Linkfetch
get key ↗
gdpr + ccpalinkfetch / § compliance
§ compliance

The compliance story, end-to-end.

What we do for GDPR, CCPA, and data-subject rights. Who our sub-processors are. How to get a DPA before your security review.
§ 02 · the facts

At-a-glance.

Data roles
Controller (for account data) · Processor (for customer-ingested data)
Legal basis
Legitimate interest + contract (for processing)
Data residency
EU (primary) · US (replicas)
Data retention
30 days default · configurable per customer
Breach SLA
Customer notified within 60 minutes of discovery
Contact
info@linkfetch.io
§ 03 · data model

User is the principal.

Every profile lookup runs through the end-user's own LinkedIn session via our Chrome extension. We never impersonate, never rent accounts, never store session tokens.

01 · collect

End-user installs the extension. It passively observes public LinkedIn responses while the user browses. No background fetches.

02 · normalise

Raw responses are normalised into typed records with provenance stamps (source, fetched_at, freshness). Session tokens never leave the browser.

03 · serve

Normalised records are served back through the API, keyed to the ingesting user. DSR-erased rows are filtered at response time, not deleted immediately, so audit trails survive.

§ 04 · sub-processors

Everyone in the chain.

processorpurposelegal basis · region
AWS (EU-Central-1)Infrastructure, Postgres, S3GDPR · Frankfurt
CloudflareEdge + DNSGDPR · Multi-region
PaddleMerchant of Record (billing)GDPR · UK + EU
PostHog (EU)Product analyticsGDPR · Frankfurt
ResendTransactional emailGDPR · US/EU
Sentry (EU)Error monitoringGDPR · Frankfurt

list maintained in real time · subscribe to updates · info@linkfetch.io

§ 05 · data subject rights

How to exercise yours.

  • AccessDSAR via `info@linkfetch.io` · resolved within 30 days
  • RectificationInline edits in dashboard or email support · same-day
  • ErasureSoft delete on request; hard delete 30 days later per retention
  • PortabilityJSON export of all user-owned data · 7 business days
  • ObjectionOpt-out from processing · acknowledged within 5 business days
dpa

Need our DPA before your security review?

Pre-signed, standard-contractual-clauses compliant, downloadable as PDF. Or request custom edits — we respond within 24 hours.

download dpa ↗email compliance