Catch The Good OnesCatch The Good Ones

Privacy Policy

Last updated: 2026-05-12

Catch The Good Ones ("we", "us", "our") operates the website at www.catchthegoodones.com and the Chrome extensions listed in our Chrome Web Store developer profile. This policy explains what data we collect, why we collect it, how we use it, and the controls available to you.

1. Who this policy applies to

This policy applies to anyone who creates an account on www.catchthegoodones.com, uses our web app, or installs one of our Chrome extensions ("Get Leads from X", "Find LinkedIn from X", or "Find Email from X").

2. What we collect

From the web app

  • Account information: the name and email address you provide at sign-up, or that we receive from Google when you sign in with Google OAuth.
  • Subscription and payment information: we use Stripe to handle subscriptions. Stripe processes your payment card details directly; we never see or store your card number. We receive subscription metadata from Stripe (status, tier, renewal date, customer ID) so we can grant the right access.
  • Authentication tokens: a session cookie issued at sign-in, and optionally one or more named API keys you generate from the dashboard.
  • Tracked-account configuration: the public X handles you choose to track, the saved searches you create, the natural-language descriptions you supply, and any feedback you give on surfaced leads.
  • Discovery data: public profile data we fetch about people who follow or engage with your tracked accounts (handle, display name, bio, follower count, public profile image, public posts). We do not collect private or authentication-gated data about these third parties.
  • Operational logs: standard server logs (timestamp, request path, response status, user ID where authenticated, IP address at sign-up for abuse prevention).

From any of our Chrome extensions

All three extensions ("Get Leads from X", "Find LinkedIn from X", "Find Email from X") share the same data-handling pattern. The differences are noted inline below.

  • Authentication credential: when you sign in to the extension, we mint an API key for your account and the extension stores it in Chrome's local extension storage (chrome.storage.local). This token is used to authenticate API calls back to us.
  • Active tab URL: when you click the extension toolbar icon while on an X profile page, the extension reads the URL of the current tab (via Chrome's activeTab permission) to extract the X handle from the URL path. The extension does not read page content, cookies, page storage, or data from any other tab. URLs are not stored persistently.
  • Per-extension preferences: each extension persists a small amount of UI state in chrome.storage.local so you don't have to repick on every open. Get Leads from X remembers the last tier you picked; Find Email from X remembers your last verification-mode choice (any / verified). No personal data.
  • Account display information: when the popup is open, the extension fetches your name and email from our API to show in the popup footer (so you can confirm which account is signed in). This is retrieved from your own account; it is not collected fresh from a third party.
  • Results we persist (Find LinkedIn from X & Find Email from X): when a lookup succeeds, the resolved contact route (LinkedIn URL or email address) is stored in our database under your team's account so you can see your history in the popup and in the main app. Visible only to your team. You can delete individual rows from the dashboard or delete your account entirely from the Account Info screen.

The Chrome extensions do not collect, transmit, or store: page content, browsing history, keystrokes, mouse position, location, health data, financial data, or any communications.

3. How we use your data

  • To operate the service: surface self-qualified leads, run scheduled syncs, send completion emails, enforce subscription limits.
  • To process payments (via Stripe).
  • To prevent abuse and fraud.
  • To communicate with you about your account (transactional emails, occasional product updates).
  • To improve the service: aggregate, non-identifying usage analytics.

4. Third parties we share data with

We share the minimum data required with the following processors so they can perform their function on our behalf:

  • Stripe - payments
  • Vercel - hosting
  • Supabase - managed PostgreSQL
  • Resend - transactional email
  • OpenAI - powers the natural-language filter mapping; we send the description text you type, never your account data
  • Tawk - in-app support chat (only the messages you send in the chat widget)
  • ScrapeBadger, Apify and similar data providers - public-profile data fetching about tracked-account followers and post likers

We do not sell user data to third parties. We do not transfer user data for purposes unrelated to the service's single purpose. We do not use user data to determine creditworthiness or for lending purposes.

5. Where data is stored

Application data is stored in PostgreSQL hosted by Supabase, with backups managed by Supabase. Encrypted at rest. Access is restricted to the application servers and to a small number of named operators acting under confidentiality.

6. Data retention

We retain account data for the lifetime of your account plus a reasonable wind-down period after account deletion (typically 30 days) to allow for billing reconciliation and abuse investigations. Operational logs are retained for up to 90 days. Discovery data about third parties is retained for as long as the data remains relevant to your active tracked accounts; you can remove an account at any time, which soft-deletes its discovery data.

7. Your rights

  • Access: you can see all your account data in the dashboard.
  • Deletion: you can delete your account at any time from the Account Info screen. This permanently removes your account data per our retention policy.
  • Revoke API access: you can revoke any API key (including the one issued to a Chrome extension) from the API Keys page in the dashboard. This immediately stops the extension from making authenticated calls on your behalf.
  • Uninstall the extension: uninstalling the extension from chrome://extensions removes all extension-local storage from your device.
  • Export: you can export your tracked-account discovery data as CSV from the dashboard.
  • UK / EU users: you have additional rights under UK GDPR / EU GDPR including the right to lodge a complaint with a supervisory authority.

8. Children

Our service is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with data, please contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email to active users. The "Last updated" date at the top of this page always reflects the current version.

10. Contact

Questions? Reach us via the in-app chat (sign in to the dashboard and use the chat bubble), or email us at the address shown on our contact page.

Privacy Policy - Catch The Good Ones | Catch The Good Ones