1. Data We Collect

Account and Contact Information:

Name, email, password (hashed), team or workspace info

Billing Information:

Company, VAT or tax ID, billing address, plan details, transactions; cards are processed by Stripe, we do not store full card numbers

Usage and Telemetry:

Feature events, timestamps, error logs, referral or UTM

Device and Technical:

IP, browser or OS, language, region, cookies or IDs

Communications and Feedback:

Support requests, surveys, testimonials

LinkedIn via Sync (only when you click Sync):

Content and metadata you can normally view on linkedin.com such as post text, timestamps, reactions or comments or shares counts, profile or page identifiers and URLs, hashtags, visible analytics signals; for Business plans, peer or competitor posts you can view

What We Don't Collect:

Not by default: LinkedIn direct messages unless a separate setting is offered and you enable it
Never: Your LinkedIn password or CAPTCHA bypass

2. Why We Use Data and Legal Bases

Run your account and core Service: contract

Provide ideas, hooks, prompts, and dashboards: contract

Sync when you click it: consent plus contract; legitimate interests for maintenance and improvement

Payments and tax: contract; legal obligation

Support, security, fraud or abuse prevention: legitimate interests; legal obligation

Product analytics to improve: legitimate interests; consent where cookies are non-essential

Email onboarding and product updates: consent or soft opt-in where allowed; you can opt out any time

You can withdraw consent at any time, for example by not using Sync and by managing cookie preferences. Prior processing remains lawful.

3. Your Controls and Responsibilities for Extension

There is no toggle. Clicking Sync starts a collection of your LinkedIn data. To stop new collection, uninstall the extension. To remove existing synced data, delete your What2Post account. We delete synced data from active systems within 7 days and from backups and logs within 30 days; after that we do not retain synced data, subject to legal holds. You are responsible for having rights and permissions to data you Sync and for complying with LinkedIn's terms.

4. Cookies and Analytics

We use necessary cookies for login and security. Analytics such as Google Analytics, Amplitude, or Mixpanel help improve the product; in the EU or UK these are opt-in. Manage preferences via our cookie banner and your browser. Some features may not work without certain cookies.

5. Sharing and No Selling

We share personal data only with service providers under contract, for example Stripe for payments, hosting or cloud or CDN providers (for example Vercel, AWS, or GCP), analytics (Google Analytics, Amplitude, Mixpanel), email providers (for example Postmark, SendGrid, or similar), logging or monitoring (for example Sentry or Datadog), and AI providers used to generate ideas, hooks, or prompts. We may share with advisors or authorities where required, and during a merger or acquisition. A list of sub-processors is available on request.

6. International Transfers

Where data leaves the EEA or UK, we use lawful safeguards such as EU Standard Contractual Clauses and the UK Addendum. Details available on request.

7. Retention and Deletion

Account data: while active plus 24 months

Billing and transactions: 7-10 years for tax law

Usage and telemetry: 24 months, then aggregated or anonymized

Sync cache and content: typically 12 months rolling; aggregated insights may be retained longer

Support and feedback: 24 months after resolution

Request deletion at support@what2postapp.com. We may require identity verification.

8. Security and Breach Notice

We use reasonable safeguards including TLS, access controls, MFA for internal tools, logging and alerting, and backups. No system is 100% secure. If a personal-data breach occurs, we will notify the authority without undue delay and, where required, affected users.

9. EU/UK Withdrawal (Digital Services)

If you request immediate access, you consent to start now and acknowledge you may lose the 14-day right of withdrawal once service begins.

10. Changes

We may update this Policy. We will change the Effective date and seek consent for material changes where required. Continued use means you accept the updated Policy.

Data Protection Rights

You have rights regarding your personal data, including access, rectification, erasure, portability, and objection. Contact us to exercise these rights.

For questions about this Privacy Policy or your data, please contact us at support@what2postapp.com