Legal
Privacy Policy
We believe privacy is a right, not a checkbox. This policy is written in plain English so you actually understand how your data is handled.
Overview
LinkedDraft ("we", "our", "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use LinkedDraft at linkedraft.com (the "Service"). We operate under both the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Depending on where you are located, different rights and obligations apply — we have noted these throughout this document.
Data we collect
Information you provide
- Account information — your name and email address when you sign up via Google OAuth.
- Content data — the text, prompts, notes, and posts you create inside the editor.
- Communications — if you contact us via email or a support form.
Information collected automatically
- Usage data — pages visited, features used, time spent, and click patterns.
- Device data — browser type, operating system, IP address, and referring URL.
- Cookies and similar technologies — session cookies for authentication and analytics cookies (see Cookie Policy below).
Legal basis for processing (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data only where we have a valid legal basis:
- Contract performance — to provide the Service you signed up for.
- Legitimate interests — to improve the product, prevent fraud, and ensure security.
- Consent — for non-essential cookies and marketing communications. You may withdraw consent at any time.
- Legal obligation — where we are required to process data by applicable law.
How we use your data
- To create and manage your account.
- To generate AI-powered LinkedIn post drafts based on your inputs.
- To personalise your experience and remember your preferences.
- To send transactional emails (password resets, usage summaries).
- To analyse usage patterns and improve the product.
- To detect and prevent abuse, fraud, or security incidents.
- To comply with legal obligations.
AI processing and your content
LinkedDraft uses third-party AI models (including OpenRouter-hosted models) to process the text you input in the editor. Please be aware:
- Your input text is sent to AI providers solely to generate your requested output.
- We do not use your personal content to train AI models.
- AI providers are bound by data processing agreements and are prohibited from using your data for model training.
- Do not enter sensitive personal information (e.g. financial data, health information, identification numbers) into the editor.
International data transfers
LinkedDraft is based in the United States. If you access the Service from the EEA, UK, or Switzerland, your data may be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the transfer mechanism for such transfers. You may request a copy of applicable SCCs by contacting us.
Data retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or compliance purposes (typically up to 7 years for financial records).
Your rights
To exercise any of these rights, contact us at privacy@linkedraft.com. We will respond within 30 days (GDPR) or 45 days (CCPA).
EEA / UK users (GDPR rights)
- Right of access — request a copy of your personal data.
- Right to rectification — correct inaccurate or incomplete data.
- Right to erasure — request deletion of your data ('right to be forgotten').
- Right to restriction — ask us to limit how we process your data.
- Right to data portability — receive your data in a machine-readable format.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — at any time, without affecting prior processing.
California users (CCPA rights)
- Right to know — what personal information we collect, use, disclose, and sell.
- Right to delete — request deletion of your personal information.
- Right to opt-out — we do not sell personal information, so this right is not applicable.
- Right to non-discrimination — we will not discriminate against you for exercising your rights.
Security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest (via Supabase), access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure. If you discover a security vulnerability, please disclose it responsibly to security@linkedraft.com.
Children's privacy
The Service is not directed to children under 16 years of age (or 13 in the US). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before the change takes effect. The date at the top of this page reflects the most recent revision.
Contact & complaints
For any privacy-related questions or to exercise your rights:
If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. In the EU, you can find your authority at edpb.europa.eu. In the UK, contact the ICO at ico.org.uk.
Email: privacy@linkedraft.com
LinkedDraft, Data Controller