Privacy Policy

We collect the following categories of data:

• Account data: your name, email address, school, major, graduation year, and target role — provided by you during onboarding.
• Resume text: text you paste or upload, stored to help the AI personalize your outreach emails.
• Contact data: names, emails, LinkedIn URLs, and professional details of people you add to your network.
• Gmail data: when you connect Gmail, we store an OAuth refresh token to send emails on your behalf and to detect replies to your outreach. We read only the specific email threads initiated through Lynko AI — we do not scan your full inbox.
• Calendar data: when you authorize calendar access, we create events on your behalf when a meeting is scheduled through the app.
• Usage data: number of emails sent, AI requests made, and feature usage for product improvement and rate limiting.

• To send outreach emails from your Gmail account to contacts you choose.
• To detect replies to those emails and notify you in the app.
• To generate AI-drafted reply suggestions using Claude (Anthropic).
• To personalize email content using your resume and background summary.
• To create calendar events when meetings are scheduled.
• To enforce fair-use limits on AI features.

We do not sell your data. We do not use your data for advertising.

Lynko AI's use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• We access Gmail solely to send outreach emails you initiate and to read replies within those specific threads.
• We do not read, store, or process any Gmail messages outside of threads created through Lynko AI.
• We do not use Gmail data to serve advertisements or for any purpose unrelated to the core Lynko AI features described above.
• We do not share Gmail data with third parties except as necessary to operate the service (e.g., storing your encrypted OAuth token in our database).
• Your Gmail OAuth token is encrypted at rest and never exposed in logs or API responses.

• Supabase: database and authentication. Your data is stored in Supabase's managed PostgreSQL infrastructure.
• Anthropic (Claude): AI model used to generate email personalization and draft replies. Only the relevant context (your background summary, the email body, the contact's reply) is sent — never your full inbox or unrelated personal data.
• Apollo.io: used optionally to enrich contact profiles when you provide a LinkedIn URL.
• Vercel: hosting and serverless functions.

Your data is retained as long as your account is active. You may delete your account at any time by contacting us at fgrace0367@sdsu.edu. Upon deletion, all personal data including contacts, emails, and OAuth tokens is permanently removed within 30 days.

We encrypt Gmail OAuth tokens at rest. Access to your data is restricted by row-level security policies — users can only access their own records. We use HTTPS for all data in transit.

You have the right to:

• Access the data we hold about you
• Correct inaccurate data
• Delete your account and all associated data
• Revoke Gmail and Calendar access at any time via myaccount.google.com/permissions

To exercise any of these rights, email fgrace0367@sdsu.edu.

We may update this policy as the product evolves. We will notify users of material changes via email or an in-app notice. Continued use of Lynko AI after changes constitutes acceptance.