JUCEY Extension — Privacy Practices

Last updated: May 25, 2026

The JUCEY Chrome extension does three things on LinkedIn and X: adds a JUCEY + Watch button to posts, transmits anonymous engagement signals so JUCEY can prioritise its trend scraper, and (only if you explicitly opt in) contributes public post metadata to a shared trend pool.

What we never collect: the body of any post, your private messages, your search history, content from any site outside linkedin.com / x.com, or anything you type into a form. The extension cannot read pages you don’t visit on the supported sites.

1. Anonymous engagement signals (default ON)

When you scroll a LinkedIn or X feed and a post stays visible for at least 0.8 seconds, we record:

The platform (LINKEDIN or TWITTER).
The author’s public handle (e.g. @elonmusk).
Any hashtags visible on the post.
How many milliseconds the post was on screen.
Whether you clicked Like, Repost, or Comment on it.

We use this to point our paid scraper at the creators and hashtags real users actually read — nothing else. We never store the post URL, post body, post id, author display name, or your identity in this dataset. Raw rows are deleted automatically after 7 days; only an anonymised, per-author rollup is kept.

You can turn this off any time in the extension’s Options page (“Share anonymous engagement signals”). When off, no engagement data leaves your browser.

2. Trend pool post metadata (default OFF — opt-in)

If — and only if — you explicitly enable “Contribute post metadata to the JUCEY trend pool” in Options, the extension also pools the following public surface fields of posts you scroll past:

Post URL (e.g. https://x.com/jack/status/1234...).
Author handle and display name as shown on the post.
Hashtags + media types (image / video / poll / article).
Public engagement counts (likes / comments / reposts).
The post’s public timestamp.

We still never store the body of the post, and the pooled record is not tied to your account— we only increment an aggregate “contributors” counter so we know roughly how many JUCEY users have seen each post. Pooled rows expire after 28 days and are deleted by an automated cleanup job.

Toggle this off any time and we immediately stop pooling. Already- pooled rows that refer back to public LinkedIn / X URLs will roll out via the 28-day TTL; you can email dpo@jucey.app to request earlier deletion.

3. Engagement learning (default ON, per-user only — never pooled)

When you like, repost, comment on, or bookmark a post on LinkedIn or X, the extension records the action together with the post body, the author, hashtags, and (for comments) the text you wrote. We feed this into your own voice and interest profile so JUCEY gets better at writing in your voice about the things you actually care about.

Specifically:

Comments you write are the highest-value signal — they’re your actual words on a target platform. Phrases extracted from them are added to your preferredPhrases list with a weighted-decay model (frequent phrases stick, stale ones fade).
Likes / reposts / bookmarks reveal what topics you’re drawn to. Hashtags + keywords from those posts feed your recurringThemes so the prompt knows what subjects to lean into.
Recent engagement snippets (capped to 12, ~300 chars each) are kept in your voiceProfile as on-platform context the AI can cite.

This data is per-user only. Engagement rows are scoped to your account, never pooled, never shared with other JUCEY users, and deleted automatically after 90 days. Account deletion wipes the entire history immediately (cascade).

Toggle off any time via Options → “Learn from posts you like, repost, comment on, or bookmark”. Already-learned signal stays in your voice profile (because you’d notice if the AI suddenly forgot how you write); email dpo@jucey.app for a full reset of preferredPhrases / recurringThemes / engagement rows.

4. LinkedIn session cookie (default OFF — install-time only)

LinkedIn does not expose the per-post impressioncount to anyone except the post author through their own logged-in analytics dashboard. To populate the “Total Reach” and per-post impression numbers on your JUCEY analytics page, the extension reads a small set of LinkedIn session cookies directly from your browser only on linkedin.com:

li_at — LinkedIn auth proof.
JSESSIONID — CSRF token used by LinkedIn’s API.
lidc — load-balancer pin for session stability.
bcookie, bscookie — browser-identity counterparts that LinkedIn checks for fingerprint consistency.

How the cookie is handled: sealed with AES-256-GCM authenticated encryption before it leaves the extension, transmitted over HTTPS to JUCEY’s server, stored encrypted-at-rest on your User row. The plaintext value is never logged, never displayed in any UI, never returned to the client, and never shared with third parties beyond Apify (acting as our processor for the actual LinkedIn API call on your behalf).

The cookie is used solely to authenticate read-only LinkedIn analytics queries that fetch your own post-impression numbers. It is never used to perform actions on LinkedIn, send messages, follow/unfollow, post, or read other users’ data. If LinkedIn rotates the cookie (typically every ~30 days, sometimes earlier), the extension automatically re-captures on your next linkedin.com visit — the user does nothing.

How to opt out at any time:

Settings → LinkedIn session card → Disconnect. The encrypted cookie is immediately deleted server-side and the status flips to REVOKED; subsequent re-capture attempts from the extension are refused until you explicitly Reconnect.
Uninstall the extension — the in-browser cookie watcher stops firing. Existing server-side encrypted copy is deleted via the Disconnect path or by emailing dpo@jucey.app.
Account deletion (Settings → Delete account) hard-deletes the entire User row, including any encrypted cookie copy.

If you decline this feature, your JUCEY analytics page falls back to using “likes received” as a Reach proxy on LinkedIn (which is less accurate but uses no cookie data). X / Twitter is unaffected — X publishes view counts on every public post, so no cookie is ever needed.

5. Saved clips (always explicit)

When you click the orange JUCEY button on a post, the post body, author, and your juiciness rating are sent to your private JUCEY library. This is the only path on which we ever transmit a post body, and it’s always initiated by an explicit click. Saved clips are visible only to you.

6. Diagnostic telemetry (default ON, anonymous)

We record event names like popup_opened and clip_saved with no payload other than the extension version. This is purely so we can detect bugs and crashes. Toggle off in Options if you’d prefer not to share these.

7. Permissions

storage — saves your JUCEY API token + UI settings locally in chrome.storage.local.
scripting — injects the Save / Watch buttons on LinkedIn and X tabs that are already open at install time, and re-runs the silent token mint on the jucey.app tab when the user signs in. Limited to the host_permissions declared below.
alarms — runs two background ticks: an hourly opportunistic refresh of the JUCEY API token, and an hourly cold-start fallback that re-reads the LinkedIn cookie if the user installed the extension after they were already signed into LinkedIn.
contextMenus — right-click → Save to JUCEY / + Watch this author. Menu items appear only on the declared host pages.
cookies — reads the small set of LinkedIn session cookies described in Section 4 above. Used only on linkedin.com domains, only to authenticate the user’s own per-post impressions queries. The cookie is encrypted before it leaves the extension and never reaches any third party other than Apify (sub-processor).
Host permissions: linkedin.com, x.com, twitter.com (legacy redirect to x.com), jucey.app. Nothing else.

8. Your rights

You can revoke the extension’s access at any time (Options → Reset extension data, or remove the extension entirely). For data deletion, account export, or any other GDPR / CCPA request, email dpo@jucey.app.