Legal
Privacy Policy
Effective May 19, 2026
1. Who we are
Aletheia is a Chrome extension and web service that helps people draft LinkedIn connection notes, networking emails, follow-ups, and role-fit replies. Aletheia is operated by Nagarjun Mallesh, an individual sole developer based in Boston, Massachusetts, United States. We are not a registered corporation. Aletheia is not affiliated with, endorsed by, or sponsored by LinkedIn Corporation.
Questions or requests: hello@aletheia.live.
2. What we collect
We collect only what we need to operate the service:
- Selected profile context from the page you choose to reference — such as name, headline, location, about section, experience, recent posts, skills, and profile URL. This is used only when you request a draft.
- Resume and opportunity context you provide in Aletheia. Used to ground drafts in your real background.
- Generated drafts, plus accept/reject feedback you give. Used to improve future drafts for your account.
- Account email you sign up with, plus auth tokens issued by our identity provider (Supabase Auth).
- Operational telemetry — request count, error traces, latency. No message body or profile content in error logs.
We do not collect: payment card numbers (no paid tier yet), LinkedIn passwords, LinkedIn cookies belonging to third parties, or messages from people other than you.
3. Where data is stored
Your data is stored across these processors. Each link is the processor’s own privacy notice:
- Supabase — Postgres database and auth. Stores your account, generated message history, accept/reject feedback. supabase.com/privacy
- Anthropic (Claude API) — runs the AI model that writes your messages. We send only the data needed to generate the requested message. We configure zero data retention where available. anthropic.com/privacy
- Vercel — hosts the web app and API. Receives request metadata (IP, user agent) for routing and abuse prevention. vercel.com/legal/privacy-policy
- Sentry — server-side error tracking. Receives stack traces and error context. Configured to scrub message bodies and personal data. sentry.io/privacy
We do not sell, rent, or share your data with advertisers. We do not use your message content to train any third-party AI model beyond the single request that generates your message.
4. Cookies and local storage
The web app sets only the cookies required for sign-in (Supabase session cookies). No advertising or cross-site tracking cookies.
The Chrome extension uses chrome.storage.local to remember your sign-in token, extension preferences, and accepted-message history on your own device. Your uploaded resumes are stored in your Aletheia account rather than in Chrome local storage.
5. Your rights
You can, at any time:
- Access the data we hold about you — email hello@aletheia.live and we will send an export.
- Delete your account and all associated data — email hello@aletheia.live with the subject “Delete my account”. We process deletion within 30 days.
- Correct inaccurate data in your account.
- Withdraw consent by uninstalling the extension and deleting your account.
- Lodge a complaint with your local data protection authority if you believe we have mishandled your data.
If you are an EU/UK/Swiss resident, your rights under GDPR / UK GDPR apply. Our legal basis for processing is your consent (when you install and sign in) and our legitimate interest in operating the service.
6. Data retention
We retain your account data while your account is active. After account deletion, identifiable data is removed within 30 days. Anonymous aggregated metrics (e.g. total messages generated per day) may be retained for product analytics.
Server logs containing IP addresses are kept for up to 30 days for abuse and security investigations, then deleted.
7. Children
Aletheia is intended for adults. Do not use the service if you are under 18. We do not knowingly collect data from children. If you believe a child has signed up, email hello@aletheia.live and we will remove the account.
8. Security
We use HTTPS everywhere, row-level security on the database, scoped service tokens, and least-privilege access. No system is perfectly secure. If you discover a vulnerability, email hello@aletheia.live with the subject “Security” and we will respond within 7 days.
9. International transfers
Our processors (Supabase, Anthropic, Vercel, Sentry) operate in the United States and other regions. By using Aletheia you consent to transfer of your data to those jurisdictions for the purposes described above.
10. Changes to this policy
We may update this policy. If we make material changes we will update the effective date at the top and, where possible, notify you by email or in-app banner before the change takes effect.
11. Contact
Questions, deletion requests, complaints: hello@aletheia.live. We reply within 7 business days.