Privacy Policy
1. Controller
Linorida is a product operated by:
efixity Maksym Rachipa
Legnicka 36 / 46
53-674 Wroclaw, Poland
Contact: team@linorida.com
2. Data We Collect
| Data | Source | Purpose | Retention |
|---|---|---|---|
| Name, email, profile picture | Google OAuth | Account management, service delivery | Until account deletion |
| LinkedIn OAuth token | LinkedIn OAuth | Publishing content on your behalf | Max 60 days |
| Google OAuth token | Google OAuth | Authentication | Duration of session / max 60 days |
| IP address, action logs | Automatic | Security, debugging | 14 days |
| AI prompts & generated content | User input | Idea generation, content suggestions | Until account deletion |
| Billing info | Stripe (not stored by us) | Subscription processing | Per Stripe''s policy |
3. Legal Basis (GDPR Art. 6)
Some processing is necessary for contract performance under Art. 6(1)(b) GDPR, including account creation, authentication, and essential service communications.
Optional features are processed based on consent under Art. 6(1)(a) GDPR and can be withdrawn in account settings without affecting previous lawful processing.
Security logs are retained under Art. 6(1)(f) GDPR (legitimate interest).
4. Third-Party Processors (Subprocessors)
| Processor | Role | Data Shared | Location |
|---|---|---|---|
| Google LLC | Authentication (OAuth) | Name, email, profile picture, auth token | USA (SCCs apply) |
| LinkedIn Corporation | Content publishing API | OAuth token, post content | USA (SCCs apply) |
| OpenAI, Inc. | AI content generation | User prompts (anonymized, no PII) | USA (SCCs apply) |
| Stripe, Inc. | Payment processing | Email, billing data | USA (SCCs apply) |
| Supabase, Inc. | Database hosting | All user data | EU (AWS eu-central-1) |
We review our subprocessor list regularly. Changes will be reflected in updated versions of this policy.
5. Data Retention Schedule
We retain different categories of data for specific periods based on their purpose and legal requirements:
| Data Category | Retention Period | Deletion Method |
|---|---|---|
| OAuth tokens (LinkedIn, Google) | Max 60 days after expiration, or upon revocation | Automated daily cleanup |
| Access / security logs | 14 days | Automated daily cleanup |
| Consent audit logs | 365 days | Automated daily cleanup |
| LinkedIn API audit logs | 365 days | Automated daily cleanup |
| Published posts | Until account deletion | Removed during account deletion process |
| Deleted posts | 90 days after deletion | Automated daily cleanup (permanent removal) |
| AI-generated content (prompts, suggestions) | Until account deletion | Removed during account deletion process |
| Account data (name, email, profile) | Until account deletion + 30-day grace period | Removed after grace period expires |
| Account deletion audit trail | Permanent | Retained for legal compliance |
| Billing records | Per applicable legal obligations | Managed by Stripe |
6. Third-Party Data Sharing
We do not sell, rent, or trade your personal data. We only process the minimum amount of data necessary to provide the requested functionality.
Data is shared with third parties only as described in Section 4 (Subprocessors) and only to the extent necessary to provide our services.
Specifically:
- Google: receives authentication data to verify your identity during sign-in.
- LinkedIn: receives post content and your OAuth token only when you explicitly publish or schedule a post. Users can disconnect their LinkedIn account at any time, which immediately revokes access tokens and stops all data processing related to LinkedIn.
- OpenAI: receives your prompts for AI idea generation. Prompts are sent without personally identifiable information. OpenAI processes data in accordance with its API data usage policy. We do not use AI inputs to train models ourselves.
- Stripe: processes payment information directly; we do not store credit card details.
7. Google OAuth 2.0 — Limited Use Disclosure
When you sign in using your Google account, we use Google OAuth 2.0 to authenticate you. Google shares the following data with Linorida: your email address, full name, and profile picture.
We use this data solely to:
- Create and manage your Linorida account;
- Personalize your experience (e.g., display your name and avatar in the interface);
- Send you account-related and service communications.
We do NOT:
- Sell, rent, or trade data received from Google;
- Use data received from Google to train any AI or machine-learning models (including our own or any third-party LLMs);
- Share data received from Google with advertisers or data brokers;
- Use data received from Google for any purpose unrelated to operating the Service as described in this Policy.
We only share data received from Google with the infrastructure sub-processors listed in Section 4 (Subprocessors), and only to the extent strictly necessary to operate the Service (e.g., Supabase for database hosting).
You can revoke Linorida''s access to your Google account at any time by visiting https://myaccount.google.com/permissions, or by deleting your Linorida account as described in Section 30 of our Terms of Service.
Google API Services User Data Policy compliance. Linorida''s use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.
8. Your Rights Under GDPR
You have rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.
You may revoke any previously granted consent at any time through your account settings. Revocation takes effect immediately and does not affect the lawfulness of processing performed before revocation.
To exercise rights contact: privacy@linorida.com. We respond within 30 days.
9. Cookies
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| refresh_token | Session continuity — allows re-authentication without re-login | 7 days | Essential (Auth) |
| linorida_link | Temporary state during OAuth account linking | 5 minutes | Essential (Auth) |
| XSRF-TOKEN | Protects against cross-site request forgery (CSRF) attacks | Session | Essential (Security) |
Linorida uses only essential cookies required for authentication. No analytics, tracking, or advertising cookies are used without your explicit consent.
10. Contact
Data controller: efixity Maksym Rachipa
Legnicka 36 / 46
53-674 Wroclaw, Poland
Contact: team@linorida.com