Privacy Policy

LinkPilot is a LinkedIn outreach automation tool operated by NoFluff Pro (Gaganinder Goyal), Mohali, Punjab, India. We are the data controller for personal data processed through the Service. Contact: gavish@nofluff.pro.

We collect the following categories of personal data:

• Account data: Your email address, hashed password, and workspace name when you register.
• LinkedIn session credentials: Your LinkedIn session cookie (li_at) and optional JSESSIONID. These are stored only on your own server. If you use the Chrome extension, the cookie lives in your browser — it is never transmitted to our servers or any third party. The cookie is used solely to authenticate outreach actions on your behalf.
• Lead data: Names, LinkedIn profile URLs, email addresses, job titles, and other professional information about the contacts you import via CSV, Apify, or manual entry. This data belongs to you.
• Campaign and activity data: Which leads were invited, messaged, or engaged; timestamps; acceptance/reply status; sequence steps.
• AI prompt data: If you enable AI personalisation, connection note templates and lead snippets are sent to OpenAI's API to generate personalised messages. We do not store these prompts beyond the API call.
• Usage and log data: IP address, browser/device type, pages visited, and errors — for security and debugging.
• Payment data: Stripe handles all payment processing. We receive a customer ID and subscription status from Stripe; we do not store full card numbers.

• We do not read or store your LinkedIn direct messages unless an explicit future feature requires it and you grant permission.
• We do not sell your data to advertisers or data brokers — ever.
• We do not use your lead data to train AI models.

We use your personal data to:

• Authenticate you and run your LinkPilot workspace.
• Execute outreach automation actions (invites, messages, engagement) on your behalf using your LinkedIn session credentials.
• Generate AI-personalised connection notes via OpenAI (if enabled).
• Send transactional emails (account creation, billing notifications).
• Detect fraud, abuse, and security incidents.
• Improve the Service based on aggregated, anonymised usage patterns.

We use the following sub-processors who may process personal data on our behalf:

• Stripe — Payment processing and subscription management. Stripe's privacy policy applies to payment data.
• OpenAI — AI message personalisation (if you enable this feature). Lead name/title/company snippets are sent to OpenAI's API. OpenAI's data processing agreement applies.
• Apify — Lead data enrichment (if you use the Apify Import feature). Apify's privacy policy applies.

We do not share your data with any other third parties without your explicit consent, except as required by law.

We retain your account and lead data for as long as your account is active. If you delete your account (via Settings → Danger Zone or by emailing us), we will delete your personal data within 30 days. Backups may retain data for up to an additional 90 days before purging.

Aggregated, anonymised analytics are retained indefinitely for product improvement purposes.

Passwords are stored as salted PBKDF2 hashes — never in plain text. Sessions are encrypted using iron-session (AES-256). All data in transit is protected by TLS/HTTPS.

While we implement industry-standard security practices, no system is 100% secure. You use the Service at your own risk.

If you are located in the European Economic Area, United Kingdom, or another jurisdiction with privacy rights legislation, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Object to or restrict processing of your data.
• Receive a copy of your data in a portable format.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email gavish@nofluff.pro with the subject line "Data Request". We will respond within 30 days.

LinkPilot uses a single session cookie (lp_session) for authentication. We do not use third-party advertising cookies or tracking pixels.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or an in-app notice. Continued use of the Service after the effective date of a change constitutes acceptance.

For privacy-related questions or data requests: gavish@nofluff.pro. We aim to respond within 5 business days.