Permanently remove your profile, your team memberships, and every outreach you've logged. Teams where you are the only admin will be deleted in full. This cannot be undone.
Loading…
Two steps on a desktop browser and you're set up.
It does not work on Firefox, Safari, or any mobile browser — those use different extension systems. If you want it on Firefox or Safari, let us know and we'll consider adding it.
Open the Chrome Web Store listing and click "Add to Chrome" (the button reads "Add to Edge", "Add to Brave", etc. depending on which browser you're using — same flow). Confirm permissions when prompted.
Tip: pin the extension to your toolbar by clicking the puzzle-piece icon next to the address bar and toggling the pin on the Orwell's bad dream entry. Makes step 2 easier to find.
Open Chrome Web StoreClick the Orwell's bad dream icon in your browser's toolbar, sign in with the same account you use here, then visit any LinkedIn profile (linkedin.com/in/<name>) to start tracking.
Effective Date: April 29, 2026
Orwell's bad dream is the data controller responsible for your personal data under this policy. You can reach the data controller at martinvfalck@gmail.com.
Orwell's bad dream ("the App", "we", "our") is a collaboration tool for small teams. It lets you and your teammates keep a shared record of LinkedIn outreach — who you contacted, when, notes, and contact emails — and surfaces that shared record when any of you visits that person's LinkedIn profile. Optionally, you can connect your own HubSpot, Luma, and Google Sheets accounts so matching data from those systems appears on the profile as well.
The App processes two kinds of personal data under two different legal bases:
3.1 — Your own data, as a user of the App. When you sign up, connect an integration, or use the App's features, processing is carried out to perform the contract between you and us (Article 6(1)(b)) and — for each optional integration — on the basis of your explicit consent granted at the moment you connect it (Article 6(1)(a)). You can withdraw that consent at any time by disconnecting the integration, leaving the team, or deleting your account (see Section 8).
3.2 — Data about people who are not users of the App. The App's core function is to let a team keep a shared record of professional outreach. That record necessarily contains personal data about the people being contacted (public LinkedIn profile identifier, display name, any email a teammate types in or that arrives via a connected integration, any notes teammates write, and a timestamped log of when any team member opened that person's LinkedIn profile page). These data subjects have not signed up themselves and cannot give prior consent. We rely on legitimate interests (Article 6(1)(f)) to process this data — specifically, the legitimate interest of the App's users and their teams in coordinating legitimate professional outreach (recruiting, sales, partnerships, fundraising) and avoiding duplicate or conflicting contact. We have carried out the balancing test required by Article 6(1)(f); the summary is in the Legitimate-Interests Assessment at the end of this policy. People whose data we hold under this basis have the right to object to the processing (Article 21) and the right to erasure (Article 17). See the Notice for people whose data we hold.
3.3 — Feature-specific transparency for users. Because the App's core feature is team-visible outreach and profile-visit tracking, every user must actively accept these terms before the App stores any outreach or profile-visit data. This means: when you use the Chrome extension on a LinkedIn profile page, the App writes a row to your team's shared database recording that you visited that profile, along with the profile's public identifier, its display name, and the time. Your teammates can see these rows for the whole team. This is by design and is the core reason the App exists. If you are not comfortable with this, do not sign up.
Account data. When you sign in via LinkedIn OpenID Connect we receive your name, email address, and LinkedIn profile identifier. When you sign in with email and password, we store that email and a hashed password (via our authentication provider, Supabase). You may optionally upload a profile avatar.
Content you create. Notes you write on profiles, emails you add for a profile, outreach entries (profile identifier, outreach type, date, who logged it), and teams you create or join.
Integration credentials. Stored encrypted in Supabase Vault and visible to the App only through server-side functions scoped to your team:
drive.file scope, which only grants access to the specific file you pick. You re-authenticate on each sync.Data synced via integrations. Only information already visible inside the connected account. Specifically: HubSpot contacts and deal-stage labels; Luma events and attendee lists (from the API or from CSV exports you upload); rows from the single Google Sheets tab you pick, plus the headers and an optional custom icon you upload for the connector.
We do not read, store, or access your LinkedIn messages, your connections list, your newsfeed, or any LinkedIn content beyond the public profile identifier of people you manually log.
Diagnostic data. When the App's website or extension throws an unhandled exception in your browser, we capture the error message, JavaScript stack trace, the page URL where it happened, and your browser user-agent string, and store them so we can debug. The capture is tied to your account so we can find it; it is not used for analytics, profiling, or anything other than debugging. You can delete this data at any time along with the rest of your account (Section 8). No diagnostic data is captured before you sign in.
Your data is used only to (a) authenticate you and maintain your session, (b) show outreach history, notes, emails, and integration data to you and your teammates on matching LinkedIn profiles and in the team dashboard, and (c) enable you to export, edit, or delete your data. We do not use your data for advertising, profiling, automated decision-making, model training, or any purpose other than the features described.
We do not sell, rent, or share your personal data with third parties. Data is processed on our behalf by Supabase (database, storage, and authentication) on their EU-region infrastructure. Data you bring in via an integration is fetched directly from the third-party service (HubSpot, Luma, Google) to your browser, and then stored in our database on the same EU infrastructure. We disclose data only where strictly required by law.
6.1 — Data stays inside the team that already had it. The whole point of the App is to surface what your team already knows, not to widen that circle. Every record in the App — outreaches, notes, emails, profile visits, and every row synced from a connected HubSpot, Luma, or Google Sheets account — is scoped to a single team and visible only to members of that team. Row-level-security policies in our database enforce this, not just application code. If you connect your company's HubSpot to a team, the contacts from that HubSpot stay inside that team: we do not copy them to any other team, we do not build a cross-team contact graph, and we do not expose a contact's data to any user who was not already a member of the team you brought it into. If you or a teammate joins a second team, the records from the first team do not follow; each team's database is walled off from the others.
6.2 — You only see what the team already has on the person. When the extension lights up on a LinkedIn profile, everything it shows you — the outreach history, the notes, the HubSpot contact card, the Luma check-ins, the Google Sheets row — was already in your team's own records before you opened that profile. The App does not enrich profiles with data bought from brokers, scraped from elsewhere on LinkedIn, or fetched from any other team's database. If there is nothing in your team's records for that person, the extension stays empty.
6.3 — You must accept this scope before the App stores anything about anyone. By creating an account and accepting the consent gate that appears on first sign-in, you agree not to use the App to expose records to anyone who is not already a member of the team those records belong to. You agree not to copy data between unrelated teams, not to invite strangers into a team solely to leak its records to them, and not to use the App to enlarge the circle of people who can see a given data subject's information beyond what was already the case before the App was involved.
6.4 — Reporting misuse; enforcement. If you see someone using Orwell's bad dream to widen the circle beyond the team that already held the data — e.g. moving contacts between unrelated teams, creating a team for the sole purpose of exposing data to outsiders, or otherwise circumventing the team-scoping described above — please report it to martinvfalck@gmail.com with as much detail as you can share. We will investigate every report. Teams found to be misusing the App in this way will have their data deleted and their members banned from the App; individual users who organise such misuse will be banned as well. Enforcement is at our sole discretion and does not create any liability to the banned parties.
We retain your data while your account is active. When you disconnect an integration, the stored credentials and synced data for that integration are deleted immediately. When you leave a team, the outreaches, notes, and emails you contributed to that team are deleted. When you delete your account (Account Settings → Delete account), all remaining personal data is permanently erased within 30 days. We do not keep backups of deleted accounts.
Under the General Data Protection Regulation, you have the right to:
Send requests to martinvfalck@gmail.com; we will respond within 30 days. If you believe your data-protection rights have been violated, you can lodge a complaint with your local supervisory authority. In Denmark, this is Datatilsynet (datatilsynet.dk).
The App uses only strictly necessary cookies and browser storage for authentication and session management. We do not use tracking, analytics, or advertising cookies.
Authentication. You can sign in with LinkedIn OpenID Connect or with email and password. LinkedIn processes your data under its own privacy policy (linkedin.com/legal/privacy-policy). Both methods are handled via Supabase Auth.
Infrastructure. Supabase (supabase.com) hosts our database, storage, and secrets vault in the EU. See Supabase's Data Processing Agreement for details.
Optional integrations. Only active if you connect them:
drive.file scope. Google sees only the file you explicitly pick; we store no refresh token. LinkedIn sign-in (if used) is processed through LinkedIn's OpenID Connect.The Chrome extension runs only on linkedin.com/in/* URLs. It reads the public profile identifier in the URL so it can look up your team's records for that profile. It does not read the rest of the page, your messages, or your connections.
We use encrypted transport (TLS), encrypted storage at rest, Supabase Vault for integration secrets, and row-level-security policies so each team's data is only accessible to that team's members. Access is limited to the minimum necessary. While no system is completely secure, we take reasonable technical and organisational measures to safeguard your personal data in accordance with GDPR Article 32.
The App is not directed at anyone under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child's data has been collected, we will delete it immediately.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App before they take effect. The "Effective Date" at the top will always reflect the latest revision. Continued use after changes take effect constitutes acceptance of the revised policy.
Summary balancing test for processing third-party personal data under Article 6(1)(f). Fuller documentation is held on record and is available on request.
The App exists so that a small team doing legitimate professional outreach (recruitment, sales, partnerships, fundraising, investor relations) can coordinate: see who on the team has already contacted a given person, what was said, which events or deals the person came from, and avoid the embarrassment or harm of duplicate or contradictory contact. Cross-referencing the team's own records against the LinkedIn profile the user is looking at is the single feature users rely on daily. Teams use the App instead of (or alongside) a full CRM precisely because a CRM does not surface "has anyone on my team already talked to this person?" at the exact moment a user is on the profile. That interest is lawful, specific, and articulated.
The processing is limited to what the feature needs: a public LinkedIn identifier, a display name, a timestamp for profile visits, and whatever a teammate chooses to type (outreach notes, emails pasted from conversations, linkages to attendees or contacts the team already holds). We do not read the profile page's content, messages, or connections list, and we do not enrich the profile with data bought from third parties. A less data-hungry alternative (e.g. manually keeping a spreadsheet) is possible but does not deliver the same coordination benefit and, notably, stores comparable data in a less secure environment. Removing the shared record would remove the App's core utility.
Factors weighing in favour of processing:
Factors weighing against processing:
Conclusion. On balance, the legitimate interest of teams in coordinating legitimate professional outreach, combined with the limited scope, non-sensitive categories, EU hosting, strict access controls, and the availability of an unconditional right to object and erase, outweighs the interference with the data subject's rights. Processing is therefore lawful under Article 6(1)(f). A data subject who disagrees with that balance on their own facts can exercise their Article 21 right to object, which we honour without precondition.
Last reviewed: April 22, 2026. This assessment will be re-reviewed whenever a materially new processing activity is introduced.
Published under GDPR Article 14. Effective Date: April 22, 2026
Orwell's bad dream is the data controller. Contact: martinvfalck@gmail.com. The controller is established in Denmark; the supervisory authority is Datatilsynet (datatilsynet.dk), where you can lodge a complaint at any time.
A team using the App may hold some or all of the following about you. We say "may" because the App is team-driven — what is stored depends entirely on what a given team has entered or synced:
linkedin.com/in/<slug>) and your display name as shown on LinkedIn.We do not collect or store: your LinkedIn messages, your connections list, your newsfeed, anything you did not publish on your LinkedIn profile, or any inference / scoring / profiling about you.
Depending on the team, your data may have come from: (a) the public LinkedIn profile page a team member opened, (b) a Luma attendee list the team's Luma account has access to because you RSVPed to or attended an event, (c) a HubSpot CRM record the team maintains, (d) a row the team pasted or synced from a Google Sheet, or (e) something a team member typed manually.
Processing is carried out on the basis of legitimate interests (GDPR Article 6(1)(f)) — specifically, the interest of the App's users and their teams in coordinating legitimate professional outreach (recruiting, sales, partnerships, fundraising, investor relations). The documented balancing test is included in our main Privacy Policy appendix. We do not use your data for advertising, profiling, automated decision-making, or AI/ML training.
Only the members of the single team that entered or synced the data. Teams in the App are isolated at the database layer by row-level security; there is no "cross-team" index and no public directory. We do not sell, rent, or share your data with third parties. The data is stored by Supabase (a data-processing provider) on EU infrastructure under a Data Processing Agreement.
A team's records about you are kept while that team uses the App. A team's data is deleted in the following cases:
We do not keep backups of deleted records.
Under GDPR you have the right to:
To exercise any of these, email martinvfalck@gmail.com with your LinkedIn profile URL so we can identify your records. We will respond within 30 days. If you are not satisfied with our response you can complain to Datatilsynet (datatilsynet.dk) or the supervisory authority in your EU country of residence.
If we materially change the way we process third-party data, we will update this notice and log the change. The "Effective Date" above reflects the latest revision.
Effective Date: April 29, 2026
These Terms of Use ("Terms") govern your use of the Orwell's bad dream website and Chrome extension (together, "the App"). By creating an account, accepting these Terms in the signup flow, or otherwise using the App, you agree to be bound by them. If you do not agree, do not create an account or use the App.
The App is a lightweight collaboration tool for small teams. It lets you and your teammates keep a shared record of LinkedIn outreach, notes, and contact emails per profile, and surfaces that shared record when any of you visits that profile. You can optionally connect your own HubSpot, Luma, and Google Sheets accounts so matching data from those systems also appears on the profile. The App is intended for legitimate professional outreach (recruiting, sales, partnerships, fundraising) by users who have the right to perform that outreach and to read the data they connect.
The App is intentionally limited in scope. The following are explicitly outside the scope of the App:
Data you log or connect is visible only to you and to the members of teams you join. Nothing is published anywhere else.
You can create an account by signing in with LinkedIn OpenID Connect or with an email and password. Either way, we receive only the identity fields described in the Privacy Policy. You are responsible for keeping your sign-in credentials secure; an attacker who controls your LinkedIn login or your email inbox can sign in to the App as you.
You agree to use the App only for lawful, legitimate professional outreach activities. You agree not to:
The App supports optional, opt-in integrations with HubSpot, Luma, and Google Sheets. When you connect one of these, you confirm that you have the authority to read the data being connected under your organisation's policies and the third party's terms of service. Each integration is connected per team; its data becomes visible to that team's members on matching LinkedIn profiles.
For HubSpot and Luma, the credentials you paste (Private App token, API key, and optional iCal URL) are stored encrypted in Supabase Vault and used only by server-side functions scoped to your team. For Google Sheets, the App uses the Google Picker and Sheets APIs with the drive.file scope, which only grants access to the specific file you pick; no refresh token is stored, and you re-authenticate on each sync.
The App copies the data you pick from each integration into our database so it can be shown on matching LinkedIn profiles. You are responsible for re-syncing when the source data changes. Disconnecting an integration immediately removes the stored credentials and the data synced from that integration.
The App is GDPR-compliant. We process your data only based on the consent you grant when you sign up and when you connect each integration. You may at any time access, correct, export, or permanently delete your data — see Sections 7–8 of the Privacy Policy. The "Delete account" button in Account Settings erases all your personal data and your underlying authentication record.
When you create or join a team, the outreaches you log, notes you write, emails you add, and integrations you connect become visible to the other members of that team. This is the core function of the App. If you remove yourself from a team, the data you contributed to that team is also deleted. If a team admin removes the team, all member data within it is deleted.
The App is provided on an "as available" basis. We do not guarantee uninterrupted availability, freedom from bugs, or fitness for a particular purpose. We may modify, suspend, or discontinue parts of the App at any time. If we make material changes that affect your rights, we will notify you in the App before they take effect.
To the maximum extent permitted by law, the App is provided "as is" without warranties of any kind, express or implied. We are not liable for any indirect, incidental, special, or consequential damages arising from your use of the App, including loss of data, loss of business opportunities, or damage caused by reliance on team-logged outreach history or integration data. Our total liability, if any, is limited to the amount you have paid to use the App in the preceding twelve months — which, for the current free tier, is zero.
You may stop using the App at any time and delete your account from Account Settings. We may suspend or terminate your access if you materially violate these Terms or the law, or if your continued use poses a security or integrity risk. On termination for any reason, your data is erased per the Privacy Policy.
These Terms are governed by the laws of Denmark, without regard to its conflict-of-law rules. Any dispute will be resolved by the courts of Denmark, except where mandatory consumer-protection rules in your country of residence grant you the right to bring proceedings locally.
For questions about these Terms or to exercise your GDPR rights, contact the data controller at martinvfalck@gmail.com.
We may update these Terms from time to time. Material changes will be announced in the App, and the "Effective Date" above will reflect the latest revision. Continued use after changes take effect constitutes acceptance of the revised Terms. If you do not agree, you can delete your account at any time.