleared when you uninstall the extension or clear your browser storage.
2.2. Premium tier: what changes when you opt in. When you enable the Premium scoring feature, post text is sent to our detector API for higher-accuracy analysis. We process it to return a score and then discard it. Specifically:
- Post text is processed in-memory and is not stored or logged beyond the request.
- Aggregate, non-identifying telemetry (request count, response latency) is logged for billing and reliability purposes. This does not include post content or any data that identifies you or the post author.
2.3. Premium account data. If you subscribe to Premium, we hold:
- Email address
- Stripe customer ID and subscription status
- License key issued to your account
The lawful basis for processing account data is performance of a contract (UK GDPR Article 6(1)(b)). The lawful basis for billing telemetry is our legitimate interest in operating a reliable, billable service (Article 6(1)(f)).
3. What we don't collect
3.1. We do not collect or process:
- Your browsing history outside LinkedIn
- LinkedIn messages or private content not visible to any logged-in member
- Your LinkedIn credentials (we never ask for them)
- Your LinkedIn contact list or connection graph
- Any content that LinkedIn doesn't already make publicly visible to a logged-in user
4. Cookies and local storage
4.1. Extension. The extension uses chrome.storage.local only. It does not set cookies.
4.2. Website (slopscan.app). We use:
- Essential session cookies, required for login and account management. These expire when you close your browser or after a short idle period.
- Stripe checkout cookie, set when you begin a subscription checkout. Stripe uses this to manage the checkout session. See Stripe's privacy policy.
4.3. We do not use advertising cookies, tracking pixels, or analytics cookies.
5. Third-party services
5.1. We share data with the following third parties only to the extent necessary:
| Service | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing and subscription management | Email, billing details, subscription status |
| Detector API provider (Premium) | AI-likelihood scoring | Post text (not retained beyond the request) |
| Transactional email provider (e.g. Postmark) | Sending receipts, license keys, account emails | Email address, email content |
5.2. We do not sell your personal data to any third party.
6. Your rights under UK GDPR
6.1. You have the following rights. To exercise any of them, email privacy@slopscan.app. We will respond within 30 days.
- Access. Request a copy of the personal data we hold about you.
- Rectification. Ask us to correct inaccurate data.
- Erasure. Ask us to delete your data where we no longer have a lawful reason to hold it.
- Portability. Receive your data in a structured, machine-readable format.
- Objection. Object to processing based on legitimate interests.
- Restriction. Ask us to restrict processing while a dispute is resolved.
6.2. Complaints. If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. We would appreciate the chance to address your concern first; please contact us before approaching the ICO.
7. Data retention
7.1. Account data is retained while your subscription is active, and for 12 months after cancellation for tax and accounting purposes. After that, it is deleted.
7.2. On-device data (scores, blocklist) remains in your browser until you clear it or uninstall the extension. We have no ability to delete it on your behalf.
7.3. Post text sent via Premium is not retained. It is processed in-memory and discarded on completion of the request.
8. Children
8.1. SlopScan is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us and we will delete it.
9. International transfers
9.1. Our infrastructure is primarily based in the UK and EEA. Some of our third-party subprocessors (such as Stripe) are based in the United States. Where personal data is transferred outside the UK or EEA to a country without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) (including the UK International Data Transfer Addendum where applicable) to ensure your data receives equivalent protection.
10. Changes to this policy
10.1. We may update this policy from time to time. If we make material changes, we will notify you by email (for Premium subscribers) or by a notice in the extension or on our website at least 14 days before the change takes effect. The effective date at the top of this page will always reflect the latest version.
10.2. Continued use of SlopScan after the effective date constitutes acceptance of the updated policy.