1. Introduction

Via Marketing respects privacy and is committed to protecting personal information. This Privacy Policy explains how we collect, use, disclose, store, protect, and delete personal information when you interact with our websites, marketing services, client campaigns, software tools, platform integrations, browser extensions, dashboards, AI-assisted workflows, social media integrations, and related services.

This Policy applies to:

• our websites and landing pages;
• our contact forms, newsletter forms, audits, proposal requests, scheduling pages, surveys, downloads, webinars, and events;
• our B2B marketing, campaign management, account-based marketing, advertising, analytics, SEO, LinkedIn marketing, research, and fractional marketing services;
• our client portals, dashboards, reports, automations, and internal business systems;
• our LinkedIn, Meta/Facebook/Instagram, Google, advertising, analytics, CRM, email, and other marketing-platform integrations;
• any Via Marketing app, browser extension, local dashboard, AI-assisted workflow, or software tool that links to this Policy.

This Policy does not replace a client’s own privacy notice where we process personal information on behalf of that client. Where we process personal information as a service provider, processor, or contractor for a client, we process that information under our agreement with the client and the client is responsible for providing any required privacy notice and obtaining any required consent unless we expressly agree otherwise.

2. Important summary of our data practices

We collect and process a significant amount of business, marketing, website, advertising, platform, research, and campaign-related data. Depending on how you interact with us, this may include contact details, professional details, company information, website usage data, campaign engagement data, CRM records, advertising event data, platform identifiers, social media/API data, AI prompts and outputs, meeting notes, communications, and client-provided data.

We use data to operate our business, provide marketing services, conduct research, manage campaigns, communicate with prospects and clients, run analytics, personalize marketing, measure advertising, operate approved platform integrations, generate AI-assisted drafts and insights, improve services, protect systems, comply with law, and enforce agreements.

We do not collect or store LinkedIn passwords. We do not collect or store LinkedIn browser cookies or LinkedIn session cookies. LinkedIn access, where applicable, is handled through LinkedIn’s official OAuth/API process.

We do not collect Meta/Facebook/Instagram passwords. Where a Meta integration is used, access is handled through Meta’s official authorization, Business Tools, or API mechanisms.

We do not use LinkedIn API member data for sales prospecting, lead generation, CRM enrichment, recruiting, ad targeting, audience creation, or account-based marketing. LinkedIn API member data is used only for the specific LinkedIn Page/Profile management purposes permitted by LinkedIn.

We do not intentionally send prohibited sensitive information to Meta Business Tools, such as health, financial, payment-card, government ID, children’s, or other restricted sensitive information.

AI-assisted outputs are used to support human work. For LinkedIn company-page comment/reply workflows, AI-generated comments or replies are presented for human review and approval before publication unless a different workflow is expressly configured, legally permitted, platform-permitted, and contractually authorized.

3. Who we are and our roles

For our own websites, marketing, business operations, sales, client relationship management, analytics, and internal tools, Via Marketing usually acts as a controller or organization responsible for the personal information we process.

For client campaigns, client CRMs, client advertising accounts, lead-management systems, analytics implementations, and other client-directed services, Via Marketing may act as a processor, service provider, contractor, or agent acting under the client’s instructions. In those cases, the client is responsible for determining the lawful basis, providing required notices, obtaining required consents, and ensuring that the data supplied to us was collected lawfully.

For platform integrations such as LinkedIn, Meta, Google, advertising networks, analytics providers, CRM providers, email platforms, hosting providers, and AI providers, those third parties may process personal information as independent controllers, processors, service providers, or platform providers according to their own terms and privacy policies.

4. Personal information we collect

We may collect the following categories of personal information, depending on the context.

4.1 Contact and identity information

This may include:

• name;
• business email address;
• personal email address if provided;
• phone number;
• mailing or business address;
• company name;
• job title;
• department;
• role;
• country, province/state, city, or region;
• social media profile handles or URLs where provided or publicly available.

4.2 Business and professional information

This may include:

• employer or organization;
• company size, industry, revenue band, funding stage, market segment, technologies used, and other firmographic information;
• professional interests;
• seniority level;
• business needs;
• purchasing interests;
• marketing preferences;
• event participation;
• client/prospect status;
• proposal and project history;
• publicly available professional profile information.

4.3 Communications and relationship data

This may include:

• emails, messages, form submissions, meeting notes, call notes, chat messages, support requests, and other communications;
• records of consent, unsubscribe requests, objections, deletion requests, and preference changes;
• sales pipeline notes and client relationship records;
• feedback, survey responses, testimonials, reviews, and case-study approval records.

4.4 Website, device, and usage data

This may include:

• IP address;
• browser type and version;
• device type;
• operating system;
• referring URL;
• pages viewed;
• links clicked;
• forms started or submitted;
• downloads;
• session duration;
• UTM parameters;
• campaign source/medium/content;
• approximate location derived from IP address;
• cookie identifiers;
• advertising identifiers;
• analytics identifiers;
• event data generated by cookies, pixels, tags, scripts, server logs, and similar technologies.

4.5 Advertising, analytics, and conversion data

This may include:

• page views;
• button clicks;
• form submissions;
• conversions;
• ad impressions;
• ad clicks;
• landing-page activity;
• hashed contact identifiers where permitted;
• offline conversion events where permitted;
• CRM-to-ad-platform match events where permitted;
• audience membership or exclusion signals;
• campaign performance and attribution data.

4.6 B2B research, market research, and prospect data

We may collect and process B2B research data for our own business and for client services. This may include:

• publicly available company and professional information;
• business contact information from public sources, events, directories, websites, business databases, or third-party providers;
• company news, funding, hiring, technology, market, and intent signals;
• website and campaign engagement signals;
• account fit, segmentation, and prioritization scores;
• marketing research notes;
• data supplied by clients or partners.

We do not use LinkedIn API member data for lead creation, CRM enrichment, ad targeting, audience building, sales prospecting, recruiting, or account-based marketing.

4.7 Client-provided data

Clients may provide us with:

• CRM records;
• lead lists;
• customer lists;
• prospect lists;
• website analytics;
• advertising account data;
• email marketing lists;
• form submissions;
• call or meeting notes;
• campaign performance data;
• conversion data;
• account or audience segments;
• business intelligence, market research, or internal client documentation.

Clients are responsible for ensuring that they have the right to provide this data to us and that the relevant individuals have received required notices and consents.

4.8 Social media and platform data

Where permitted by law, contract, platform terms, and API approval, we may process data from or about platforms such as LinkedIn, Meta/Facebook/Instagram, Google, and similar services.

This may include:

• authenticated user identifiers;
• Page, profile, organization, ad account, or business account identifiers;
• Page roles and authorization status;
• access tokens and token metadata;
• posts, comments, replies, mentions, reactions, engagement metrics, or metadata where available through approved APIs;
• campaign, ad, and analytics data;
• event, conversion, or reporting data;
• logs showing API access, errors, rate limits, and deletion events.

Platform data is subject to special rules described in Sections 12 and 13.

4.9 AI input, output, and evaluation data

Where we use AI tools, we may process:

• prompts;
• source text;
• campaign instructions;
• brand voice instructions;
• post/comment context;
• draft comments or replies;
• generated marketing copy;
• summaries;
• classifications;
• risk labels;
• scores;
• edits;
• reviewer feedback;
• AI usage logs.

We limit AI processing according to the sensitivity of the data, applicable law, client instructions, platform terms, and provider configurations.

4.10 Billing, payment, and transaction data

We may collect billing information such as:

• billing contact;
• invoice details;
• tax details;
• purchase or service history;
• payment status;
• transaction records.

Where payment-card data is processed, it is normally handled by a payment provider and not stored by us, except for limited transaction references or billing records.

4.11 Employment, contractor, and applicant data

If you apply to work with us or provide contractor services, we may collect:

• CV/resume;
• portfolio;
• work history;
• education;
• references;
• interview notes;
• compensation expectations;
• right-to-work information;
• professional qualifications;
• background or verification information where permitted.

4.12 Sensitive or special-category data

We do not intentionally seek sensitive personal information unless it is necessary, lawful, and appropriate for a specific purpose. Sensitive or special-category information may include health information, financial information, biometric data, precise location, political opinions, religious beliefs, ethnicity, sexual orientation, criminal records, union membership, government identifiers, or other information considered sensitive under applicable law.

Please do not submit sensitive personal information unless we specifically request it and explain why it is needed. If we receive sensitive information incidentally, we will minimize, restrict, delete, or otherwise handle it according to applicable law and platform requirements.

4.13 Children’s data

Our services are intended for business users and adults. We do not knowingly collect personal information from children for marketing purposes. If we learn that we have collected personal information from a child without appropriate consent, we will delete it where required.

5. Sources of personal information

We may collect personal information from:

• you directly;
• your employer or organization;
• our clients;
• client CRMs, analytics tools, advertising accounts, and marketing systems;
• public websites and public business sources;
• social media platforms and platform APIs where permitted;
• event organizers and partners;
• business contact providers and data vendors;
• analytics and advertising tools;
• cookies, tags, pixels, server logs, and similar technologies;
• email and CRM platforms;
• AI, automation, security, hosting, and infrastructure providers;
• referrals;
• professional advisers;
• public records where permitted.

6. Why we use personal information

We may use personal information for the following purposes.

6.1 To operate and improve our websites and services

We use data to:

• provide website functionality;
• respond to inquiries;
• schedule calls;
• provide audits or proposals;
• deliver requested content;
• operate client portals and dashboards;
• improve usability;
• diagnose technical issues;
• secure systems;
• measure website and campaign performance.

6.2 To provide marketing and agency services

We use data to:

• design and execute marketing strategies;
• manage SEO, paid media, email, social media, ABM, and campaign programs;
• conduct B2B research;
• segment audiences;
• create reports;
• optimize campaigns;
• manage client CRMs or marketing systems;
• measure performance;
• attribute conversions;
• create marketing materials;
• provide fractional marketing services.

6.3 To conduct B2B research and prospecting

We may use business contact and professional information to:

• identify organizations that may benefit from our services;
• understand market segments;
• perform account research;
• maintain our CRM;
• conduct outreach where lawful;
• support client-approved campaign strategy;
• avoid contacting people who opted out.

We do not use LinkedIn API member data for these purposes.

6.4 To communicate with you

We may use data to:

• respond to your inquiries;
• send service messages;
• send proposals;
• send newsletters;
• invite you to events;
• send marketing communications;
• notify you about changes to services;
• manage unsubscribe requests and communication preferences.

6.5 To run advertising, analytics, and measurement

We may use data to:

• show relevant ads;
• measure advertising performance;
• attribute conversions;
• build or suppress audiences where lawful;
• conduct remarketing where lawful;
• understand how visitors interact with websites and campaigns;
• share permitted event data with advertising and analytics platforms.

Where required, we obtain consent before using non-essential cookies, pixels, tags, scripts, or similar tracking technologies.

6.6 To operate platform integrations

We may use platform data to:

• authenticate authorized users;
• verify Page, Business, organization, ad account, or profile permissions;
• manage approved Page or campaign activity;
• retrieve authorized posts, comments, messages, metrics, or reporting;
• generate drafts for human review;
• publish approved content where authorized;
• monitor replies or engagement where permitted;
• process deletion requests;
• maintain audit and security logs;
• comply with platform terms.

6.7 To use AI-assisted tools

We may use AI tools to:

• summarize information;
• classify posts, comments, leads, campaigns, or business context;
• generate marketing drafts;
• generate suggested social-media comments or replies;
• support research;
• improve internal workflows;
• detect risk or policy issues;
• assist with client reporting.

AI-assisted outputs may be inaccurate and are reviewed according to the context and risk. We do not use AI as a substitute for legal, financial, medical, or other regulated professional advice.

6.8 To secure and protect our business

We use data to:

• detect fraud, abuse, spam, malware, unauthorized access, and security incidents;
• monitor systems;
• maintain audit logs;
• enforce access controls;
• protect client accounts and platform tokens;
• investigate suspicious activity;
• comply with breach-notification duties.

6.9 To comply with law and enforce agreements

We may use and disclose data to:

• comply with legal obligations;
• respond to lawful requests;
• maintain tax, accounting, and business records;
• enforce contracts;
• protect legal rights;
• defend claims;
• meet platform certification, deletion, audit, or compliance requirements.

7. Legal bases for processing

Depending on the jurisdiction and context, we rely on one or more of the following legal bases:

• Consent: for newsletters, certain cookies and tracking, platform OAuth authorization, certain marketing communications, certain AI or sensitive-data uses, and other situations where consent is required.
• Contract: to provide services, respond to requests, manage client relationships, and perform agreements.
• Legitimate interests: to operate and improve our business, conduct B2B marketing, perform limited business research, secure systems, prevent fraud, manage client relationships, and analyze business performance, where those interests are not overridden by your rights.
• Legal obligation: for tax, accounting, compliance, regulatory, platform, or legal duties.
• Vital interests or public interest: only in rare cases where applicable.
• Legal claims: where processing is necessary to establish, exercise, or defend legal claims.

For UK individuals, where we process special-category data, we will identify an Article 9 condition and any required UK Data Protection Act 2018 Schedule 1 condition. Where we process personal information subject to Israeli, Canadian, or BC law, we will process it based on consent or another lawful basis permitted by applicable law.

8. Consent and withdrawal

Where we rely on consent, you may withdraw your consent at any time. Withdrawal does not affect processing that occurred before withdrawal.

You may withdraw consent or update preferences by:

• using unsubscribe links in emails;
• adjusting cookie preferences;
• disconnecting platform integrations;
• contacting our Privacy Officer;
• using any available account or dashboard settings.

If withdrawing consent means we can no longer provide a service, feature, or integration, we will explain the practical consequences where required.

9. Cookies, pixels, tags, and similar technologies

We use cookies, pixels, scripts, tags, server-side event tools, device identifiers, local storage, and similar technologies.

These may include:

• Strictly necessary technologies: required for security, forms, load balancing, consent management, fraud prevention, and website operation.
• Preference technologies: used to remember settings such as language, region, or cookie choices.
• Analytics technologies: used to understand website and campaign performance.
• Advertising technologies: used for remarketing, ad measurement, conversion tracking, audience building, suppression lists, attribution, and campaign optimization.
• Security technologies: used to detect spam, fraud, abuse, bots, and unauthorized access.

Where required by law, we do not use non-essential cookies or tracking technologies until you have given valid consent. You may change your cookie preferences at any time through our cookie banner or preference center where available.

Third parties that may receive cookie, pixel, or event data may include advertising platforms, analytics providers, CRM providers, tag-management providers, social platforms, and measurement partners. These providers may process data according to their own terms and privacy policies.

10. Email marketing and commercial electronic messages

We send marketing communications only where permitted by applicable law. For Canadian recipients, we comply with Canada’s Anti-Spam Legislation requirements for consent, identification, and unsubscribe mechanisms.

Every marketing email will identify the sender and include an unsubscribe mechanism. We will process unsubscribe requests within the time required by applicable law.

We may still send non-marketing messages, such as transactional, contractual, security, billing, service, or legally required notices.

11. Advertising, audiences, and conversion tracking

We may use advertising and analytics platforms to measure and optimize marketing, including tools such as Meta Business Tools, LinkedIn advertising tools, Google advertising/analytics tools, and similar platforms.

Depending on configuration and consent, we may share permitted event data with such platforms, such as:

• page views;
• form submissions;
• ad clicks;
• landing-page events;
• conversion events;
• hashed email addresses or phone numbers where lawful;
• IP address;
• user agent;
• browser/device information;
• campaign parameters;
• offline conversion data.

We do not intentionally share prohibited sensitive information with advertising platforms. We require clients who provide customer lists, conversion data, or audience data to confirm that they have the right to use and share that data for the intended purpose.

12. LinkedIn API and LinkedIn Community Management data

This section applies where we use LinkedIn APIs, including LinkedIn Community Management, Marketing, Page, Organization, Comments, Social Actions, Posts, Notifications, Analytics, or related APIs.

12.1 LinkedIn authorization

We do not collect or store LinkedIn passwords. We do not collect or store LinkedIn browser cookies or session cookies. Where a user connects LinkedIn, we use LinkedIn’s official OAuth/API authorization process.

We may store:

• OAuth access tokens or refresh tokens where provided;
• token metadata;
• scopes;
• expiry times;
• authenticated member identifiers;
• selected organization/Page identifiers;
• authorization and role status;
• API logs and audit records.

Tokens are encrypted or otherwise protected using appropriate security safeguards.

12.2 LinkedIn data we may process

Depending on the permissions granted and approved use case, we may process:

• authenticated member ID/URN and basic profile data;
• organization/Page ID/URN and profile data;
• Page role and authorization status;
• organization posts, comments, replies, mentions, reactions, social actions, and related metadata;
• comments or replies made by an organization Page;
• drafts, approvals, rejections, edits, and publishing records;
• API usage logs, rate limits, request IDs, and errors;
• organization reporting and engagement metrics where permitted.

12.3 How we use LinkedIn API data

We use LinkedIn API data only for permitted LinkedIn Page/Profile management and community-management purposes, such as:

• verifying authorized Page administrators;
• retrieving authorized Page activity;
• identifying Page-related posts, comments, replies, mentions, or engagement for review;
• generating AI-assisted drafts where permitted;
• presenting drafts for human review;
• publishing approved company-page comments or replies where authorized;
• monitoring replies to organization comments;
• maintaining audit logs;
• enforcing rate limits and retention limits;
• complying with LinkedIn’s API terms and deletion requirements.

12.4 LinkedIn member-data restrictions

We do not use LinkedIn API member data for:

• sales prospecting;
• lead creation;
• CRM enrichment;
• marketing automation enrichment;
• account-based marketing;
• ad targeting;
• audience building;
• recruiting;
• employment decisions;
• mass messaging;
• identifying prospects or talent;
• exporting member data outside the application;
• combining member data with other data to create, supplement, verify, or append profiles, leads, or reference tables.

LinkedIn member data obtained for managing a specific Page or Profile is displayed only to authorized individuals associated with that Page or Profile, or otherwise permitted to manage it.

12.5 LinkedIn data retention

LinkedIn API data is retained only as permitted by LinkedIn’s applicable terms and documentation. In general:

• authenticated members’ Person IDs/URNs and profile data may be retained while needed for the authorized integration;
• other LinkedIn members’ profile data is cached for no more than 24 hours where caching is permitted;
• LinkedIn member social activity data, including member posts, comments, reactions, mentions, and related metadata, is stored for no more than 48 hours;
• LinkedIn IDs/URNs associated with managing organization activity may be retained as needed;
• organization social activity data is retained only for the permitted period, generally six weeks or six months for authenticated organizations where applicable;
• organization Page admin/reporting data is retained only for the permitted period, generally up to one year where applicable;
• OAuth tokens are deleted when authorization ends, when deletion is requested, or when no longer required.

Where LinkedIn imposes a shorter period than our general retention period, the shorter LinkedIn period applies.

12.6 LinkedIn deletion

We will delete LinkedIn API data where required if:

• the authorized user disconnects the integration;
• a client ceases receiving the relevant service;
• LinkedIn requests deletion;
• the data is no longer needed for the permitted purpose;
• applicable law requires deletion;
• our API access is terminated or suspended.

13. Meta, Facebook, Instagram, and Meta Business Tools data

This section applies where we use Meta Platforms Technologies, Facebook Login, Instagram/Facebook APIs, Meta Pages, Meta Business Tools, Meta Pixel, Conversions API, App Events, Custom Audiences, Ads Manager, or related Meta tools.

13.1 Meta authorization and app data

We do not collect or store Meta, Facebook, or Instagram passwords. Where a user connects a Meta account, Page, Business Manager, ad account, Instagram account, or related asset, we use Meta’s official authorization or business-access process.

Depending on the permissions granted and approved use case, we may process:

• Meta user ID or app-scoped ID;
• name or business profile data where provided;
• Page, Business, Instagram, ad account, or asset IDs;
• access tokens and token metadata;
• role or authorization status;
• Page posts, comments, messages, insights, ads, metrics, and related metadata where permitted;
• deletion requests and deauthorization events;
• API logs, errors, and audit records.

13.2 How we use Meta platform data

We use Meta platform data only for the purposes described in this Policy and in our Meta app review, platform configuration, client agreements, and applicable Meta terms, such as:

• authenticating authorized users;
• managing client-authorized Pages, ad accounts, or integrations;
• retrieving authorized content, messages, metrics, or reports;
• measuring advertising and campaign performance;
• generating reports;
• maintaining audit and security records;
• responding to deletion or deauthorization requests;
• complying with Meta terms and applicable law.

13.3 Meta Business Tools, Pixel, and Conversions API

Where we use Meta Business Tools, including Pixel or Conversions API, we may share permitted event data with Meta for advertising, analytics, measurement, attribution, conversion tracking, and campaign optimization.

We do not intentionally send prohibited sensitive information to Meta Business Tools. This includes information that Meta prohibits or restricts, such as health, financial, payment-card, government ID, children’s, authentication credentials, or other sensitive or restricted information.

Where required by law, Meta Pixel, CAPI, or other non-essential Meta tracking is activated only after valid consent.

13.4 Meta deletion requests

Users may request deletion of Meta-related app data by:

• using any self-service deletion feature we provide;
• removing our app or integration from their Meta/Facebook/Instagram settings where applicable;
• contacting our Privacy Officer using the contact details in this Policy;
• using any data deletion instructions or callback URL registered in our Meta App Dashboard.

When we receive a valid Meta data deletion request, we will delete applicable Meta User Data from our systems and instruct service providers to delete it, unless retention is required or permitted by law.

14. AI-assisted processing

We may use AI systems and AI service providers to support marketing, research, analytics, drafting, summarization, classification, quality review, and workflow automation.

AI processing may include:

• generating draft marketing content;
• analyzing public or client-provided business context;
• summarizing campaign performance;
• drafting suggested social media comments or replies;
• classifying risk, tone, intent, topic, or relevance;
• generating internal recommendations;
• improving workflow speed and consistency.

We do not use personal information to train our own foundation models unless we provide a separate notice and obtain any required consent. We do not knowingly permit AI providers to use confidential client data, LinkedIn API member data, or Meta User Data to train generalized AI models unless expressly permitted by applicable platform terms, client instructions, law, and contract.

Where platform data has strict retention limits, we will either:

• avoid sending the restricted data to AI providers;
• redact or minimize the data before processing;
• use provider configurations that meet applicable retention requirements;
• obtain additional approvals where required;
• delete or purge data according to the strictest applicable retention period.

AI-generated outputs may be inaccurate, incomplete, or inappropriate. We use human review for high-impact, sensitive, client-facing, or platform-published outputs where appropriate. For LinkedIn company-page comments and replies, AI-generated drafts are reviewed and approved by an authorized user before publication unless otherwise expressly configured and permitted.

We do not use solely automated decision-making that produces legal or similarly significant effects about individuals unless permitted by applicable law and accompanied by required safeguards.

15. Profiling, segmentation, and analytics

We may use profiling or segmentation for business and marketing purposes, such as:

• grouping business contacts by industry, company size, region, role, or interest;
• prioritizing accounts for outreach;
• measuring website engagement;
• understanding campaign performance;
• suppressing unsubscribed or irrelevant contacts;
• tailoring communications;
• improving marketing strategy.

We do not intentionally profile individuals using sensitive or special-category data for advertising, sales, recruiting, or discriminatory purposes.

Individuals may object to certain profiling or direct-marketing uses by contacting us or using unsubscribe/preference tools.

16. How we share personal information

We may disclose personal information to the following categories of recipients.

16.1 Clients

Where we provide services to clients, we may share campaign, lead, analytics, reporting, CRM, advertising, website, or research data with the relevant client according to our agreement.

16.2 Service providers and processors

We may share personal information with service providers that help us operate our business and provide services, such as:

• hosting and cloud infrastructure providers;
• database and storage providers;
• CRM providers;
• email marketing platforms;
• advertising and analytics platforms;
• tag-management and consent-management platforms;
• AI service providers;
• automation tools;
• customer support tools;
• payment processors;
• accounting and billing tools;
• security, monitoring, and logging providers;
• project management and collaboration tools;
• communications and meeting providers;
• data enrichment or research providers where lawful;
• professional advisers.

We require service providers to protect personal information and use it only for permitted purposes.

16.3 Platforms and advertising networks

We may share data with LinkedIn, Meta, Google, and other advertising, analytics, social, or marketing platforms where lawful, consented where required, client-authorized where relevant, and permitted by platform terms.

16.4 Professional advisers and legal recipients

We may disclose information to lawyers, accountants, auditors, insurers, regulators, courts, law enforcement, or public authorities where required or permitted by law.

16.5 Business transfers

If we are involved in a merger, acquisition, financing, restructuring, sale of assets, bankruptcy, or similar transaction, personal information may be disclosed or transferred as part of that transaction, subject to appropriate safeguards.

16.6 With consent or direction

We may disclose information where you or the relevant client instructs us or consents to the disclosure.

17. Selling, sharing, and targeted advertising

We do not sell personal information for money.

Some privacy laws may define certain advertising, analytics, cookie, pixel, or audience-sharing practices as “selling,” “sharing,” “targeted advertising,” or “cross-context behavioral advertising,” even when no money is exchanged. Where such laws apply, we will provide required notices and opt-out or consent choices.

We do not sell LinkedIn API member data. We do not export or transfer LinkedIn API member data except as permitted by LinkedIn and applicable law.

18. International transfers

We operate from Israel and Canada and may use service providers in Israel, Canada, the United States, the United Kingdom, the European Economic Area, and other jurisdictions.

Your personal information may be processed in countries where privacy laws differ from those in your jurisdiction. Where required, we use appropriate safeguards, which may include contractual commitments, data processing agreements, standard contractual clauses, UK international data transfer mechanisms, transfer risk assessments, access controls, encryption, and vendor due diligence.

19. Data retention

We retain personal information only for as long as needed for the purposes described in this Policy, unless a longer or shorter period is required by law, contract, platform terms, tax/accounting rules, dispute resolution, security, or legal obligations.

We use the following retention principles:

• retain only what is necessary;
• apply platform-specific shorter retention periods where required;
• delete, anonymize, or aggregate data when no longer needed;
• maintain suppression records where needed to honor opt-outs;
• retain audit and security records where necessary;
• delete platform data upon valid deletion, disconnection, or termination requests.

19.1 General retention examples

19.2 LinkedIn API retention

LinkedIn API data is retained according to the strict LinkedIn-specific rules described in Section 12.5.

19.3 Meta Platform Data retention

Meta User Data is retained only as long as needed for the approved app experience, service, client instruction, legal obligation, or permitted purpose. We delete Meta User Data when requested by the user, when requested by Meta, when the user deletes or disconnects the relevant account or app connection, when it is no longer necessary, or when required by law.

20. Security

We use administrative, technical, and organizational safeguards designed to protect personal information, including:

• encryption in transit;
• encryption or equivalent protection for sensitive stored data where appropriate;
• encrypted or protected OAuth tokens;
• access controls;
• least-privilege permissions;
• role-based access;
• authentication controls;
• audit logs;
• monitoring and alerting;
• vulnerability management;
• vendor due diligence;
• backup and recovery controls;
• data retention and deletion processes;
• confidentiality obligations;
• employee and contractor privacy/security training;
• incident-response procedures.

No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to protect personal information using safeguards appropriate to the nature of the information.

21. Data breaches and incidents

If we become aware of a security incident involving personal information, we will assess the incident and take appropriate steps to contain, investigate, remediate, and document it.

Where required, we will notify affected individuals, clients, regulators, platform providers, or other parties within legally required timeframes. We maintain breach records as required by applicable law.

22. Your rights and choices

Depending on your location and the data involved, you may have rights to:

• access your personal information;
• receive information about how we process your personal information;
• correct inaccurate or incomplete information;
• request deletion;
• request restriction of processing;
• object to processing;
• withdraw consent;
• request portability;
• opt out of marketing communications;
• opt out of certain targeted advertising or sharing;
• request information about automated decision-making or profiling;
• request human review of certain automated decisions where applicable;
• complain to a privacy regulator.

These rights may be subject to exceptions under applicable law, including legal, security, fraud prevention, contractual, privilege, or business-record exceptions.

23. How to exercise your rights

To exercise privacy rights, contact our Privacy Officer at:

Privacy Officer / Data Protection Contact: [insert email]
Postal address: [insert preferred privacy mailing address]

Please include:

• your name;
• contact information;
• the right you want to exercise;
• enough detail for us to identify the relevant data;
• whether the request relates to our website, a client campaign, LinkedIn, Meta, another platform, or another service.

We may need to verify your identity before fulfilling a request. If the data is controlled by one of our clients, we may refer the request to that client or assist the client in responding.

We will respond within the timeframe required by applicable law.

24. Marketing opt-outs

You may opt out of marketing emails by using the unsubscribe link in the email or contacting us.

You may opt out of certain cookies and targeted advertising through our cookie preference center where available, browser settings, platform settings, or industry opt-out tools.

Even after opting out, you may still receive non-marketing messages such as service, billing, security, legal, or transactional communications.

25. Platform disconnection and deletion

25.1 LinkedIn

A connected LinkedIn user may disconnect the integration through LinkedIn’s app settings where available or by contacting us. Upon disconnection or valid deletion request, we will delete applicable LinkedIn API data and OAuth tokens as required by LinkedIn’s terms and applicable law.

25.2 Meta/Facebook/Instagram

A Meta user may remove or disconnect our app through their Meta, Facebook, Instagram, Business, or app settings where available. Users may also request deletion by contacting us. We will delete applicable Meta User Data and process Meta deletion callbacks or deletion instructions as required.

25.3 Client-controlled accounts

If your data is processed in a client-controlled account, such as a client CRM, client ad account, client website, client analytics property, or client social media account, the client may be the appropriate party to handle your deletion or access request. We will assist the client where required by contract and law.

26. Public information and social media

If you interact with us on social media or public platforms, your information may be visible to others according to the platform’s settings and privacy policy.

We may process public business information for research, marketing, reputation management, or service delivery where lawful. We do not scrape or collect platform data in violation of applicable laws or platform terms.

27. Client responsibilities

Clients who provide us with personal information or instruct us to process personal information must ensure that:

• they have a lawful basis for collection, use, and disclosure;
• required notices and consents have been provided;
• data is accurate and not excessive;
• data does not include prohibited sensitive information unless expressly agreed and lawful;
• advertising audiences and conversion data are lawful to use;
• platform terms are followed;
• they respond to data-subject requests where they are the controller;
• they do not instruct us to process data unlawfully.

We may refuse or suspend processing instructions that appear unlawful, unsafe, inconsistent with platform terms, or inconsistent with this Policy.

28. Special rules for platform and advertising data

Where platform rules impose stricter requirements than this Policy, the stricter requirement applies.

This includes requirements from LinkedIn, Meta, Google, advertising networks, analytics providers, email platforms, CRM platforms, and AI providers.

For example:

• LinkedIn API member data must not be used for sales, recruiting, CRM enrichment, audience building, or ad targeting;
• LinkedIn API member social activity data must be deleted according to LinkedIn’s retention limits;
• Meta User Data must be deleted when requested by the user, Meta, or applicable law;
• prohibited information must not be sent to Meta Business Tools;
• platform access tokens must be protected and not shared except as permitted;
• platform data may not be processed beyond the approved use case.

29. Accuracy

We take reasonable steps to keep personal information accurate, complete, and up to date for the purposes for which it is used.

You may request correction of inaccurate information by contacting us.

30. Complaints

You may contact our Privacy Officer with any privacy complaint or concern. We will investigate and respond according to applicable law.

Depending on your location, you may also have the right to complain to a privacy regulator, such as:

• the Office of the Privacy Commissioner of Canada;
• the Office of the Information and Privacy Commissioner for British Columbia;
• the Israeli Privacy Protection Authority;
• the UK Information Commissioner’s Office.

31. Changes to this Policy

We may update this Policy from time to time to reflect changes in our services, technologies, legal obligations, platform requirements, or data practices.

The updated version will be posted on our website with a new “Last Updated” date. Where required, we will provide additional notice or obtain consent for material changes.

32. Contact us

For privacy questions, requests, complaints, platform-data deletion requests, or consent withdrawal, contact:

Via Marketing Privacy Officer / Data Protection Contact
Email: [insert privacy email]
Address: [insert preferred privacy mailing address]
Israel Office: HaDuvdevan 7, Kiryat Ono, Tel Aviv District, Israel 5551051
Canada Office: #400-601 West Broadway, Vancouver, British Columbia, Canada V5Z 4C2

Required implementation items before publishing

The policy should be published only after these operational items are aligned:

1. Replace all placeholders: legal entity name, privacy officer title/contact, privacy email, mailing address, effective date, and service-provider categories actually used.
2. Add this policy URL to LinkedIn Developer settings and Meta App Dashboard.
3. Add a Meta data deletion instructions URL or callback URL and ensure the deletion workflow actually deletes Meta User Data.
4. Add a LinkedIn pre-OAuth consent screen that says what LinkedIn data is collected, when it is collected, how it is used/disclosed, how consent is withdrawn, and how deletion is requested.
5. Configure the Chrome extension/app so it does not request LinkedIn cookies, LinkedIn session cookies, LinkedIn passwords, or LinkedIn host scraping permissions.
6. Add or update a cookie banner so non-essential cookies, Meta Pixel, LinkedIn Insight Tag, Google Ads/Analytics, server-side conversions, and similar tracking do not fire before consent where required.
7. Create a data retention job for LinkedIn API data:
   • other members’ profile data: max 24-hour cache;
   • member social activity data: max 48 hours;
   • organization social activity: applicable LinkedIn limit;
   • admin/reporting data: applicable LinkedIn limit.
8. Do not send LinkedIn member social activity data to OpenAI or another AI provider unless the configuration and contract can satisfy LinkedIn’s shorter retention rules. Default AI-provider retention may be too long for LinkedIn member data.
9. Update client contracts and DPAs so clients confirm they have lawful rights, notices, and consents for data they provide, including ad audiences, CRM lists, conversion data, and B2B research data.
10. Create a subprocessor/vendor list and keep it updated internally; publish it if counsel recommends or if platform review asks for it.
11. Add a matching Terms of Service / User Agreement for the LinkedIn/Meta app, because LinkedIn requires both a user agreement and a privacy policy.
12. Create internal records of processing, data maps, consent logs, vendor reviews, deletion logs, breach records, and platform-data retention logs.