Privacy Policy

Last Updated: November 16, 2025

1. Introduction and Overview

This Privacy Policy explains how our LinkedIn Post Analytics Application (“the Application,” “we,” “us,” or “our”) collects, uses, processes, stores, and protects personal data when you use our services. Our Application helps users download their LinkedIn posts and analyze engagement metrics, including identifying who liked their content.

We are committed to protecting your privacy and ensuring you have a positive experience on our platform. We comply with applicable privacy laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other data protection laws in your jurisdiction.

Please read this Privacy Policy carefully. By accessing or using our Application, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

Authentication and Account Data:

• Your email address and LinkedIn profile identifier
• OAuth 2.0 authentication tokens and refresh tokens used to securely connect to your LinkedIn account
• Your LinkedIn username and basic profile information (name, headline, current position)
• Account creation and access logs

LinkedIn Post Data:

• Your LinkedIn posts (text content, images, videos, dates of publication)
• Post engagement metrics including:
  • Number of likes, comments, shares, and reposts
  • Identities of LinkedIn users who engaged with your posts (names, profile URLs, user IDs)
  • Timestamps of engagement activities
  • Engagement types and interaction details

User-Generated Content:

• Export preferences and download requests
• Usage settings and analytics configuration
• Communications you send to our support team

2.2 Information Collected Automatically

Technical Data:

• Device information (device type, operating system, browser type and version)
• Internet Protocol (IP) address and general location data (city, region level)
• Cookies and similar tracking technologies
• Timestamps of access and usage patterns
• Application performance metrics and error logs

Usage Analytics:

• Features accessed and functionality used
• Time spent on the Application
• Data export frequency and volume
• API calls and data processing activities

2.3 Information from Third Parties

LinkedIn Platform:

• We receive information from LinkedIn’s APIs in accordance with their terms of service
• LinkedIn may provide additional profile information as permitted by their access controls and your privacy settings on LinkedIn
• Information is only retrieved for LinkedIn profiles where you have provided explicit authorization

3. Legal Basis for Processing

3.1 Consent

We process personal data based on your explicit consent, particularly:

• When you authorize our Application via LinkedIn’s OAuth 2.0 flow
• When you agree to this Privacy Policy and our Terms of Service
• You can withdraw consent at any time through your account settings or by contacting us

3.2 Contract Performance

We process data necessary to provide the services you requested:

• Downloading and organizing your LinkedIn posts
• Analyzing engagement metrics
• Enabling data export functionality

3.3 Legitimate Interest

We may process data for legitimate business purposes:

• Improving Application security and preventing fraud or abuse
• Developing new features and optimizing existing functionality
• Conducting analytics to understand user behavior and preferences
• Meeting legal and regulatory obligations
• Defending against legal claims or disputes

3.4 Legal Obligation

We may process data to comply with:

• Court orders or regulatory investigations
• Tax and financial reporting requirements
• Law enforcement requests

4. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery:

• Authenticating your identity and authorizing access to your LinkedIn data
• Downloading, retrieving, and organizing your LinkedIn posts and engagement metrics
• Generating analytics reports and engagement insights
• Enabling data export in various formats (CSV, JSON, PDF, etc.)
• Syncing and updating post data in accordance with your preferences

Account Management:

• Creating and maintaining your user account
• Processing your account preferences and settings
• Managing subscription or trial periods
• Sending service-related notifications and updates
• Responding to your inquiries and providing customer support

Security and Compliance:

• Detecting and preventing fraud, abuse, or unauthorized access
• Enforcing our Terms of Service and other agreements
• Protecting the rights, property, and safety of our users, company, and the public
• Complying with legal obligations and responding to lawful requests from authorities

Product Improvement:

• Conducting analytics to understand usage patterns and feature adoption
• Identifying bugs, errors, and areas for improvement
• Testing new features and improvements in a controlled environment
• Training and improving our systems and algorithms
• Personalizing your experience within the Application

Communication:

• Sending important service announcements and administrative messages
• Sharing product updates, feature releases, and security notices
• Conducting surveys to gather feedback on your experience (with your consent)
• Marketing communications (only with your prior consent where required by law)

Data Aggregation and Research:

• Creating anonymized and aggregated statistics about Application usage
• Publishing general insights about LinkedIn engagement trends (only from aggregated, de-identified data)

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

5.2 Service Providers and Processors

We may share personal data with carefully selected service providers who act as data processors on our behalf, including:

• Cloud hosting providers: For data storage, backup, and computing infrastructure
• Analytics providers: To understand Application performance (only de-identified usage data)
• Payment processors: To handle subscription and billing transactions
• Security services: For threat detection, vulnerability scanning, and monitoring
• Email and communication services: For sending notifications and support communications
• Customer support platforms: To manage and respond to user inquiries

All service providers are contractually obligated to:

• Process data only on our instructions
• Maintain confidentiality and security of the data
• Implement appropriate technical and organizational security measures
• Not retain, use, or disclose data for purposes other than providing their services

5.3 LinkedIn

• Your LinkedIn data is retrieved directly from LinkedIn’s servers using OAuth 2.0 authentication tokens
• We access only the data you have authorized through your LinkedIn account privacy settings
• Users who have restricted third-party data sharing on their LinkedIn profiles will not have their engagement data downloaded through our Application
• LinkedIn maintains control over your LinkedIn account and profile data

5.4 Legal Requirements and Law Enforcement

We may disclose your personal data without consent if required by:

• Court orders, subpoenas, or similar legal processes
• Government agencies or law enforcement authorities
• Regulatory investigations or compliance inquiries
• Situations involving threats to public safety or imminent harm

5.5 Business Transfers

If our company is involved in a merger, acquisition, bankruptcy, dissolution, or sale of assets, your personal data may be transferred as part of that transaction. We will provide notice before your data becomes subject to a different privacy policy.

5.6 Aggregate and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you:

• General statistics about LinkedIn engagement trends
• Anonymized performance metrics and benchmarks
• Research findings based on collective user data

6. Data Retention and Deletion

6.1 Retention Periods

We retain personal data only as long as necessary for the purposes outlined in Section 4:

LinkedIn Post Data and Engagement Metrics:

• Retained while your account is active
• Deleted within 30 days of account termination or upon your written request
• Older post data may be automatically archived or deleted based on your retention preferences (configurable in account settings)

Authentication Tokens:

• Refresh tokens are retained for the duration of your active account
• Access tokens are short-lived and automatically expire
• All tokens are deleted upon account deletion or revocation of Application authorization

Usage Analytics and Technical Data:

• Retained for a maximum of 12 months for performance and security purposes
• De-identified analytics may be retained longer for trend analysis
• Log files containing IP addresses are automatically purged after 90 days

Support Communications:

• Retained for a minimum of 1 year to address follow-up inquiries
• May be retained longer if necessary to resolve disputes or comply with legal obligations

Account Information:

• Retained for 1 year after account deletion to comply with financial and tax obligations
• May be retained longer if required by law or to defend legal claims

6.2 Your Right to Deletion

You have the right to request deletion of your personal data at any time, subject to:

• Any legal obligations requiring us to retain data
• Our need to maintain records for billing, accounting, or fraud prevention
• Active legal disputes or pending claims
• Time periods necessary to properly execute deletion across all systems and backups

To request data deletion:

1. Log into your account and visit the Data Management section
2. Select “Request Account Deletion”
3. Follow the confirmation steps
4. We will process your deletion request within 30 days

6.3 Deletion Process

Upon deletion request, we will:

• Remove your personal data from our active systems within 30 days
• Instruct all service providers and data processors to delete your data
• Retain only anonymized or aggregated data that cannot identify you
• Keep a record of the deletion in compliance with legal obligations

7. Your Privacy Rights and Choices

Depending on your location, you may have specific rights regarding your personal data:

7.1 Rights Under GDPR (EU/EEA Residents)

If you are located in the European Union, European Economic Area, or United Kingdom, you have the following rights:

Right to Access (Article 15):

• Request and receive a copy of all personal data we hold about you
• Understand what data we process, why we process it, and who we share it with
• Submit a request through your account settings or by contacting us

Right to Rectification (Article 16):

• Request correction of inaccurate personal data
• Update your information through your account settings
• Contact us to correct data you cannot access directly

Right to Erasure (Article 17):

• Request deletion of your personal data (“Right to be Forgotten”)
• Subject to limited exceptions for legal obligations, fraud prevention, and legitimate interests
• We will respond to erasure requests within 30 days

Right to Restrict Processing (Article 18):

• Request that we limit our processing of your data
• Data will be retained but not actively processed pending resolution of your concern
• Applicable when you dispute the accuracy of data or our lawful basis for processing

Right to Data Portability (Article 20):

• Request your data in a structured, commonly used, and machine-readable format (CSV, JSON, XML)
• Transfer your data to another service provider
• Submit requests through the Data Export function in your account

Right to Object (Article 21):

• Object to processing based on legitimate interest or direct marketing
• We will cease processing unless we demonstrate compelling legitimate grounds
• Applies to profiling and automated decision-making

Right Not to Be Subject to Automated Decision-Making (Article 22):

• Opt out of decisions made solely by automated means that produce legal or similarly significant effects
• Request human review of automated decisions

Right to Lodge a Complaint:

• File a complaint with your local data protection authority
• This right is without prejudice to any other legal remedies available to you

7.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights:

Right to Know (Section 1798.100):

• Request what personal information we collect about you
• Understand the purposes for collection and use
• Know which categories of data are shared and with whom

Right to Delete (Section 1798.105):

• Request deletion of personal data we have collected from you
• Subject to certain exceptions (legal obligations, fraud detection, security)

Right to Correct (Section 1798.010):

• Request correction of inaccurate personal data

Right to Opt-Out (Section 1798.120):

• Opt out of the “sale” or “sharing” of personal data
• Currently, we do not sell or share your data for cross-context behavioral advertising

Right to Limit Use and Disclosure (Section 1798.115):

• Request that we limit our use of your sensitive personal data to what is necessary to provide requested services

Right to Non-Discrimination (Section 1798.120):

• We will not discriminate against you for exercising your privacy rights
• No differences in service quality or pricing for asserting your rights

Right to Access (Shine the Light Law):

• Request a list of third parties with whom we have shared your personal information for their own marketing purposes

7.3 Other Privacy Rights

Cookie Management:

• You can manage cookies through your browser settings
• Non-essential cookies can be disabled; however, this may limit Application functionality
• We provide a cookie consent banner upon first access to manage tracking preferences

Email Preferences:

• Unsubscribe from marketing emails through links in our communications
• Manage notification preferences in your account settings
• Note: Service-related emails cannot be unsubscribed from while your account is active

Device Permissions:

• You can revoke Application permissions through your device settings
• Revocation of the OAuth token will disconnect the Application from your LinkedIn account

7.4 How to Exercise Your Rights

To exercise any of these rights:

1. Through Your Account: Log into your account and use the Privacy Center to submit requests
2. By Email: Send a detailed request to privacy@[company domain]
3. By Mail: Send a signed request to our postal address (provided at the end of this policy)

Verification: We will verify your identity before processing requests. We may require:

• Government-issued identification
• Proof of account ownership
• Confirmation of email address

Response Timeline: We will respond to your request within:

• 30 days (GDPR/UK GDPR requirement)
• 45 days (CCPA requirement)
• Extensions of up to 60 days may be necessary for complex requests

8. Data Security and Protection

8.1 Security Measures

We implement comprehensive technical and organizational security measures to protect your personal data:

Encryption:

• All data transmissions between your device and our servers use TLS 1.2 or higher encryption
• Sensitive data including OAuth tokens are encrypted at rest using AES-256 encryption
• Encryption keys are securely managed and rotated regularly
• Database encryption is enabled for all data stores

Access Controls:

• Role-based access control (RBAC) restricts data access to authorized personnel only
• Principle of least privilege ensures employees only access data necessary for their role
• Multi-factor authentication (MFA) is required for all administrative accounts
• Access logs are maintained for all data access

OAuth Token Management:

• OAuth tokens are never stored in plaintext
• Tokens are encrypted and stored only on secure, isolated servers
• Refresh tokens have defined lifespans and are automatically rotated
• Users can revoke token access at any time through their account or LinkedIn settings
• Compromised tokens can be invalidated immediately

Network Security:

• All network traffic is protected using firewalls and intrusion detection systems
• Regular vulnerability scanning and penetration testing
• DDoS protection and rate limiting to prevent abuse
• Network segmentation to isolate sensitive systems

Data Backup and Recovery:

• Regular automated backups of all data with encryption
• Backup systems are geographically distributed
• Recovery procedures are tested regularly to ensure data availability
• Backup data is retained according to our retention policy

Monitoring and Incident Response:

• Continuous monitoring of systems for unauthorized access or anomalies
• Security incident response plan with defined escalation procedures
• Regular security audits and assessments
• Prompt notification of users in case of data breaches (as legally required)

8.2 Limitations on Security

While we employ robust security measures, no system is completely secure. We cannot guarantee absolute protection against:

• Determined cyberattacks or advanced persistent threats
• Unauthorized access by skilled attackers
• Compromised third-party systems or services
• Your own negligence (e.g., weak passwords, shared credentials)

You are responsible for:

• Maintaining the confidentiality of your password and account credentials
• Immediately notifying us of any unauthorized access
• Keeping your device and browser updated with security patches
• Not sharing your OAuth tokens or access links with untrusted parties

9. Cookies and Tracking Technologies

9.1 Cookies Used

We use cookies and similar tracking technologies for the following purposes:

Essential Cookies (No Consent Required):

• Session management and authentication
• Security and fraud prevention
• Remembering your language and accessibility preferences
• Load balancing and Application stability

Analytics Cookies (Requires Consent):

• Understanding how users interact with the Application
• Identifying which features are most frequently used
• Detecting technical errors and performance issues
• Creating aggregate statistics about usage patterns

Marketing Cookies (Requires Consent):

• Tracking visits to our website and Application
• Understanding campaign effectiveness
• Delivering relevant advertisements on third-party platforms

9.2 Consent and Cookie Management

Upon first visit to our Application, you will receive a cookie consent banner that allows you to:

• Accept all cookies
• Decline non-essential cookies
• Customize cookie preferences
• Access detailed cookie information

You can manage cookies through:

• Your browser settings (allows you to delete existing cookies and block future ones)
• Our Privacy Center (adjust your consent preferences for our cookies)
• Your device settings (for mobile applications)

Note: Disabling certain cookies may impair Application functionality, including:

• Your ability to remain logged in
• Access to saved preferences
• Analytics and performance improvements

9.3 Third-Party Cookies

Third-party services embedded in our Application may place their own cookies:

• Analytics providers (e.g., to measure site traffic and user behavior)
• CDN providers (e.g., to optimize content delivery)
• Security services (e.g., to detect and prevent abuse)

We are not responsible for the cookie practices of third parties. Please review their privacy policies for information about their cookie use.

9.4 Local Storage and Similar Technologies

We may use local storage, session storage, and similar browser technologies to:

• Store your preferences and settings
• Maintain authentication sessions
• Cache Application data for performance

These function similarly to cookies and can be cleared through your browser settings.

10. International Data Transfers

10.1 Cross-Border Data Movement

Our Application operates globally, and your personal data may be transferred to, processed, and stored in countries other than your country of residence. These countries may have different data protection laws:

Data Processing Locations:

• Primary data centers: [Specify regions, e.g., EU, US, or specific countries]
• Backup and recovery: [Specify regions]
• Service provider locations: [Global, as necessary]

10.2 GDPR Compliance for International Transfers

If you are located in the EU/EEA and data is transferred outside these regions, we implement appropriate safeguards:

Standard Contractual Clauses (SCCs):

• We have executed approved SCCs with all non-EEA service providers
• SCCs provide legal protections equivalent to GDPR standards
• SCCs include obligatory clauses on data protection and user rights

Data Protection Agreements:

• All service providers maintain adequate data protection standards
• Regular audits ensure compliance with transfer requirements
• Supplementary technical measures are implemented where necessary

Your Rights Regarding Transfers:

• You can request information about specific transfer mechanisms
• You can object to transfers and request storage within the EEA (subject to operational feasibility)
• You retain all rights regardless of where your data is stored

10.3 CCPA Compliance for International Transfers

If you are a California resident, we will:

• Provide notice of data transfers to out-of-state processors
• Maintain contractual obligations requiring equivalent data protection
• Ensure you can exercise your CCPA rights regardless of where data is processed

11. Third-Party Links and Services

Our Application may contain links to third-party websites, applications, and services that are not operated by us:

Third-Party Services Include:

• LinkedIn and other social media platforms
• Payment processors and billing services
• Analytics and reporting tools
• Documentation and support resources

Our Responsibility:

• We are not responsible for the privacy practices of third-party services
• Third-party privacy policies and terms apply when you use their services
• We encourage you to review their privacy policies before providing information

LinkedIn Integration:

• Your LinkedIn data is subject to LinkedIn’s Privacy Policy and Terms of Service
• We access only data you explicitly authorize through OAuth
• LinkedIn users who have restricted third-party access will not be included in our Application

12. Children’s Privacy

Our Application is not intended for children under 13 years of age. We do not knowingly collect personal data from children:

If You Are Under 13:

• Do not use this Application
• Do not provide us with any information
• Alert your parent or guardian if you access this Application

If You Are a Parent/Guardian:

• If you believe we have collected data from a child, please contact us immediately
• We will delete such data without undue delay

For EU/EEA Residents (GDPR):

• Users under 16 may require parental consent for data processing (varies by country)
• We rely on you to confirm you have parental consent if you are under 16

For California Residents (CCPA):

• Users under 13 receive higher privacy protections under CalOPPA
• Users 13-15 may have additional rights under CPRA

13. Changes to This Privacy Policy

13.1 Updates and Modifications

We may update this Privacy Policy periodically to:

• Reflect changes in our data practices
• Comply with new laws or regulations
• Improve clarity and transparency
• Address user feedback and concerns

13.2 Notification of Changes

Material Changes (such as expanded data sharing or new processing purposes) will be communicated by:

• Email notification to your registered account email address
• Prominent notice on our Application or website
• Request for your explicit consent where legally required (e.g., GDPR)

Minor Changes (such as clarifications or formatting) may be updated without explicit notice.

13.3 Your Continued Use

Continued use of the Application after updates means you accept the updated Privacy Policy. If you disagree with changes, you may:

• Request data deletion and account termination
• Exercise your data portability rights
• Stop using the Application

The date at the top of this Privacy Policy indicates when it was last updated. We encourage you to review it regularly.

14. Data Protection Officer and Compliance

14.1 Data Protection Officer (DPO)

If required by applicable law, we have appointed a Data Protection Officer. You may contact our DPO regarding:

• Privacy concerns or complaints
• Data subject rights requests
• Compliance inquiries
• Security breach notifications

DPO Contact Information:

• Email: dpo@[company domain]
• Or use the contact information provided in Section 15

14.2 Privacy by Design

We implement Privacy by Design principles:

• Data minimization: We collect only necessary information
• Purpose limitation: Data is used only for stated purposes
• Storage limitation: Data is retained only as long as necessary
• Integrity and confidentiality: Strong security measures protect your data
• Accountability: We maintain detailed records of processing activities

14.3 Data Protection Impact Assessments (DPIAs)

For high-risk processing activities, we conduct DPIAs to:

• Identify potential privacy risks
• Evaluate necessity and proportionality of processing
• Implement mitigation measures
• Document our compliance efforts

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: privacy@[company domain]

Mailing Address: [Your Company Name] [Street Address] [City, Postal Code] [Country]

Response Time: We aim to respond to all inquiries within 10 business days.

15.1 Data Subject Rights Requests

To submit a request to:

• Access your personal data
• Correct inaccurate information
• Delete your data
• Port your data to another service
• Object to processing
• Restrict processing
• Withdraw consent

Use any of the following methods:

1. Log into your account and visit the Privacy Center
2. Email privacy@[company domain] with the subject line “Data Subject Request”
3. Mail a signed written request to the address above

Include in Your Request:

• Your full name and account email
• Type of request (access, deletion, etc.)
• Specific information or account(s) involved
• Proof of identity (government ID)
• Preferred response format

16. Regulatory Contact Information

If you are located in specific regions, you may contact your local regulatory authority:

GDPR (EU/EEA):

• Contact your national Data Protection Authority
• [European Data Protection Board (EDPB) website for authority listings]

CCPA (California):

• California Attorney General
• California Privacy Protection Agency (CPPA)

PIPEDA (Canada):

• Office of the Privacy Commissioner of Canada

LGPD (Brazil):

• Autoridade Nacional de Proteção de Dados (ANPD)

17. Acknowledgment and Agreement

By using our Application, you acknowledge that:

✓ You have read and understood this Privacy Policy ✓ You agree to our collection and use of personal data as described ✓ You understand your rights and how to exercise them ✓ You are aware of the risks and security limitations ✓ You have the authority to agree to this policy (or have obtained parental consent if under 16)

---

Document Version: 1.0 Effective Date: November 16, 2025 Last Updated: November 16, 2025