Privacy Policy

Last updated: March 2026

1. Overview

LinkedBoost ("we", "our", "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding your data. LinkedBoost is a self-hosted, open-source application. When you self-host LinkedBoost, you control all data storage.

2. Data We Collect

  • Account Information: Name, email address, and hashed password when you create an account.
  • Resume Data: Resume content you upload for job application automation.
  • AI API Keys: Your third-party AI provider API keys, encrypted at rest with AES-256-GCM.
  • Automation Data: Job applications, posts, scraped leads, and activity logs generated through your use of the platform.
  • Usage Data: Daily action counts for rate limiting and safety purposes.

3. How We Use Your Data

  • To provide and operate the LinkedBoost automation platform.
  • To authenticate your identity and protect your account.
  • To generate AI-powered content using your own API keys (keys are decrypted in-memory only during API calls).
  • To track daily usage for anti-detection rate limiting.
  • To send transactional emails (verification, password reset).

4. Data We Do NOT Collect

  • We do NOT use analytics trackers or third-party tracking scripts.
  • We do NOT sell, share, or monetize your data in any way.
  • We do NOT store your LinkedIn password. The Chrome extension operates on your already-logged-in session.
  • We do NOT store unencrypted API keys. Keys are encrypted before storage and decrypted only during use.

5. Data Security

We implement industry-standard security measures including AES-256-GCM encryption for API keys, bcrypt password hashing with 12 salt rounds, rate limiting on all API endpoints, CSRF protection, and HTTP-only secure cookies. All database queries use parameterized queries to prevent injection attacks.

6. Data Retention

  • Activity logs are automatically deleted after 90 days (TTL index).
  • Notifications are automatically deleted after 30 days.
  • All other data is retained until you delete your account.

7. Your Rights

  • Data Export: You can export all your data in JSON format from Settings > Data & Privacy.
  • Account Deletion: You can permanently delete your account and all associated data at any time.
  • API Key Removal: You can remove your AI API keys at any time from Settings.

8. Third-Party Services

  • AI Providers: When you configure AI API keys, your data is sent to the respective provider (Google Gemini, OpenAI, Anthropic, Groq) according to their privacy policies.
  • Email: We use Resend for transactional emails (verification, password reset only).
  • LinkedIn: The Chrome extension interacts with LinkedIn on your behalf. LinkedIn's terms of service apply.

9. Open Source

LinkedBoost is open-source software. You can audit every line of code, self-host the application, and control exactly where your data is stored. We encourage transparency and community oversight.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected in the "Last updated" date at the top of this page. Continued use of LinkedBoost after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy, please open an issue on our GitHub repository.