Privacy Policy

1. Who we are

LinkedReach is a multi-account LinkedIn outreach platform operated by LinkedReach Ltd. This policy explains what data we collect when you use linkedreach.ai or the LinkedReach application, why we collect it, and the rights you have over it. If something here is unclear, email privacy@linkedreach.ai and a human will reply.

2. What data we collect

We collect only what's needed to run the service and improve it. In practice, that's four buckets:

Account & billing data

• Name, work email, and company you provide at signup.
• Billing details processed by our payment provider — we never see your full card number.
• Authentication tokens for the integrations you connect (e.g. HubSpot, Salesforce, Google Calendar).

LinkedIn account data

• Session cookies for each LinkedIn account you connect, used by our automation workers to act on your behalf.
• Sender state — warm-up day, daily action counts, send-window settings — so we can enforce safe-sending limits.
• Reply text and conversation threads from the LinkedIn inboxes of accounts you've connected, so we can surface them in the unified inbox and let Agent Mode classify intent.

Lead data

• Profile information for leads you collect through your own LinkedIn account's normal interactions — name, role, company, public profile fields visible to your account, and conversation messages with senders you control.
• Status of each lead in your campaigns (sent, accepted, replied, qualified, archived).

Usage & technical data

• Standard server logs (IP, user agent, request paths, timestamps), retained for 30 days for security and debugging.
• Product analytics on which features you use, so we can decide what to build next. No third-party trackers on the marketing site.

3. Why we collect it

• To provide the service — running campaigns, sending messages from your senders, surfacing replies, qualifying leads, booking meetings.
• To enforce safety — tracking per-sender daily caps, warm-up state, and proxy health so accounts don't get banned.
• To improve the product — understanding which workflows work, which features get used, where users get stuck.
• To bill you — charging the right amount for the senders you have connected.
• To meet legal obligations — tax records, fraud prevention, responding to lawful requests.

4. How we store it

Customer data is stored in managed PostgreSQL hosted in EU data centres, encrypted at rest with AES-256, with row-level security so a tenant can only see their own data. Access is restricted to a small group of staff with a documented business need, and every query against production is logged. Backups are encrypted and retained for 30 days.

5. Who we share it with

We do not sell your data. Ever. We use a small set of sub-processors who help us run the service. Current sub-processors include the AI provider, payment processor, hosting provider, residential proxy provider, and email/error-monitoring providers. The full, maintained list is available at our sub-processors page.

We don't use ad networks, behavioural-tracking partners, or data brokers. If we add a sub-processor, the sub-processors page is updated first.

AI vendor data handling. Reply text and conversation messages may be processed by our AI provider for the purpose of generating draft responses and classification. We have contractual zero-training commitments with our AI provider; data is retained transiently for the duration of the API request and is not used to train any model.

5a. Data subjects whose replies you receive

If you connect a LinkedIn account, replies sent to that account by other LinkedIn users are stored on LinkedReach so you can manage your inbox. As the controller of your account, you are responsible for honoring data-subject rights requests under GDPR Article 14 (notice to indirectly-collected data subjects) and similar laws. We provide tools (export, delete) to help you respond to such requests; the obligation rests with you.

Counterparties or data subjects who wish to exercise rights regarding their personal data stored on the platform may contact privacy@linkedreach.ai. We will route the request to the relevant LinkedReach customer (the controller) and provide reasonable assistance.

6. Your rights

Whether you're covered by GDPR (UK / EU), CCPA (California), or similar laws elsewhere, you have the same set of rights, and we honour them globally:

• Access — ask for a copy of the data we hold about you.
• Deletion — ask us to remove your account and the data associated with it.
• Portability — export your campaigns, leads, and inbox in a machine-readable format any time, no support ticket required.
• Correction — ask us to fix anything that's wrong.
• Opt-out — opt out of any non-essential processing, including product analytics.
• Complain — lodge a complaint with the ICO (UK), your local DPA (EU), or the equivalent regulator where you live.

To exercise any of these, email privacy@linkedreach.ai. We aim to respond within 7 days and complete most requests within 30.

7. Cookies and tracking

The marketing site (linkedreach.ai) uses no cookies and no third-party trackers. Visit it, look around, leave — nothing follows you.

The application (the dashboard you log into) uses one essential session cookie to keep you logged in, plus first-party preferences (e.g. light / dark mode, last-viewed campaign). We don't run advertising pixels or behavioural-analytics SDKs in the product.

8. Data retention

• Active accounts: data is retained as long as the account is active.
• Cancelled accounts: data is retained for 90 days after cancellation, then permanently deleted, except where law requires longer retention (e.g. tax records, kept for 6 years).
• Server logs: 30 days.
• Backups: encrypted, 30 days.

9. International transfers

Our primary storage is in the EU. Some sub-processors (notably the AI provider above) operate in the US, so where data is transferred outside the UK / EEA we rely on the UK Addendum and EU Standard Contractual Clauses to maintain GDPR-equivalent protection.

10. Children

LinkedReach is a B2B product. We do not knowingly collect data from anyone under 18. If you believe a child has provided us data, email us and we'll remove it.

11. Changes to this policy

We'll update this page when our practices change. Material changes are announced by email to active customers at least 14 days before they take effect.

12. Contact

Privacy questions: privacy@linkedreach.ai.
Data Protection Officer / DPA requests: legal@linkedreach.ai.