Privacy statement
Last updated: 12 June 2026
This English version is a translation provided for convenience. The Dutch version is legally binding.
LinkPilot is a service provided by Slimme Schakels, based in Geesteren, the Netherlands, and registered with the Dutch Chamber of Commerce (KvK) under number 92740324. In this privacy statement we explain which personal data we process through LinkPilot, why we do so and what rights you have. Questions about privacy can be sent to info@slimmeschakels.nl.
1. Two roles: controller and processor
LinkPilot processes two kinds of personal data, and our role differs per kind:
- Your account data. For the data belonging to your account (such as your name, email address and settings), we are the data controller: we determine how and why that data is processed.
- Prospect data. On your instructions, the service also processes data of people on LinkedIn, such as people who comment on your post or whom you have approached through your search settings. For that data, you are the data controller and we are the processor: we only process it according to your settings and not for our own purposes. The arrangements for this are set out in Article 12 of the terms and conditions.
2. What data we process
About you as a user
- first name, last name and email address;
- password (stored encrypted; we cannot see it);
- when signing in with Google: your Google ID, name and email address;
- profile picture (automatically taken from your LinkedIn profile when connecting);
- language preference, time zone and the active hours of the automation;
- data about the connection to your LinkedIn account: the account ID at our integration partner Unipile, your LinkedIn profile ID, your display name and the status of the connection. We never receive or store your LinkedIn password;
- the settings and content you enter yourself: freebies, code words, DM texts, reply variants, search settings, exclusion list, posts and uploaded media;
- a log of executed actions (for example "DM sent" or "connection request sent"), needed to enforce limits and detect errors;
- once payments run through the service: payment and invoice data via our payment provider Stripe. Your full card details are processed by Stripe only and never reach our systems.
About prospects (on your instructions)
- name and first name;
- LinkedIn profile ID and profile URL;
- job title (headline) and follower count;
- profile picture URL;
- the text of comments on your posts;
- connection degree and follow-up status (for example "DM sent").
This only concerns information these people have made visible on LinkedIn themselves or have posted as a comment under your post. The service does not collect private messages from prospects and does not look beyond what LinkedIn shows to your account.
3. Purposes and legal bases
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing the service: account, connection, automation and dashboard | Performance of the agreement |
| Contact and support for questions or problems | Performance of the agreement |
| Security, abuse prevention and logging of executed actions | Legitimate interest |
| Invoicing and administration | Legal obligation |
| Processing of prospect data on your behalf | On your instructions; as controller, you determine the legal basis |
We never sell or rent your data to third parties and we do not use your data or that of prospects to train AI models.
4. Sub-processors
To provide the service, we engage the following parties. A data processing agreement (DPA) is in place with each of them, safeguarding the security and confidentiality of your data.
| Party | Purpose | Data | Location |
|---|---|---|---|
| Supabase | Database, authentication and file storage | All account data, settings, prospect data and media | EU |
| Unipile | Connection to LinkedIn and execution of actions | LinkedIn session data, profile and message data | France (EU) |
| Inngest | Scheduling and running background tasks | Technical identifiers, no substantive data | US, with SCCs |
| Vercel | Hosting of the application | Technical traffic data (such as IP address in server logs) | US, with SCCs and the EU-US Data Privacy Framework |
| Anthropic | AI assessment of whether a comment is asking for your freebie | Text of comments under your freebie post; not used for training | US, with SCCs and the EU-US Data Privacy Framework |
| Sign in with Google (only if you choose to) | Google ID, name and email address | US, with SCCs and the EU-US Data Privacy Framework | |
| Stripe | Payments (once paying through the service is available) | Name, email address and payment data | US/EU, with SCCs and the EU-US Data Privacy Framework |
If this list changes, we will update this statement. If you have substantial objections to a new sub-processor, you can cancel your subscription.
5. Transfers outside the EEA
We store data within the European Economic Area as much as possible. Where a sub-processor processes data outside the EEA (such as Vercel, Inngest, Anthropic, Google and Stripe), this is done on the basis of the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework.
6. Retention periods
- Account data and all campaign data (freebies, prospects, comments, connection requests, posts, action log): we keep them for as long as your account exists. If you delete your account, we immediately erase all of this data, including stored files, and remove the connection at Unipile.
- Invoice and payment data: 7 years, as required by the Dutch tax authorities.
- Email correspondence with support: at most 2 years after your subscription ends.
7. Your rights
For the data for which we are the controller, you have the right to:
- access the data we process about you;
- rectification of incorrect data;
- erasure of your data (you can also do this yourself, via delete account in the settings);
- restriction of processing;
- data portability: you can export your prospects and connection requests as a CSV file at any time;
- object to processing;
- withdraw previously given consent.
Send your request to info@slimmeschakels.nl. We will respond within one month. For complex or numerous requests, this period may be extended by two months; we will inform you if that is the case.
8. Rights of prospects
Are you listed as a prospect in the system of a LinkPilot user and do you want to exercise your rights? The user who approached you is the controller for that data. If you contact us anyway, we will help you as best we can and, where possible, put you in touch with the right user. Users can also place people on an exclusion list, so that the automation never approaches them (again).
9. Security
We take appropriate technical and organisational measures, including:
- encrypted connections (TLS) and encrypted storage;
- strict separation of data per user in the database (row level security): a user can never see another user's data;
- passwords are stored in encrypted (hashed) form only;
- access to production systems is limited to those who need it;
- integrations with external services are secured with secret keys and signature verification.
10. Data breaches
Despite all measures, something can go wrong. In the event of a data breach, we act in accordance with the Dutch data breach notification obligation: where required, we report the breach to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours and inform affected users. If a breach affects prospect data for which you are the controller, we will inform you without undue delay. If you suspect a security issue yourself, report it immediately via info@slimmeschakels.nl.
11. Cookies
LinkPilot only uses functional cookies: a cookie to remember your logged-in session and a cookie for your language preference. No consent is required for these cookies. We do not use analytics, tracking or marketing cookies; that is why you do not see a cookie banner.
12. Automated decision-making
We do not make automated decisions about you that have legal effects or otherwise significantly affect you. The automation in the service only executes the settings you have chosen yourself.
13. Minors
The service is intended for business use and is not aimed at persons under the age of 18. We do not knowingly process data of minors. If you believe this is happening anyway, please contact us and we will delete that data.
14. Filing a complaint
If you disagree with how we handle your data, we would like to hear it from you first via info@slimmeschakels.nl. In addition, you always have the right to file a complaint with the Dutch Data Protection Authority, Autoriteit Persoonsgegevens.
15. Changes to this statement
We may amend this privacy statement, for example when new features or other sub-processors are introduced. The current version is always available on this page, with the date of the latest change at the top. In the event of material changes, we will inform you through the service or by email.