Privacy Policy

1. Who we are

LinkedReach is a multi-account LinkedIn outreach platform operated by LinkedReach Ltd. This policy explains what data we collect when you use linkedreach.ai or the LinkedReach application, why we collect it, and the rights you have over it. If something here is unclear, email privacy@linkedreach.ai and a human will reply.

2. What data we collect

We collect only what's needed to run the service and improve it. In practice, that's four buckets:

Account & billing data

• Name, work email, and company you provide at signup.
• Billing details processed by our payment provider — we never see your full card number.
• Authentication tokens for the integrations you connect (e.g. HubSpot, Salesforce, Google Calendar).

LinkedIn account data

• Session cookies for each LinkedIn account you connect, used by our automation workers to act on your behalf.
• Sender state — warm-up day, daily action counts, send-window settings — so we can enforce safe-sending limits.
• Reply text and conversation threads from the LinkedIn inboxes of accounts you've connected, so we can surface them in the unified inbox and let Agent Mode classify intent.

Lead data

• Profile information for leads you import or scrape via the platform — name, role, company, public profile fields, and the messages in their conversation thread with your senders.
• Status of each lead in your campaigns (sent, accepted, replied, qualified, archived).

Usage & technical data

• Standard server logs (IP, user agent, request paths, timestamps), retained for 30 days for security and debugging.
• Product analytics on which features you use, so we can decide what to build next. No third-party trackers on the marketing site.

3. Why we collect it

• To provide the service — running campaigns, sending messages from your senders, surfacing replies, qualifying leads, booking meetings.
• To enforce safety — tracking per-sender daily caps, warm-up state, and proxy health so accounts don't get banned.
• To improve the product — understanding which workflows work, which features get used, where users get stuck.
• To bill you — charging the right amount for the senders you have connected.
• To meet legal obligations — tax records, fraud prevention, responding to lawful requests.

4. How we store it

Customer data is stored in managed PostgreSQL hosted in EU data centres, encrypted at rest with AES-256, with row-level security so a tenant can only see their own data. Access is restricted to a small group of staff with a documented business need, and every query against production is logged. Backups are encrypted and retained for 30 days.

5. Who we share it with

We do not sell your data. Ever. We use a small set of sub-processors who help us run the service:

• Anthropic — AI processing for personalisation and Agent Mode replies. Conversation snippets and lead context are sent to generate output, and are not retained for training.
• Stripe — payment processing and subscription management.
• Railway — cloud infrastructure where our application and workers run.

That's the complete list. We don't use ad networks, behavioural-tracking partners, or data brokers. If we ever add a sub-processor, we update this page first.

6. Your rights

Whether you're covered by GDPR (UK / EU), CCPA (California), or similar laws elsewhere, you have the same set of rights, and we honour them globally:

• Access — ask for a copy of the data we hold about you.
• Deletion — ask us to remove your account and the data associated with it.
• Portability — export your campaigns, leads, and inbox in a machine-readable format any time, no support ticket required.
• Correction — ask us to fix anything that's wrong.
• Opt-out — opt out of any non-essential processing, including product analytics.
• Complain — lodge a complaint with the ICO (UK), your local DPA (EU), or the equivalent regulator where you live.

To exercise any of these, email privacy@linkedreach.ai. We aim to respond within 7 days and complete most requests within 30.

7. Cookies and tracking

The marketing site (linkedreach.ai) uses no cookies and no third-party trackers. Visit it, look around, leave — nothing follows you.

The application (the dashboard you log into) uses one essential session cookie to keep you logged in, plus first-party preferences (e.g. light / dark mode, last-viewed campaign). We don't run advertising pixels or behavioural-analytics SDKs in the product.

8. Data retention

• Active accounts: data is retained as long as the account is active.
• Cancelled accounts: data is retained for 90 days after cancellation, then permanently deleted, except where law requires longer retention (e.g. tax records, kept for 6 years).
• Server logs: 30 days.
• Backups: encrypted, 30 days.

9. International transfers

Our primary storage is in the EU. Some sub-processors (notably the AI provider above) operate in the US, so where data is transferred outside the UK / EEA we rely on the UK Addendum and EU Standard Contractual Clauses to maintain GDPR-equivalent protection.

10. Children

LinkedReach is a B2B product. We do not knowingly collect data from anyone under 18. If you believe a child has provided us data, email us and we'll remove it.

11. Changes to this policy

We'll update this page when our practices change. Material changes are announced by email to active customers at least 14 days before they take effect.

12. Contact

Privacy questions: privacy@linkedreach.ai.
Data Protection Officer / DPA requests: legal@linkedreach.ai.