Privacy Policy

Last updated: June 2026

Policy version: 2026-06-15

1. Who We Are

The data controller for your personal information is NEANDERTECH SERVICOS DE TECNOLOGIA LTDA, located at AV SETE DE SETEMBRO, 2775, REBOUÇAS - 80230-010 - Curitiba, Paraná - Brazil (“we”, “us”, “Link Into The SSI”).

Privacy enquiries: contact@linkintothessi.com.

Data Protection Officer / EU–UK Representative: Henriko Alberton.

2. Data We Collect & Sources

LinkedIn sign-in (OIDC). When you connect your LinkedIn account we receive your LinkedIn member ID, full name, profile picture URL, and email address through LinkedIn’s OpenID Connect flow.

Profile attributes you set. You may voluntarily provide your industry and country in your profile settings.

Posts you submit. We store the LinkedIn posts you create or schedule through the platform.

Engagement actions. We record comments and reactions made through your LinkedIn access token on your behalf as part of the platform’s core feed-engagement feature.

Billing. Subscription payments are processed by Stripe. We store your Stripe customer ID and subscription status; we do not store payment card details.

Technical & session data. We collect standard server logs (IP address, browser type, pages visited, timestamps) for security and performance monitoring.

No scraping. We do not scrape LinkedIn or any other third-party website. All data originates from your direct interactions with our platform or through the LinkedIn API under your authorised consent.

3. Why We Use It & Legal Bases

Contract (Art. 6(1)(b) GDPR). Providing the core service: authenticating you, displaying your feed, publishing posts and engagement actions, and managing your subscription.

Legitimate interests (Art. 6(1)(f) GDPR). Optimising feed quality, preventing abuse, ensuring platform security, and maintaining aggregate, non-identifiable analytics about service performance.

Consent (Art. 6(1)(a) GDPR). Marketing communications and optional analytics are processed only with your explicit consent. Both are off by default and can be toggled at any time in Settings → Privacy & Data.

Legal obligation (Art. 6(1)(c) GDPR). Retaining billing records for tax and financial compliance, maintaining consent records, and responding to lawful requests from supervisory or law-enforcement authorities.

4. Who We Share It With

We engage the following sub-processors who may process personal data on our behalf:

• LinkedIn — authentication (OIDC) and engagement API.
• Stripe — payment processing and subscription management.
• Convex — backend database and serverless functions.
• Vercel — landing-site hosting and edge delivery.
• Railway — application server hosting.
• Cloudflare — DNS, CDN, and DDoS protection.
• Resend — transactional email delivery.
• OpenRouter (AI inference) — generating reaction suggestions and draft comments from your public post content, including its images. OpenRouter routes only to inference providers with zero data retention (prompts are not stored or used for training).

We do NOT sell or share your personal information for cross-context behavioural advertising or any other commercial purpose.

5. International Transfers

Our sub-processors are primarily based in the United States. Where data is transferred outside the European Economic Area or United Kingdom, we rely on the European Commission’s Standard Contractual Clauses (SCCs) as the transfer mechanism for each processor. A copy of the relevant transfer safeguards is available on request by contacting contact@linkintothessi.com.

6. How Long We Keep It

Account deletion. When you delete your account (or request erasure), your personal data is marked for deletion immediately. A 30-day grace period applies to allow accidental-deletion recovery, after which data is permanently purged.

Dormant accounts. Accounts with no activity for 24 months are automatically treated as deletion requests; we will notify you before purging.

Billing records. Transaction and subscription records are retained within Stripe for as long as required by applicable tax and financial regulations (typically 7 years).

We apply data minimisation: we collect only what is necessary to provide the service and remove data as soon as it is no longer needed for its original purpose.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — obtain a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion of your data (“right to be forgotten”).
• Restriction — ask us to limit how we process your data.
• Objection — object to processing based on legitimate interests.
• Portability — receive your data in a structured, machine-readable format.
• Withdraw consent — withdraw consent for marketing or analytics at any time without affecting prior processing.
• Lodge a complaint — with your local supervisory authority (e.g. your national data-protection authority within the EU/UK, or the relevant state AG in the US).

How to exercise your rights. The quickest way is through Settings → Privacy & Data, where you can export your data, delete your account, and manage consent toggles. You may also contact us at contact@linkintothessi.com. We will respond within 30 days (or the statutory deadline where shorter).

8. California Residents (CCPA / CPRA)

Categories collected. Identifiers (name, email, LinkedIn ID, IP address); professional or employment-related information (headline, industry); Internet or network activity (session logs); commercial information (subscription status via Stripe).

No sale or sharing. We do not sell personal information. We do not share personal information for cross-context behavioural advertising.

Your CCPA/CPRA rights. California residents may exercise the right to know what personal information we collect, have personal information deleted, have inaccurate personal information corrected, and opt out of any future sale or sharing. We will not discriminate against you for exercising these rights.

Authorised agents. You may designate an authorised agent to submit a request on your behalf. We may require verification of your identity and written authorisation for such requests.

To submit a California privacy request, use Settings → Privacy & Data or email contact@linkintothessi.com.

9. Brazilian Users (LGPD)

In accordance with Brazil’s Lei Geral de Proteção de Dados (LGPD), you have the rights set out in Art. 18 of the LGPD, including: confirmation of the existence of processing; access to your data; correction of incomplete or inaccurate data; anonymisation, blocking, or deletion of unnecessary or excessive data; portability; deletion of data processed on the basis of consent; information about public and private entities with which we share data; information about the possibility of refusing consent and the consequences; and revocation of consent.

Complaints may be filed with the Autoridade Nacional de Proteção de Dados (ANPD).

Our encarregado (Data Protection Officer / LGPD representative): Henriko Alberton.

10. Cookies & Storage

We use only essential browser storage (a session token to keep you signed in and your preferences). We do not use advertising, cross-site tracking, or non-essential analytics cookies. For full details see our Cookie & Storage Policy.

11. Children & Minimum Age

The service is intended for users 16 years of age and older. We do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has provided us with personal information, please contact us at contact@linkintothessi.com and we will delete it promptly.

12. Changes to This Policy

We may update this policy from time to time. For material changes (new data categories, new purposes, or new sub-processors), we will notify you by email and/or an in-app notice, and we will re-prompt you for acknowledgment before the changes take effect. The policy version date at the top of this page reflects the most recent revision.

Questions or concerns? Contact us at contact@linkintothessi.com.