Privacy Policy

We collect the following types of information when you use Penlio:

Account Information: When you sign up, we collect your name, email address, and LinkedIn profile information through LinkedIn OAuth authentication. This information is necessary to create and manage your account.

LinkedIn Profile Data: Through LinkedIn's official OAuth 2.0 integration, we access your basic profile information, including your name, profile picture, and headline. We only access data that you explicitly authorize during the OAuth consent flow.

Reference Content: You may provide us with reference LinkedIn posts to enable our AI voice learning feature. These posts are stored securely and used exclusively to train our AI to match your writing style.

Payment Information: When you subscribe to a paid plan, your payment information is collected and processed by Stripe, our third-party payment processor. We do not store your full credit card number, CVV, or other sensitive payment details on our servers.

Usage Data: We collect information about how you interact with our service, including features used, posts generated, scheduling activity, and performance metrics.

Device & Browser Information: We automatically collect device type, browser type, IP address, operating system, and general location data for security and analytics purposes.

We use the information we collect for the following purposes:

Service Delivery: To provide, maintain, and improve Penlio's features, including AI content generation, voice learning, post scheduling, and analytics.

Voice Learning: To analyze your reference posts and learn your unique writing style, enabling our AI to generate content that sounds authentically like you. Your reference posts are processed by our AI/LLM providers solely for this purpose.

Scheduling & Publishing: To schedule and publish LinkedIn posts on your behalf through LinkedIn's official API, at the times you specify.

Communication: To send you service-related notifications, updates, and responses to your inquiries. You may also opt in to receive marketing communications, which you can unsubscribe from at any time.

Analytics & Improvement: To understand how our service is used, identify trends, and improve the user experience.

Security: To detect, prevent, and address fraud, abuse, and security issues.

Legal Compliance: To comply with applicable laws, regulations, and legal processes.

We do not sell your personal data. We share your information only in the following circumstances:

AI/LLM Providers: We use third-party AI and large language model providers to power our content generation and voice learning features. Your reference posts and content prompts are shared with these providers to generate content. These providers process data according to their own privacy policies and data processing agreements.

LinkedIn: We interact with LinkedIn's official API to authenticate your account, publish posts, and retrieve analytics data. LinkedIn processes this data according to their privacy policy.

Stripe: Payment processing is handled by Stripe. When you make a payment, your payment information is shared directly with Stripe. Stripe's privacy policy governs the use of your payment data.

Analytics Providers: We use analytics tools to understand service usage patterns. These tools may collect anonymized or aggregated data about your usage.

Legal Requirements: We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Regular security assessments and monitoring
• Access controls limiting employee access to personal data
• Secure OAuth 2.0 authentication with LinkedIn (no password storage)

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying you and relevant authorities in the event of a data breach as required by applicable law.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: You can request a copy of the personal data we hold about you.

Correction: You can request that we correct inaccurate or incomplete personal data.

Deletion: You can request that we delete your personal data. This includes the ability to delete your account and all associated data, including voice learning models and reference posts.

Data Portability: You can request a copy of your data in a structured, machine-readable format.

Withdrawal of Consent: Where we rely on consent to process your data, you can withdraw that consent at any time.

Objection: You can object to the processing of your personal data in certain circumstances.

To exercise any of these rights, please contact us at privacy@penlio.com. We will respond to your request within 30 days. You may also disconnect your LinkedIn account from Penlio at any time through your account settings, which will revoke our access to your LinkedIn data.

Penlio uses cookies and similar tracking technologies for the following purposes:

Essential Cookies: Required for the service to function properly, including session management, authentication, and security. These cookies cannot be disabled.

Analytics Cookies: Used to understand how visitors interact with our website and service. These cookies help us improve the user experience and measure the effectiveness of our features.

Preference Cookies: Used to remember your settings and preferences, such as language and display options.

We do not use cookies for third-party advertising. You can manage your cookie preferences through your browser settings. Please note that disabling essential cookies may prevent you from using certain features of our service.

We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:

• Account data is retained for the duration of your account and deleted within 30 days of account deletion.
• Reference posts used for voice learning are retained until you delete them or close your account.
• Generated content is retained until you delete it or close your account.
• Payment records are retained as required by tax and financial regulations (typically 7 years).
• Usage logs are retained for up to 12 months for analytics and security purposes.

After account deletion, we may retain anonymized, aggregated data that cannot be used to identify you.

Penlio is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@penlio.com.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. We take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy, including the use of standard contractual clauses and other transfer mechanisms approved by relevant authorities.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this policy
• Notify you via email or through a prominent notice on our website
• Where required by law, obtain your consent to the changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@penlio.com

Company: Penlio

We aim to respond to all privacy-related inquiries within 30 days.