Privacy Policy
LinkyBot Privacy Policy
Effective Date: October 18, 2024
Last Updated: June 3, 2026
This Privacy Policy explains how LinkyBot LLC, a California limited liability company ("LinkyBot," "we," "our," or "us"), collects, uses, shares, and protects personal information when you visit linkybot.ai, become a client, or interact with our services. LinkyBot provides fully managed LinkedIn outreach and lead generation services for business clients (the "Service"). By using our website or the Service, you agree to the practices described in this policy.
1. Our Two Roles: Business and Service Provider
We handle personal information in two distinct capacities, and your rights depend on which category applies to you.
- As a business (controller). For information about our clients, website visitors, and prospective clients of LinkyBot itself, we decide how and why the data is used. This policy fully governs that data.
- As a service provider (processor). When we run LinkedIn outreach campaigns on behalf of a client, we process prospect data under that client's instructions. For that data, our client is the business (controller) and we act as a service provider under the California Consumer Privacy Act (CCPA) and as a processor under the EU General Data Protection Regulation (GDPR), where applicable. We process campaign data only to deliver the Service and never for our own marketing purposes.
If you received a LinkedIn message or email through a campaign we manage, the company that engaged us determined the purpose of that outreach. Section 9 explains how to direct privacy requests about campaign data.
2. Information We Collect
2.1 Information from Clients
When you sign up for the Service, purchase a subscription, or contact us, we collect:
- Identity and contact data: name, email address, phone number, company name, job title, and mailing address.
- Billing data: payment card details and billing address, processed by our payment processor. We do not store full card numbers on our systems.
- LinkedIn account data needed to operate your campaigns, such as your public profile information and campaign settings. We do not store your LinkedIn password.
- Campaign content and preferences: targeting criteria, message templates, and approval decisions.
- Communications: emails, support requests, and call or meeting notes.
2.2 Prospect Data Processed on Behalf of Clients
To execute client campaigns, we process information about the business prospects our clients direct us to contact:
- Publicly available LinkedIn profile data: name, headline, job title, employer, location, and profile URL.
- Business contact information, such as a work email address, where provided by the client or obtained through campaign responses.
- Engagement data: connection status, message history, and reply content within the campaign.
We collect this data from public LinkedIn profiles, from our clients, and from prospects' own responses. We act as a service provider for this data as described in Section 1.
2.3 Information Collected Automatically
When you visit linkybot.ai, we and our providers automatically collect device and usage data, including IP address, browser type, operating system, referring pages, pages viewed, and time on site. See Section 7 for the cookies and analytics tools we use.
3. How We Use Information
We use personal information to:
- Provide, operate, and maintain the Service, including running client campaigns.
- Process payments and manage accounts and subscriptions.
- Communicate with clients about the Service, including updates, reports, and support.
- Send marketing communications about our own services, which you can opt out of at any time.
- Monitor, analyze, and improve our website and the Service.
- Detect, prevent, and address fraud, abuse, and security incidents.
- Comply with legal obligations and enforce our agreements.
We do not use client or prospect data to train artificial intelligence models. Where we use AI tools to help deliver the Service, data is used only to perform the task at hand and is not retained by us for model training.
Legal Bases (EEA and UK Residents)
Where the GDPR or UK GDPR applies, we rely on: performance of a contract (delivering the Service to clients); legitimate interests (operating and improving the Service, B2B outreach conducted on clients' behalf, and securing our systems); consent (where required, such as for certain cookies or marketing); and legal obligation (tax, accounting, and compliance records).
4. How We Share Information
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We share information only in the following circumstances.
4.1 Sub-Processors and Service Providers
We use a small number of vetted providers to operate the Service. Each receives only the data needed for its function and is bound by contractual confidentiality and data protection obligations.
| Provider | Service | Data Involved |
|---|---|---|
| GoHighLevel (LeadConnector) | CRM, marketing automation, email and SMS delivery, website hosting | Client account and contact data; prospect contact and engagement data |
| Ulinc | LinkedIn outreach automation | Prospect LinkedIn profile data; connection and message activity |
| Supabase | Database and backend infrastructure | Client and prospect records processed by our systems |
| Stripe | Payment processing | Client billing and payment information |
| Google Workspace | Business email and productivity | Client communications |
We will update this list when we add or replace a provider that handles personal information.
4.2 Legal Compliance
We may disclose information when required by law, subpoena, or court order, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud.
4.3 Business Transfers
If LinkyBot LLC is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected users of any such change and any choices they have regarding their data.
5. We Do Not Sell or Share Your Personal Information
LinkyBot does not sell personal information for monetary or other valuable consideration, and does not share personal information with third parties for cross-context behavioral advertising, as those terms are defined under California law. Because we do not sell or share personal information, no opt-out is required. If our practices ever change, we will update this policy, provide the required "Do Not Sell or Share My Personal Information" mechanism, and give at least thirty (30) days' notice as described in Section 13.
6. Data Retention
We retain personal information for as long as needed to deliver the Service and meet our legal obligations:
- Client account and campaign data: retained for the duration of your subscription and deleted within thirty (30) days after your subscription ends, consistent with our Terms of Service.
- Prospect data processed for a client: retained for the duration of that client's campaign and subscription, then deleted on the same 30-day schedule, unless the client instructs earlier deletion.
- Billing, tax, and legal records: retained as required by applicable law, typically up to seven (7) years.
- Website analytics data: retained for fourteen (14) months per our analytics tool settings.
7. Cookies and Analytics
Our website uses the following tracking technologies:
- Google Analytics 4 (GA4) for site traffic and usage measurement. You can opt out using the Google Analytics opt-out browser add-on at tools.google.com/dlpage/gaoptout.
- GoHighLevel (LeadConnector) scripts that power our forms, chat widget, scheduling, and site analytics.
You can also control cookies through your browser settings, including blocking or deleting them. Disabling cookies may limit some site functionality. We do not run third-party advertising pixels on our website.
Because some browsers' Global Privacy Control (GPC) and Do Not Track signals lack a common standard, and because we do not sell or share personal information, our site does not respond differently to those signals.
8. Data Security
We use commercially reasonable administrative, technical, and physical safeguards to protect personal information, including encryption in transit, access controls, and vendor due diligence. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Breach Notification
If a security incident affects your personal information, we will notify affected clients and individuals without undue delay and in accordance with applicable breach notification laws, including California Civil Code section 1798.82. For campaign data we process as a service provider, we will notify the affected client promptly so they can meet their own notification obligations.
9. Your Privacy Rights
Subject to applicable law, you may request to access, correct, or delete the personal information we hold about you, object to or restrict certain processing, and receive a copy of your data in a portable format. To exercise any right, email [email protected] with the subject line "Privacy Request." We will verify your identity and respond within the time required by applicable law. We will not discriminate against you for exercising your rights.
9.1 California Residents
California residents have rights under the CCPA, as amended by the CPRA, including the rights to know, delete, and correct personal information, and the right to non-discrimination. As stated in Section 5, we do not sell or share personal information and do not use sensitive personal information for purposes requiring a right to limit. You may use an authorized agent to submit a request; we will require proof of authorization and verification of your identity.
9.2 Canadian Residents
We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) for personal information of Canadian residents. You may request access to and correction of your personal information and may withdraw consent to its use, subject to legal and contractual restrictions. You may also challenge our compliance by contacting us, and you have the right to complain to the Office of the Privacy Commissioner of Canada.
9.3 Australian Residents
We handle personal information of Australian residents consistent with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You may request access to and correction of your personal information. If you believe we have breached the APPs, you may complain to us and, if unresolved, to the Office of the Australian Information Commissioner (OAIC).
9.4 EEA and UK Residents
Although our Service is directed to clients in the United States, Canada, and Australia, individuals in the European Economic Area or United Kingdom whose data we process have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority. Where we transfer EEA or UK personal data to the United States, we rely on appropriate safeguards such as Standard Contractual Clauses.
9.5 Requests About Campaign Data (Prospects)
If your information was processed as part of a campaign we ran for a client, we may refer your request to that client or handle it on their instructions, as required of a service provider. Either way, if you ask us to stop contacting you, we will add you to our suppression list and cease outreach to you across the Service.
10. International Data Transfers
We are based in the United States and process data on servers located in the United States. If you access the Service from Canada, Australia, or elsewhere, you understand that your information will be transferred to and processed in the United States, where privacy laws may differ from those in your jurisdiction. We protect transferred data using the safeguards described in this policy and, where legally required, approved transfer mechanisms.
11. Children's Privacy
The Service is a business tool intended for users who are at least eighteen (18) years old, consistent with our Terms of Service. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will delete it promptly.
12. Third-Party Sites and LinkedIn
Our website and the Service link to or interact with third-party platforms, including LinkedIn. Your use of LinkedIn is governed by LinkedIn's own User Agreement and Privacy Policy. We are not responsible for the privacy practices of third-party sites, and we encourage you to review their policies.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If changes are material, we will provide notice by email or through a prominent notice on our website at least thirty (30) days before the changes take effect, consistent with our Terms of Service. The "Last Updated" date at the top of this policy shows when it was most recently revised.
14. Contact Us
LinkyBot LLC
351 Paseo Nuevo, 2nd Floor, Santa Barbara, CA 93101
Email: [email protected] (use subject line "Privacy Request" for rights requests)
Phone: (805) 665-7517
© Copyright. LinkyBot AI 2025. All Rights Reserved