← PRS LinkedIn AI Agent

Privacy Policy

Plain English. What we collect, how we use it, who we share it with, and how you can revoke access at any time.

1. Who we are

The PRS LinkedIn AI Agent ("the Agent") is operated by Predictable Revenue Systems, a Gemma Serenity & Sascha Gorokhoff Enterprise. Contact: agent@prs.gemmaserenity.com.

2. What the Agent does

The Agent is an internal revenue tool that:

• Surfaces public intent signals (funding announcements, role changes, hiring activity, public engagement) about prospective contacts you choose to target.
• Scores those signals against an Ideal Customer Profile (ICP) you define.
• Drafts personalized LinkedIn messages and emails, which a human operator either sends manually (LinkedIn) or which are dispatched on your behalf via email after your explicit setup.

The Agent does not auto-send LinkedIn connection requests or LinkedIn direct messages. Those actions are always executed manually by the authenticated user inside LinkedIn's own interface.

3. Information we collect from you (the authenticated user)

When you connect your LinkedIn account via OAuth, we receive from LinkedIn:

• Your LinkedIn member identifier (a stable internal ID, formatted as urn:li:person:...)
• Your name (first and last)
• Your primary email address
• An OAuth access token and refresh token, used to act on your behalf within the scopes you approve

We request only the following LinkedIn scopes: openid, profile, email, and w_member_social. These grant sign-in identity and the ability to publish posts on your own LinkedIn feed (with your explicit per-action consent). They do not grant the Agent access to your connections, inbox, search history, or the ability to message other LinkedIn members.

4. Information we collect about prospective contacts

To support outreach you direct, the Agent stores public, non-sensitive information about prospective contacts you target:

• Name, role, company, public LinkedIn profile URL
• Publicly available company information (funding stage, public news mentions)
• Public engagement signals (posts, comments) that you or the Agent observed
• Business email address, where publicly available or provided by you

This data is sourced from public filings, official APIs (LinkedIn, Cal.com), and integrations you explicitly authorize. We do not scrape gated content, purchase data from data brokers, or use cookie-based session injection.

5. How we use information

• Identity: to authenticate you and bind activity to your account.
• Scoring: to evaluate which prospects best match your ICP.
• Drafting: to compose personalized outreach drafts.
• Sending (email only): to dispatch the emails you have queued, within delivery limits you control.
• Operational integrity: to operate circuit breakers (bounce rate, reply rate) that protect your sender reputation.
• Audit and debugging: to log errors and operational events so we can keep the system reliable.

We do not sell information. We do not use your data or your prospects' data to train any AI model that is shared with parties outside your account.

6. Sub-processors

We use the following infrastructure providers strictly as data processors:

• Cloudflare — edge compute and static hosting
• Supabase — database (data is stored on Supabase's managed Postgres)
• Resend — transactional and outreach email delivery
• Cal.com — demo and meeting scheduling (only for users who book demos with us)

Each sub-processor's privacy posture is published on their own site. We do not share your data with any other party.

7. Data security

• OAuth access and refresh tokens are encrypted at rest using AES-256-GCM with a key held only by the Agent.
• Database access requires a service-role key that is never exposed to browsers or end users.
• Row Level Security is enabled on every table.
• All transport is over HTTPS.

8. Retention

• Prospect dossiers are retained for 90 days after last refresh, then purged.
• Intent signals are retained for as long as they are useful for active campaigns; you can request deletion at any time.
• OAuth tokens are deleted when you revoke the Agent in LinkedIn settings or contact us to disconnect.
• Operational logs are retained for 90 days, then pruned.

9. Your rights

• Access: email agent@prs.gemmaserenity.com to request a copy of the data we hold about you.
• Deletion: email the same address to request deletion of your account data.
• OAuth revocation: revoke the Agent at any time from your LinkedIn settings (Settings → Data privacy → Permitted services). Revocation immediately invalidates the access token.
• Unsubscribe from email: every outreach email includes a one-click unsubscribe link.

10. Cookies and tracking

The landing site uses no analytics cookies, no advertising trackers, and no third-party fingerprinting. We set one short-lived (10-minute) HTTP-only cookie during the LinkedIn OAuth flow purely for CSRF protection (it stores a single random nonce; it is deleted immediately after the OAuth callback completes).

11. LinkedIn's terms

Use of the Agent must comply with LinkedIn's User Agreement and the LinkedIn API Terms of Use. The Agent uses only LinkedIn's official OAuth-based APIs and does not engage in scraping, cookie injection, or automation of restricted actions.

12. Changes to this policy

If we make material changes, we will notify you by email and update the "Last updated" date at the top of this page.

13. Contact

Questions, requests, complaints: agent@prs.gemmaserenity.com.