Privacy Policy

1. Introduction

Inagiffy Solutions Pvt. Ltd. ("Linklulu," "we," "us," or "our") operates the Linklulu platform (the "Service"), a SaaS application that helps teams gamify and improve their LinkedIn engagement. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Our use of data obtained through the LinkedIn Marketing API Program is governed by the LinkedIn Marketing API Terms and LinkedIn's Data Storage Requirements. Where those terms impose stricter requirements than this Privacy Policy, the stricter requirements prevail.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, and password when you create an account.
• Profile Information: LinkedIn profile URL, professional details, and writing style preferences.
• Organization Data: Team name, member information, and configuration preferences.
• Content: Stories, experiences, and content you provide for AI-assisted post generation.
• Payment Information: Billing details processed through our payment provider (DodoPayments). We do not store full payment card numbers.

2.2 LinkedIn Data (via LinkedIn Marketing APIs)

When you connect your LinkedIn account and authorize our application through LinkedIn's OAuth flow, we access the following categories of LinkedIn data. We adhere to the principle of data minimization and only request data that is necessary to provide the Service:

• Authenticated Member Profile Data: Your basic LinkedIn profile information (name, headline, profile picture) retrieved when you authenticate into our application.
• Authenticated Member Person ID: Your LinkedIn Person ID and Person URN, used to identify your account within our Service.
• Members' Social Activity Data: Data relating to social activity by LinkedIn members, including posts, likes, comments, reactions, and associated metadata (such as time of creation, content, and visibility).
• Other Members' Profile Data: Limited profile information for LinkedIn members who interact with your posts (e.g., commenters, reactors), such as name and profile picture.
• Organization Social Activity Data: Posts, articles, and engagement data associated with your LinkedIn organization page.
• Organization Pages' Admin and Reporting Data: Follower counts, engagement summaries, and visitor analytics for your organization's LinkedIn page.

2.3 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken, timestamps, and interaction patterns.
• Device Information: Browser type, operating system, device identifiers, and IP address.
• Cookies and Analytics: We use cookies and analytics tools (including PostHog) to understand how you use our Service.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Generate AI-powered content suggestions personalized to your writing style and voice profile.
• Calculate engagement scores, leaderboard rankings, points, and achievements.
• Manage team challenges, competitions, and gamification features.
• Send transactional emails (invitations, reminders, notifications).
• Process payments and manage subscriptions.
• Analyze usage patterns to improve our product.
• Detect, prevent, and address technical issues and security threats.
• Comply with legal obligations.

3.1 LinkedIn Data Usage Restrictions

In compliance with the LinkedIn Marketing API Terms, LinkedIn data obtained through our Service is subject to the following restrictions:

• LinkedIn member data is used solely to manage LinkedIn profiles and pages within our application and to provide the engagement tracking and gamification features of the Service.
• LinkedIn member data is not exported, transferred, or distributed outside of our application.
• LinkedIn member data is not combined with third-party data to create, supplement, or verify user profiles, leads, reference tables, or any other databases.
• LinkedIn member data is not used for advertising, sales, recruiting, lead generation, ad targeting, or account-based marketing purposes.
• LinkedIn member data is not sold, commercialized, or provided to data brokers.
• LinkedIn data is not used to derive sensitive personal information such as race, ethnicity, political opinions, health conditions, or sexual orientation.
• LinkedIn data is not used to display a social feed of LinkedIn content on external websites or intranets.
• LinkedIn member data obtained for managing a specific LinkedIn profile or page is only displayed to individuals associated with that profile or page within your organization.

4. AI and Content Generation

Our Service uses artificial intelligence (powered by third-party AI providers) to generate LinkedIn post suggestions. To provide this feature:

• We analyze your writing style to create a voice profile for personalized content.
• We use your stories and experiences (from your Story Bank) as context for content generation.
• We use a database of high-performing LinkedIn posts as training references (anonymized and aggregated).
• Generated content is stored in your account and is not shared with other users.

You retain full ownership and control over all content generated through our Service. We do not use your personal content to train AI models for other customers.

5. How We Share Your Information

We may share your information in the following circumstances:

• Within Your Organization: Team members in your organization can see your leaderboard ranking, points, achievements, and public engagement metrics. LinkedIn member data is only visible to individuals associated with the relevant LinkedIn profile or page.
• Service Providers: We share data with third-party providers that help us operate the Service, including: cloud hosting (Supabase), AI providers (Anthropic), vector database (Pinecone), email delivery (Resend), payment processing (DodoPayments), analytics (PostHog), and error monitoring (Sentry). These providers are contractually obligated to protect your data and use it only for the purposes of providing their services to us.
• Legal Requirements: We may disclose your information if required by law, legal process, or government request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.

We do not sell your personal information to third parties. We do not export, transfer, or distribute LinkedIn member data to any third party except as strictly necessary to operate the Service through our authorized service providers.

6. Data Security

We maintain physical, technical, and administrative safeguards designed to keep all data secure that meet or exceed industry standards, including:

• Encryption of sensitive data (including LinkedIn OAuth tokens) at rest and in transit.
• Secure authentication through industry-standard OAuth 2.0 protocols.
• Regular security monitoring and error tracking.
• Access controls limiting data access to authorized personnel.
• Secure storage infrastructure with database-level access controls.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service, subject to the data storage limits described below.

7.1 LinkedIn Data Retention Periods

In compliance with LinkedIn's Data Storage Requirements, we observe the following retention limits for data obtained through the LinkedIn Marketing APIs:

• Authenticated Members' Profile Data and Person IDs: Stored for the duration of your account with no restriction, as permitted by LinkedIn.
• Other Members' Profile Data: Cached for a maximum of 24 hours and then deleted. This data is not permanently stored.
• Members' Social Activity Data: Stored for a maximum of 48 hours and then deleted. This includes posts, comments, reactions, and associated metadata from individual LinkedIn members.
• Organization Social Activity Data: Stored for up to six months when relating to an organization that has authenticated into our application, or six weeks otherwise. Member content within organization activity is subject to the 48-hour limit above.
• Organization Pages' Admin and Reporting Data: Stored for up to one year. This includes aggregate data such as follower counts and engagement summaries, and does not include individual member-level data.
• IDs and URNs for Managing Activity: Identifiers for organizations, posts, social actions, and other management activity are stored with no restriction on duration.

We keep all stored LinkedIn data current by regularly refreshing it from LinkedIn's APIs. Where LinkedIn's requirements conflict with this Privacy Policy, the more restrictive or more protective requirement applies.

7.2 Account Data Retention

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or legitimate business purposes. All stored LinkedIn member data is permanently deleted within 10 days of account closure.

Aggregated, non-identifiable analytics data may be retained for product improvement purposes.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of your personal information, including all LinkedIn data associated with your account.
• Export your data in a portable format.
• Opt out of certain data processing activities.
• Withdraw consent for LinkedIn data access at any time by disconnecting your LinkedIn account in the Service settings.

Upon receiving a valid deletion request, we will delete your LinkedIn data in accordance with LinkedIn's Data Storage Requirements and permanently remove it from our systems.

To exercise any of these rights, please contact us at dev@inagiffy.news.

9. LinkedIn OAuth and Consent

We access your LinkedIn data only after you explicitly authorize our application through LinkedIn's OAuth 2.0 authentication flow. During this process:

• LinkedIn presents you with a consent screen detailing the permissions our application is requesting.
• You may review and approve or deny each permission before granting access.
• You may revoke access at any time through your LinkedIn account settings or through the Linklulu Service settings.
• Revoking access will stop our collection of new LinkedIn data. Previously collected data will be deleted in accordance with the retention periods described in Section 7.

10. Cookies

We use essential cookies to maintain your session and authentication state. We also use analytics cookies (PostHog) to understand how you use the Service. You can control cookie preferences through your browser settings, though disabling essential cookies may prevent the Service from functioning properly.

11. Third-Party Links

The Service integrates with LinkedIn and may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies, including LinkedIn's Privacy Policy.

12. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Inagiffy Solutions Pvt. Ltd.
Email: dev@inagiffy.news