Privacy Policy

Effective date: March 30, 2026

LiThoughts is a product designed and developed by SPOT369 LLC. This policy describes how we collect, use, and protect your personal information, including data accessed through the LinkedIn API.

1. Information We Collect

When you use LiThoughts, we collect:

  • Account information (name, email, profile picture) from your OAuth provider (Google or LinkedIn)
  • Voice profile data you provide during onboarding (personality traits, professional background, communication preferences)
  • Content you create (posts, edits, conversations)
  • Usage data (features used, session duration, actions taken)
  • Technical data (browser type, device type, IP address for security)

LinkedIn Profile Information: When you connect your LinkedIn account to LiThoughts, we access your name, profile picture, headline, and member ID through LinkedIn's official OAuth 2.0 authentication. This information is used to personalize your experience and enable publishing features.

LinkedIn Activity Data: When you publish posts through LiThoughts, we store the post content, publish status, scheduled times, and LinkedIn post identifiers. We collect engagement data (reaction counts by type, comment text and author names) on your published posts to provide analytics and relationship management features.

LinkedIn Authentication Tokens: We store OAuth access tokens to maintain your LinkedIn connection. These tokens are used solely to perform actions you explicitly request, including publishing posts, scheduling posts, posting comments, and creating reactions.

Resume Data (Optional): If you choose to upload a resume, we extract professional information to enhance your voice profile. The resume text is processed by Google Gemini to generate a structured professional context. We do not store the original resume file - only the extracted insights are saved.

Chrome Extension Data

  • The extension reads the URL and title of the page you are viewing only when you explicitly initiate a save or comment action. It does not track your browsing history or monitor your activity passively.
  • The extension stores your authentication token locally in your browser using Chrome's encrypted storage (chrome.storage.local). This token is used to authenticate API requests to lithoughts.app.
  • The extension injects a notification script on LinkedIn.com pages only, to display confirmation messages when you save an inspiration or generate a comment.
  • The extension communicates exclusively with the LiThoughts backend (lithoughts.app) using the same API endpoints and authentication as the web application. No data is sent to any third party from the extension.
  • All data saved through the extension (inspirations, comments) is stored on the same backend and subject to the same privacy protections as data created through the web application.
  • The extension requires the following browser permissions: storage (to keep you signed in), activeTab (to read the current page when you choose to save it), tabs (to detect LinkedIn and YouTube pages), identity (to sign in with Google), scripting (to show notifications on LinkedIn), and contextMenus (to provide a right-click save option).

Third-Party Engagement Data

When you use the Relationship Tracker and engagement tracking features (available to Influencer Lite, Influencer Pro, and Agency subscribers), LiThoughts collects limited publicly available information about people who comment on your LinkedIn posts. This includes:

  • Display name and professional headline as shown on their LinkedIn comment
  • A count of their comments on your posts and engagement frequency
  • An automatically calculated engagement score based on comment frequency and recency

This data is sourced from LinkedIn's public API and is used solely to help you manage your professional relationships. We do not contact these individuals, share their data with third parties, or use it for any purpose other than displaying it within your LiThoughts account. This data is deleted when you delete your LiThoughts account.

2. How We Use Your Information

We use your information to:

  • Generate personalized content matching your voice profile
  • Improve the Service and develop new features
  • Monitor usage for billing and rate limiting
  • Ensure security and prevent abuse
  • Communicate service updates

3. How We Use LinkedIn Data

We use LinkedIn data specifically for the following purposes:

  • Publishing posts to LinkedIn on your behalf, including scheduled posts with auto-publish
  • Tracking engagement (reactions and comments) on your published posts
  • Enabling you to react to and comment on LinkedIn posts
  • Displaying your LinkedIn profile information within the application
  • Generating content analytics and performance insights
  • Building relationship management data from comment interactions on your posts
  • Pre-filling your voice profile with LinkedIn professional details (with your explicit consent)

4. LinkedIn API Usage

  • LiThoughts accesses LinkedIn data exclusively through LinkedIn's official REST API (api.linkedin.com)
  • We use LinkedIn OAuth 2.0 for secure authentication
  • Approved API scopes: openid, profile, email, w_member_social
  • We do NOT use any scraping tools, browser extensions, or unofficial third-party access methods
  • We do NOT access your LinkedIn connections list, private messages, or other users' private profile data
  • All API calls comply with LinkedIn's API Terms of Use and rate limits

5. Data Sharing

We do not sell your personal information. We do not share your data with third parties for marketing.

  • We do NOT sell, share, rent, or distribute your LinkedIn data to any third parties
  • We do NOT use your LinkedIn data for advertising or marketing purposes
  • LinkedIn data is only transmitted between LiThoughts servers and LinkedIn's official API endpoints
  • Our AI content generation service (Google Gemini) processes post content you create but does not receive your LinkedIn profile data, tokens, or engagement data
  • Our database provider (Supabase) hosts your data under their Data Processing Agreement and does not access or use your data independently
  • No other third parties receive your LinkedIn data

6. Data Storage and Retention

LinkedIn OAuth tokens are stored in a secured PostgreSQL database (Supabase) with Row-Level Security ensuring each user can only access their own data. Authentication tokens are never exposed in client-side code, browser storage, or application logs.

Data retained while your account is active:

  • LinkedIn access token and person ID
  • LinkedIn headline and profile picture URL
  • Published post identifiers and engagement statistics
  • Comment author names and text from your published posts

On LinkedIn disconnection: Access tokens are deleted immediately.

On account deletion: All LinkedIn-related data is permanently deleted within 30 days via automated cleanup process.

Engagement data and relationship management records are retained as long as your account is active.

7. Data Security

Your data is protected by row-level security policies, ensuring only you can access your own data. All data transmission is encrypted using HTTPS/TLS.

While we take reasonable measures to protect your information, no method of electronic storage or transmission is 100% secure.

8. Third-Party Services

We use the following third-party services:

  • Google OAuth - for authentication, subject to Google's Privacy Policy
  • LinkedIn OAuth - for authentication and API access, subject to LinkedIn's Privacy Policy
  • Google Gemini AI - your voice profile and topic inputs are sent to generate content; LinkedIn profile data, tokens, and engagement data are not shared with this service. If you upload a resume, the extracted text is sent to Google Gemini for professional profile analysis. Only the structured insights are stored.
  • Vercel - hosting and serverless functions, subject to Vercel's Privacy Policy
  • Supabase - database and authentication infrastructure, subject to Supabase's Privacy Policy and Data Processing Agreement
  • Google Chrome - The LiThoughts Chrome Extension operates within Google Chrome's extension framework. Chrome's handling of extension data is subject to Google's Privacy Policy.

9. Your Rights

You may:

  • Access your data through the Export Data feature in account settings
  • Delete your account and all associated data through account settings
  • Opt out of non-essential communications

10. Your Rights Regarding LinkedIn Data

  • You can disconnect your LinkedIn account at any time from within the application, which immediately deletes your stored access tokens
  • You can request a complete export of all LinkedIn-related data we store about you
  • You can request deletion of all LinkedIn-related data by contacting us or deleting your account
  • You can view which LinkedIn permissions you have granted within the application
  • Deleting your LiThoughts account permanently removes all LinkedIn data within 30 days

11. LinkedIn API Compliance

  • LiThoughts is developed by SPOT369 LLC and uses LinkedIn's official API in full compliance with LinkedIn's API Terms of Use
  • We only access data within the scope of permissions you explicitly grant during the OAuth authorization process
  • We do not scrape, crawl, cache beyond permitted limits, or collect LinkedIn data outside of official API channels
  • We implement proper rate limiting to respect LinkedIn's API quotas
  • We maintain security best practices including encrypted storage, HTTPS-only communication, and access control policies

12. Cookies

We use essential cookies for authentication and session management. We do not use advertising cookies, tracking cookies, or any third-party cookies for marketing purposes.

13. Payment and Billing Data

What We Collect

  • Billing name and email address
  • Subscription plan and billing cycle
  • Transaction history (dates, amounts, status)
  • Subscription status
  • Payment processor reference IDs

Payment Processor

Payments are processed by 2Checkout (Verifone), a PCI DSS Level 1 certified payment processor. When you make a payment, you interact directly with 2Checkout's secure checkout environment. 2Checkout's handling of your payment data is governed by their own privacy policy.

How We Use Billing Data

  • Process subscription payments and manage your plan
  • Send billing communications (receipts, renewal notices, payment failures)
  • Enforce service tier limits
  • Handle refund requests and billing disputes

Billing Data Retention

We retain billing records for as long as your account is active and for a minimum of 7 years after account closure for tax and legal compliance. Subscription status data is deleted within 30 days of account deletion.

14. California Privacy Rights (CCPA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA):

  • Right to Know - You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business purpose for collecting the information, and the categories of third parties with whom we share the information.
  • Right to Delete - You have the right to request deletion of your personal information. You can delete your account and all associated data through the Account Settings page in the application.
  • Right to Opt-Out of Sale - SPOT369 LLC does not sell your personal information to third parties.
  • Right to Non-Discrimination - We will not discriminate against you for exercising any of your CCPA rights.

To exercise these rights, contact us at [email protected] or use the account management features within the application. We will respond to verifiable requests within 45 days.

15. Children's Privacy

LiThoughts is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under 18 years of age. If you are under 18, please do not create an account or submit any personal information through the service. If we become aware that we have collected personal information from someone under 18, we will take steps to delete that information promptly. If you believe that a person under 18 has provided us with personal information, please contact us at [email protected].

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the effective date at the top. Continued use of the Service after changes constitutes acceptance.

17. Contact Information

Company: SPOT369 LLC

Business Address: 30 N Gould St Ste R, Sheridan, WY 82801

Phone: +1 (307) 292-2987

Email: [email protected]

Website: lithoughts.com

Application: lithoughts.app

For data protection inquiries, we aim to respond within 30 days.