Privacy

Replr does not run a server. Nothing you do leaves your browser unless you ask it to — and even then it only goes to the AI provider you chose, using the API key you provided.

What Replr reads

Only when you click AI Draft on a specific surface:

• The recipient's name, headline, and company (from the visible profile / message header).
• The last 5 messages of the conversation you're replying to (visible in the DOM).
• For post comments: the visible text of the post you're commenting on.
• The tone / length / preset / custom note you selected in the popover.

That data is assembled into a single LLM request that goes directly from your browser to the API you configured (Anthropic, OpenAI, or Google). Replr does not sit between you and them.

What Replr never reads or sends

• Your LinkedIn connection list.
• Other LinkedIn conversations you're not actively replying to.
• Your LinkedIn search history, profile views, or notifications.
• Any browsing data outside LinkedIn (the content script is scoped to *.linkedin.com).
• Any analytics, telemetry, or "anonymous usage stats" from inside the extension.

(The replr.in marketing website is a separate concern — see the "Website analytics" note further down.)

Where data lives

• Settings (provider choice, default tone, surface toggles, custom prompts) → chrome.storage.local. Stays on your device. Never synced.
• API key → chrome.storage.local, same as above. Never transmitted to any server we operate, because we don't operate one.
• Recent drafts (last 5, capped) and stats → chrome.storage.local. Shown only in the toolbar popup. Computed locally. Each entry stores the recipient's first name, preset name, timestamp, and the first 140 characters of the draft preview. To clear, use Reset all settings in the options page.

Storage security (be honest about it)

chrome.storage.local is isolated per extension — no other extension on your Chrome can read Replr's storage. However, Chrome does not encrypt this storage at rest. Any process running as your user on this machine (including macOS backups, malware, or another macOS user with admin rights) can read the LevelDB files in your Chrome profile and recover the API key. This is true of every BYOK extension. Protect your device the same way you'd protect a password manager.

The key never leaves the service worker process except to make the request to your chosen provider over TLS. It is never written to logs, error messages, browser history, or URL bars.

Third parties

Drafting calls go to one of these endpoints depending on the provider you picked:

• https://api.anthropic.com/v1/messages
• https://api.openai.com/v1/chat/completions
• https://generativelanguage.googleapis.com/v1beta/models/...

Or, in "Use my tab" mode, Replr opens a new tab in:

• chat.openai.com, claude.ai, or gemini.google.com

with the conversation as a ?q= URL parameter. A small Replr content script running on that domain watches the chatbot's response stream until it finishes, then reads the visible reply text from the page DOM and forwards it to the LinkedIn-side popover via the extension's service worker. The chatbot tab auto-closes ~2 seconds after a successful read.

Because the prompt is encoded as a URL parameter, the recipient's name and the snippet of conversation it contains will appear in your browser's history for the chatbot site. If that's not acceptable, use Path A (direct API key) instead.

Replr's proxy script only reads the assistant's most recent reply on that chatbot page. It does not read your other chatbot conversations, sidebar history, or account settings.

ToS positioning

Replr is a writing assistant, not an automation tool. The extension:

• Never simulates clicks on LinkedIn's Send button.
• Never schedules messages or fires them in the background.
• Never sets message text via LinkedIn's network API — only via DOM events, the same way a human keyboard would.
• Never reads connection lists or scrapes profiles in bulk.

This keeps your account in the same legal category as a spell-checker — clearly permitted.

Website analytics

This website (replr.in) uses Google Analytics 4 to count page views and figure out which sections people read. We never see your name, email, or any identifier — only aggregate visit counts and high-level metrics like which country a visit came from. IP addresses are anonymized by Google before they reach our reports.

To put it bluntly: the website measures whether the landing page is working as a landing page. The extension measures nothing. They are two different products, and only the website has analytics.

If you'd rather not be counted, use a browser-level Do Not Track setting, an ad blocker, or browse this site in a private window — Google Analytics is blocked by all of those by default.

Contact

If you find a privacy issue, please email hello@replr.in.