Skip to main content

Privacy Policy

Last Updated: December 17, 2025

What the Flutter OÜ (“What the Flutter,” “we,” “us,” or “our”) operates the Linked API service. What the Flutter OÜ is an Estonian private limited company (registered address: Ahtri tn 12, Kesklinna linnaosa, Tallinn 15551, Harju maakond, Estonia). This Privacy Policy explains how we collect, use, share, and protect personal data in connection with Linked API. By using Linked API, you acknowledge that you have read and understood this Privacy Policy. We are committed to transparency and protecting your privacy in accordance with applicable laws including the GDPR and CCPA.

Information We Collect

We collect various types of information to provide and improve our service:

  • Account Information: When you register for Linked API, we collect personal information such as your name, email address, company name, billing information, and account credentials. This information is necessary to create and maintain your user account and communicate with you.
  • LinkedIn Account Data: If you choose to connect your LinkedIn account to Linked API, we may store encrypted session cookies and/or authentication tokens associated with that account to enable the Service. We do not request, collect, or store your LinkedIn password. Any password you enter in a LinkedIn login form is provided to LinkedIn and is not stored by us. LinkedIn session data is stored in encrypted form and is used solely to perform the actions you authorize via the Service.
  • Usage Data: We automatically collect information about how you interact with Linked API. This includes server logs (e.g. IP address, browser type, device information, and timestamps of API requests), usage metrics (such as the number and frequency of API calls, workflow execution details), and cookies or similar tracking technologies on our website or dashboard. This data helps us monitor system performance, ensure security, prevent fraud, and improve our services.
  • System Operational Data: We store various types of operational data necessary for the proper functioning of our service, including but not limited to: workflow configurations, task queues, execution histories, system preferences, feature settings, integration parameters, and error logs. This information is essential for maintaining continuity of service, providing technical support, enabling system functionality, and optimizing performance.
  • Third-Party Data via LinkedIn: Through Linked API’s features, you may retrieve data from LinkedIn (e.g. public LinkedIn profile information, company data, posts, etc.). When you use our platform to collect or process personal data from LinkedIn about other individuals (such as names, job titles, or other profile details of LinkedIn users), you as the user are the data controller for that information. What the Flutter acts as a data processor on your behalf for such LinkedIn-derived personal data. This means we handle that data only according to your instructions (by providing the technical means to retrieve and deliver it to you) and do not use it for our own purposes. It is your responsibility to ensure you have a lawful basis (such as consent or legitimate interest) for collecting and using any personal data of third parties obtained via Linked API. We do not sell LinkedIn-derived data and we do not use it for our own independent purposes (such as building separate datasets or profiling LinkedIn members). To provide the Service, we may process and store limited LinkedIn-derived data that is necessary to deliver and retain your workflow history and results, as described in the Data Retention section.

How We Use Personal Data

We use the collected information for the following purposes:

  • Providing the Service: We process your personal data to authenticate you, connect to LinkedIn on your behalf, execute your requested workflows/actions, and generally provide the Linked API functionality you subscribe to. For example, your LinkedIn authentication token is used to log into your LinkedIn account in a secure cloud browser environment and carry out the actions you initiate (like sending connection requests or retrieving profile data).
  • Service Administration and Communications: We use your contact information (email, name) to send service-related communications such as account confirmations, notifications of workflow results, important updates, security alerts, and administrative messages. We may also send you informational updates about new features or tips for using Linked API. You can opt out of non-essential communications (such as marketing emails) at any time.
  • Improvement and Analytics: Usage Data is utilized to analyze trends, debug issues, and improve our platform’s performance and features. For instance, understanding how users utilize certain API endpoints can help us optimize execution speed or user experience. We may use third-party analytics tools (e.g., Google Analytics) that deploy cookies or similar technologies on our website to collect anonymous information about user interactions. These analytics providers process data only on our instructions and for our purposes.
  • Customer Support: If you contact us for support, we will use your contact information and any information you provide about your issue to help resolve your questions or troubleshoot problems. We may also review your recent API usage or error logs to diagnose technical issues.
  • Security and Fraud Prevention: We may process personal data (like IP addresses or account activity) to monitor for suspicious or fraudulent activity, enforce our Terms of Use, and protect the integrity of our service. This includes using automated systems to detect misuse of Linked API (such as using it in ways that violate LinkedIn’s policies or our terms) and taking action to prevent harm, such as rate-limiting or suspending accounts involved in abuse.
  • Compliance with Legal Obligations: If required by law or legal process, we may use and disclose personal data to respond to government requests, comply with court orders or regulations, or otherwise as required to meet our legal obligations. We also retain certain data as necessary to comply with accounting, taxation, and record-keeping requirements.
  • Marketing: We may use your contact information to send newsletters, promotional materials, or inform you of new products and services from What the Flutter OÜ or our partners. You can unsubscribe from marketing emails at any time, and we do not send these without either your opt-in consent or a legitimate interest basis as allowed by law.

Our processing of your personal data is typically justified by one or more of the following legal bases: (a) the processing is necessary for the performance of a contract (providing you the Linked API service as per our Terms of Use), (b) it is in our legitimate interests to maintain and improve our services (and such interests are not overridden by your data protection rights), or (c) we have obtained your consent. For any special cases where another legal basis might apply, we will rely on your consent or compliance with a legal obligation, as appropriate.

Cookies and Tracking Technologies

Linked API’s website and web dashboard use cookies and similar tracking technologies to provide and personalize the service:

  • Essential Cookies: We use cookies necessary for our site to function, such as keeping you logged in to your account and maintaining session security. Without these, the service may not work properly.
  • Analytics and Performance Cookies: With your consent where required, we use cookies or third-party tools to collect Usage Data about how visitors use our site (pages viewed, actions taken, time spent, etc.). This information is generally aggregated and helps us improve the usability and content of our website.
  • No Sale of Data via Cookies: We do not allow third-party ad networks to collect your data for advertising purposes on our site, and we do not sell any personal information via cookies.

You can control or delete cookies through your browser settings. However, be aware that disabling certain cookies could affect the availability and functionality of Linked API’s online features.

How We Share Information

We value your privacy and do not sell your personal information to third parties. We only share your data in limited circumstances, as described below:

  • With Service Providers: We may share data with trusted third-party service providers who perform functions on our behalf. For example, this includes cloud hosting providers (for our servers and databases), payment processors (to handle subscription billing securely – note that we do not receive or store full credit card numbers; payments are handled by compliant third-party processors), email delivery services (to send verification codes or notifications), and analytics tools. These providers are given access only to the information necessary to fulfill their tasks and are contractually obligated to protect your data and use it solely for providing services to us. They act under our instructions and are bound by data processing agreements as needed (ensuring GDPR compliance for EU user data).
  • Within What the Flutter OÜ: Personal data may be shared among our team and controlled affiliates on a need-to-know basis, for purposes of development, customer support, or decision making related to the service. All our employees and contractors are subject to confidentiality obligations regarding personal data. We design our cloud browser environment to be programmatically isolated and to prevent routine human access to your authenticated LinkedIn session. Access to production systems is restricted to authorized personnel on a need‑to‑know basis, is logged and audited, and any exceptional access follows documented internal procedures and is used only where necessary for security, incident response, or support (where permitted).
  • For Legal Reasons: We may disclose your information if required to do so by law or pursuant to a valid legal process (such as a subpoena, court order, or search warrant). We may also disclose data if we believe in good faith that it is necessary to investigate or prevent fraud, protect the safety of any person, or enforce our Terms of Use or other agreements. In case of a dispute or legal claim involving your use of Linked API, we may preserve and share relevant data as needed to resolve the issue.
  • Business Transfers: If What the Flutter OÜ is involved in a merger, acquisition, sale of assets, bankruptcy, or reorganization, your information may be transferred to a successor or affiliate as part of that transaction. Should such a transfer occur, we will ensure the new entity honors the commitments we have made in this Privacy Policy or provide you notice and opportunity to opt-out of the transfer of your personal data.
  • With Your Consent: In situations where you explicitly request or consent to a specific data sharing (for example, if you integrate Linked API with another third-party service and that integration needs to send certain data to the third party at your request), we will share your information only to the extent you have agreed.

Aside from the purposes described above, we will not share, rent, or trade your personal information with third parties for their own promotional purposes.

Data Security

We take security very seriously and implement a range of technical and organizational measures to safeguard your data:

  • Encryption: All network communication with Linked API (including API calls, dashboard interactions, and LinkedIn session handling) is encrypted via HTTPS/TLS. Sensitive credentials such as LinkedIn authentication tokens are encrypted at rest in our databases.
  • Cloud Browser Isolation: Each LinkedIn account connected through Linked API runs in its own isolated cloud-based browser environment. This means your LinkedIn session (including cookies and any data loaded during automation workflows) is contained and not accessible by other users or even by our own staff. The design ensures that only automated processes can control the browser, reducing human access to your LinkedIn data.
  • Access Controls: Internally, we restrict access to production systems and databases to authorized personnel with a legitimate need. Administrative access to servers or data stores requires authentication and is logged and audited. No single employee has unilateral access to all user data; access is compartmentalized.
  • Monitoring and Patching: We regularly update our software and third-party libraries to address security vulnerabilities. Our systems are monitored for intrusions or anomalies. We also employ firewalls and other protective mechanisms to prevent unauthorized system access.
  • Employee Training and Policies: Our team members are trained on data protection best practices and are required to adhere to confidentiality agreements. We maintain privacy and security policies to guide our handling of personal data.

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. Therefore, while we strive to protect your personal data, we cannot guarantee absolute security. In the unlikely event of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law.

Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy or as required by law:

  • Account Information: We keep your account registration details and profile information as long as your account is active. If you delete your Linked API account or request deletion, we will remove or anonymize your personal data from our active databases, generally within 30 days (except as noted below for legal requirements). Some residual data may temporarily remain in backups, which will be purged according to our regular backup retention schedule.
  • LinkedIn Account Data: If you disconnect a LinkedIn account from our service or close your account, any stored tokens/cookies for that LinkedIn account are deleted or rendered unusable. We will not continue to access your LinkedIn account once you’ve removed it or left the service.
  • Usage Data: Our server logs and analytics records are generally retained for a limited period (e.g., 6–12 months) unless we need to retain them longer for security analyses or legal purposes. We use these aggregated logs to analyze system performance and usage patterns over time.
  • System Operational Data: We store operational data necessary for the proper functioning of the Service, including workflow configurations, task queues, execution metadata and histories, system preferences, feature settings, integration parameters, and error logs. Depending on your use of the Service, this may also include stored workflow results (which may contain LinkedIn-derived data) so that you can access your workflow history and results. You may request deletion of such stored results as described below.
  • Legal Obligations and Disputes: We may retain certain information if necessary to comply with legal obligations (for instance, transaction records for accounting, or information required by financial regulations) or to resolve disputes/enforce our agreements. In such cases, we will retain data only for the period required by applicable law or the duration of the dispute and then delete it when no longer necessary.

After the applicable retention periods, we will securely erase or anonymize personal data. Where data is anonymized (so it can no longer be associated with an individual), we may retain it indefinitely for statistical purposes without further notice to you.

International Data Transfers

Our primary data processing occurs within the European Union. For any data transferred outside the EU/EEA, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission. As an Estonian company, What the Flutter is subject to GDPR and processes data in accordance with EU data protection standards.

Your Rights and Choices

General Rights: Depending on your location and applicable privacy laws, you have certain rights regarding your personal data. We honor all requests to the extent required by law and will extend these rights as a courtesy in other regions where feasible. These rights may include:

  • Access and Portability: You have the right to request a copy of the personal data we hold about you and to obtain information about how we process it. We will provide this in a readily accessible format. For EU users, you may also request that we transfer your data to another controller where technically possible (data portability).
  • Correction: If any of your personal information is inaccurate or incomplete, you have the right to ask us to correct or update it. You can also update most of your basic account information directly through your Linked API account settings.
  • Deletion: You have the right to request deletion of your personal data. Upon verified request, we will delete the information we hold about you, except for data we are obligated to retain for legal or legitimate business purposes (as described in Data Retention above). If you request deletion, note that this may involve closing your account. Certain usage logs or aggregated data may not be completely erased but will no longer be attributable to you.
  • Restriction of Processing: You can ask us to restrict processing of your data in certain circumstances – for example, if you contest the accuracy of the data or object to us processing it on the basis of our legitimate interests. We will mark the data as restricted and only process it for specific purposes (like with your consent or for legal claims) while the restriction is in place.
  • Objection to Processing: If we are processing your data based on legitimate interests, you have the right to object to that processing. This includes the right to object at any time to processing of your personal data for direct marketing purposes. If you object, we will reconsider our justifications for processing your data and will cease the processing if your rights outweigh our interests.
  • Withdraw Consent: Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it may take some time to fully implement.
  • Right to Lodge a Complaint: If you believe that our processing of your personal data infringes applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. For users in the EU, you may
    contact the supervisory authority in your country of residence, or the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at aki.ee.

To exercise any of these rights, please contact us at the contact information provided below. We will respond to your request within a reasonable timeframe and in accordance with applicable law (typically within 30 days for GDPR rights). We may need to verify your identity (for example, by requiring you to provide information or log in to your account) before executing certain requests, to ensure that we do not disclose or delete data incorrectly at the request of someone else.

California Privacy Rights (CCPA/CPRA): If you are a resident of California, U.S., you are entitled to the following rights under the California Consumer Privacy Act (as amended by the CPRA):

  • Right to Know: You may request information about the categories of personal information we have collected about you, the categories of sources of that information, the business or commercial purposes for collecting or sharing the information, the categories of third parties with whom we share personal information, and the specific pieces of personal information we have collected about you in the past 12 months.
  • Right to Delete: You may request that we delete personal information we have collected from you (with certain exceptions – for example, we may retain data necessary to complete a transaction, detect security incidents, comply with legal obligations, etc.).
  • Right to Correct: You may request that we correct inaccurate personal information that we maintain about you.
  • Right to Opt-Out of Sale/Sharing: We do not sell personal information to third parties for monetary consideration. We also do not share personal information for cross-context behavioral advertising in a manner that would trigger opt-out rights under California law. Therefore, there is no need to opt out of the sale or sharing of your data from Linked API.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means we will not deny you our services, provide a different level or quality of service, or charge a different price (unless the difference is reasonably related to the value of your data, as permitted by law) because you exercised your rights.

California users can exercise their privacy rights by contacting us as described below. If you have an authorized agent, that agent can make a request on your behalf, but we will require proof of the agent’s authorization and may still ask you to verify your identity directly with us.

Children’s Privacy

Linked API is not intended for use by minors under the age of 18. We do not knowingly collect personal information from children under 13 (or under 16 in the European Union, unless with parental consent, as required by applicable law). If you are under the minimum age in your jurisdiction, you may not use our service or provide any personal data to us. We ask that parents and guardians supervise their children’s online activities and consider using parental control tools.

In the event we discover that we have inadvertently collected personal information from a child under the applicable age without proper consent, we will take immediate steps to delete such information from our records. If you believe a minor may have provided us with personal data, please contact us so we can investigate and remove it.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Policy, we will notify users by prominently posting a notice on our website or within the platform, and/or by sending an email to the address associated with your account. We will indicate at the top of the Policy the date of the latest revision.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. Continued use of Linked API after any changes to this Policy constitutes your acceptance of the updated terms, to the extent permitted by law.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us at:

What the Flutter OÜ (Attn: Privacy)
Ahtri tn 12, Kesklinna linnaosa
Tallinn 15551, Harju maakond
Estonia
Email: support@linkedapi.io (please include “Privacy Inquiry” in the subject line)

If you require a Data Processing Addendum (DPA) for our role as a processor of personal data on your behalf, please contact us at support@linkedapi.io. We will gladly assist you and strive to resolve any concerns.

Thank you for trusting Linked API. We value your privacy and will continue working hard to keep your personal information secure.