Privacy Policy
Last updated: April 9, 2026
1. Who we are
Positionly (“we”, “us”, “our”) is a LinkedIn personal branding platform that helps professionals create content through AI-assisted coaching. We act as the data controller for your personal data.
Contact for data protection inquiries: privacy@positionly.app
2. What data we collect
We collect the following categories of personal data:
| Category | Data | Legal basis (GDPR Art. 6) |
|---|---|---|
| Account | Name, email, LinkedIn profile URL, profile picture | Contract performance (Art. 6(1)(b)) |
| LinkedIn profile | Headline, position, industry, skills, experience, education, follower/connection count | Contract performance (Art. 6(1)(b)) |
| Content | Posts you create, chat conversations with the AI coach, carousel designs, calendar entries | Contract performance (Art. 6(1)(b)) |
| Persona & brand | Narrative arc, brand positioning, tone preferences, content pillars, origin story | Contract performance (Art. 6(1)(b)) |
| Payment | Stripe customer ID, subscription status, plan tier (we never store card numbers) | Contract performance (Art. 6(1)(b)) |
| Usage | Feature interactions, session duration, device type | Legitimate interest (Art. 6(1)(f)) |
| Cookies | Session authentication, preferences | See our Cookie Policy |
3. How we use your data
- Provide the service — AI coaching, content creation, calendar scheduling, carousel generation
- Personalize your experience — tailor AI responses to your brand, narrative arc, and content history
- Publish to LinkedIn — only when you explicitly click “Publish”; we never auto-publish
- Process payments — manage your subscription through Stripe
- Improve the product — aggregate, anonymized usage analytics
- Communicate with you — transactional emails (account, subscription). No marketing emails without consent.
4. AI processing & third-party sub-processors
We use Anthropic's Claude API to power our AI coaching and content generation features. When you interact with the AI coach, your conversation messages and relevant profile context are sent to Anthropic for processing.
Anthropic processes this data as a sub-processor under our data processing agreement. Anthropic does not use your data to train their models. See Anthropic's Privacy Policy.
Sub-processors:
| Provider | Purpose | Location |
|---|---|---|
| Anthropic | AI content coaching & generation | United States |
| Stripe | Payment processing | United States |
| LinkedIn (Microsoft) | OAuth authentication & publishing | United States |
For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission.
5. Data retention
- Account data — retained while your account is active, deleted within 30 days of account deletion
- Content & conversations — retained while your account is active; you can delete individual posts or conversations at any time
- LinkedIn tokens — stored encrypted; automatically invalidated if you disconnect LinkedIn or delete your account
- Payment data — Stripe retains transaction records per their retention policy; we only store your Stripe customer ID
- Usage analytics — aggregated data retained for up to 24 months; individual session data deleted after 90 days
6. Your rights (GDPR)
Under the General Data Protection Regulation, you have the following rights:
- Access (Art. 15) — request a copy of all personal data we hold about you
- Rectification (Art. 16) — correct inaccurate or incomplete data
- Erasure (Art. 17) — request deletion of your data (“right to be forgotten”)
- Restriction (Art. 18) — restrict processing of your data
- Portability (Art. 20) — receive your data in a structured, machine-readable format
- Objection (Art. 21) — object to processing based on legitimate interest
- Withdraw consent (Art. 7(3)) — withdraw consent at any time where processing is based on consent
To exercise any of these rights, email privacy@positionly.app. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority (supervisory authority) if you believe we have violated your rights.
7. Data security
- All data transmitted over HTTPS/TLS 1.3
- LinkedIn OAuth tokens stored encrypted at rest
- Database access restricted to application services only
- No plaintext passwords — authentication via LinkedIn OAuth exclusively
- Stripe handles all payment card data; we never see or store card numbers
8. Children
Positionly is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact privacy@positionly.app and we will delete it promptly.
9. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by displaying a prominent notice within the application. Your continued use of Positionly after the effective date of any changes constitutes acceptance of the updated policy.
10. Contact
For any questions about this Privacy Policy or your personal data:
Email: privacy@positionly.app
Data Controller: Positionly