Privacy Policy

Effective date: February 21, 2026

LiThoughts is a product designed and developed by SPOT369 LLC. This policy describes how we collect, use, and protect your personal information, including data accessed through the LinkedIn API.

1. Information We Collect

When you use LiThoughts, we collect:

  • Account information (name, email, profile picture) from your OAuth provider (Google or LinkedIn)
  • Voice profile data you provide during onboarding (personality traits, professional background, communication preferences)
  • Content you create (posts, edits, conversations)
  • Usage data (features used, session duration, actions taken)
  • Technical data (browser type, device type, IP address for security)

LinkedIn Profile Information: When you connect your LinkedIn account to LiThoughts, we access your name, profile picture, headline, and member ID through LinkedIn's official OAuth 2.0 authentication. This information is used to personalize your experience and enable publishing features.

LinkedIn Activity Data: When you publish posts through LiThoughts, we store the post content, publish status, scheduled times, and LinkedIn post identifiers. We collect engagement data (reaction counts by type, comment text and author names) on your published posts to provide analytics and relationship management features.

LinkedIn Authentication Tokens: We store OAuth access tokens to maintain your LinkedIn connection. These tokens are used solely to perform actions you explicitly request, including publishing posts, scheduling posts, posting comments, and creating reactions.

2. How We Use Your Information

We use your information to:

  • Generate personalized content matching your voice profile
  • Improve the Service and develop new features
  • Monitor usage for billing and rate limiting
  • Ensure security and prevent abuse
  • Communicate service updates

3. How We Use LinkedIn Data

We use LinkedIn data specifically for the following purposes:

  • Publishing posts to LinkedIn on your behalf, including scheduled posts with auto-publish
  • Tracking engagement (reactions and comments) on your published posts
  • Enabling you to react to and comment on LinkedIn posts
  • Displaying your LinkedIn profile information within the application
  • Generating content analytics and performance insights
  • Building relationship management data from comment interactions on your posts
  • Pre-filling your voice profile with LinkedIn professional details (with your explicit consent)

4. LinkedIn API Usage

  • LiThoughts accesses LinkedIn data exclusively through LinkedIn's official REST API (api.linkedin.com)
  • We use LinkedIn OAuth 2.0 for secure authentication
  • Approved API scopes: openid, profile, email, w_member_social
  • We do NOT use any scraping tools, browser extensions, or unofficial third-party access methods
  • We do NOT access your LinkedIn connections list, private messages, or other users' private profile data
  • All API calls comply with LinkedIn's API Terms of Use and rate limits

5. Data Sharing

We do not sell your personal information. We do not share your data with third parties for marketing.

  • We do NOT sell, share, rent, or distribute your LinkedIn data to any third parties
  • We do NOT use your LinkedIn data for advertising or marketing purposes
  • LinkedIn data is only transmitted between LiThoughts servers and LinkedIn's official API endpoints
  • Our AI content generation service (Google Gemini) processes post content you create but does not receive your LinkedIn profile data, tokens, or engagement data
  • Our database provider (Supabase) hosts your data under their Data Processing Agreement and does not access or use your data independently
  • No other third parties receive your LinkedIn data

6. Data Storage and Retention

LinkedIn OAuth tokens are stored in a secured PostgreSQL database (Supabase) with Row-Level Security ensuring each user can only access their own data. Authentication tokens are never exposed in client-side code, browser storage, or application logs.

Data retained while your account is active:

  • LinkedIn access token and person ID
  • LinkedIn headline and profile picture URL
  • Published post identifiers and engagement statistics
  • Comment author names and text from your published posts

On LinkedIn disconnection: Access tokens are deleted immediately.

On account deletion: All LinkedIn-related data is permanently deleted within 30 days via automated cleanup process.

Engagement data and relationship management records are retained as long as your account is active.

7. Data Security

Your data is protected by row-level security policies, ensuring only you can access your own data. All data transmission is encrypted using HTTPS/TLS.

While we take reasonable measures to protect your information, no method of electronic storage or transmission is 100% secure.

8. Third-Party Services

We use the following third-party services:

  • Google OAuth - for authentication, subject to Google's Privacy Policy
  • LinkedIn OAuth - for authentication and API access, subject to LinkedIn's Privacy Policy
  • Google Gemini AI - your voice profile and topic inputs are sent to generate content; LinkedIn profile data, tokens, and engagement data are not shared with this service
  • Vercel - hosting and serverless functions, subject to Vercel's Privacy Policy
  • Supabase - database and authentication infrastructure, subject to Supabase's Privacy Policy and Data Processing Agreement

9. Your Rights

You may:

  • Access your data through the Export Data feature in account settings
  • Delete your account and all associated data through account settings
  • Opt out of non-essential communications

10. Your Rights Regarding LinkedIn Data

  • You can disconnect your LinkedIn account at any time from within the application, which immediately deletes your stored access tokens
  • You can request a complete export of all LinkedIn-related data we store about you
  • You can request deletion of all LinkedIn-related data by contacting us or deleting your account
  • You can view which LinkedIn permissions you have granted within the application
  • Deleting your LiThoughts account permanently removes all LinkedIn data within 30 days

11. LinkedIn API Compliance

  • LiThoughts is developed by SPOT369 LLC and uses LinkedIn's official API in full compliance with LinkedIn's API Terms of Use
  • We only access data within the scope of permissions you explicitly grant during the OAuth authorization process
  • We do not scrape, crawl, cache beyond permitted limits, or collect LinkedIn data outside of official API channels
  • We implement proper rate limiting to respect LinkedIn's API quotas
  • We maintain security best practices including encrypted storage, HTTPS-only communication, and access control policies

12. Cookies

We use essential cookies for authentication and session management. We do not use advertising cookies, tracking cookies, or any third-party cookies for marketing purposes.

13. Payment and Billing Data

What We Collect

  • Billing name and email address
  • Subscription plan and billing cycle
  • Transaction history (dates, amounts, status)
  • Subscription status
  • Payment processor reference IDs

Payment Processor

Payments are processed by 2Checkout (Verifone), a PCI DSS Level 1 certified payment processor. When you make a payment, you interact directly with 2Checkout's secure checkout environment. 2Checkout's handling of your payment data is governed by their own privacy policy.

How We Use Billing Data

  • Process subscription payments and manage your plan
  • Send billing communications (receipts, renewal notices, payment failures)
  • Enforce service tier limits
  • Handle refund requests and billing disputes

Billing Data Retention

We retain billing records for as long as your account is active and for a minimum of 7 years after account closure for tax and legal compliance. Subscription status data is deleted within 30 days of account deletion.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know: Request details about personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights

To exercise these rights, contact us at [email protected]. We will respond within 45 days.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the effective date at the top. Continued use of the Service after changes constitutes acceptance.

16. Contact Information

Company: SPOT369 LLC

Address: [PENDING - US Business Address]

Product: LiThoughts

Website: lithoughts.com

Application: lithoughts.app

Email: [email protected]

For data protection inquiries, we aim to respond within 30 days.