Privacy Policy

Effective Date: January 1, 2025 | Last Updated: April 24, 2026

            Our Core Promise: Zero Retention for Migration Data

            LynkIQ.ai operates on a zero-retention architecture for platform migrations. Your business data (contacts, deals, products, content) flows directly between your source and destination platforms in real-time and is never stored on our servers. This is not just a policy — it is built into our technical architecture.

            Exception — AI Lead Import: When you use the AI Lead Import tool to paste and structure lead lists, those contacts are stored in your private LynkIQ account so you can access, export, and push them to your CRM at any time. This data is scoped exclusively to your account and is never shared. See Section 2.5 for full details.

1. Introduction

LynkIQ.ai ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our enterprise migration and integration platform.

By using LynkIQ.ai, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

Email Address: Stored as a SHA-256 cryptographic hash for maximum privacy. We cannot reverse this hash to see your actual email.
Password: Stored using industry-standard bcrypt hashing with salt.
Payment Information: Processed securely by Stripe. We never store credit card details.

2.2 Platform Credentials

Session API Keys & OAuth Tokens: Keys entered during an active migration session are encrypted using Fernet symmetric encryption and automatically deleted after 4 hours.
Saved Integration Keys (Settings → Integrations): When you choose to save an API key for a connected platform (such as AI MarketLeads), it is encrypted at rest using Fernet symmetric encryption and stored persistently in your account until you delete it. These keys are scoped to your account only, never shared, and used solely to perform actions you initiate.
Connection Data: OAuth tokens and session credentials are used only during active migration sessions and immediately discarded upon completion.

2.3 Migration Data

            Zero Retention: Your actual business data (contacts, deals, products, content) flows directly between your source and destination platforms during a migration. We never store, log, or retain this data on our servers.
        

2.4 Usage Analytics

Migration history (source/destination platforms, record counts, timestamps)
Feature usage patterns (anonymized)
Error logs (sanitized of personal data)

2.5 AI Lead Import Data

The AI Lead Import feature allows you to paste AI-generated lead or contact lists. When you use this feature:

What is stored: Structured contact records extracted from your pasted list, including company name, contact name, email, phone, website, address, and specialty. These are stored in your private LynkIQ account in our PostgreSQL database.
Scope: Your imported contacts are accessible only to you, identified by a cryptographic hash of your email address. No other user or LynkIQ staff can access your lead data.
Purpose: To allow you to review, export, and push your leads to a connected CRM at any time.
Retention: Stored until you delete individual records or request full account deletion.
Deletion: You can delete individual contacts inside the app at any time, or request full deletion by emailing support@lynkiq.ai.
No third-party sharing: Your imported leads are never shared with, sold to, or accessible by any third party.

3. How We Use Your Information

To provide and maintain our migration services
To process your transactions via Stripe
To send essential service communications (password resets, migration confirmations)
To improve our platform based on aggregated, anonymized usage patterns
To comply with legal obligations

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share data with:

Service Providers: Stripe (payments), Resend (transactional emails), and cloud infrastructure providers operating under strict data processing agreements.
Legal Requirements: When required by law, subpoena, or to protect our rights.
Business Transfers: In the event of a merger, acquisition, or sale of assets, with prior notice.

5. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights:

Right to Access: Request a copy of your personal data.
Right to Rectification: Request correction of inaccurate data.
Right to Erasure ("Right to be Forgotten"): Request deletion of your data.
Right to Restriction: Request limitation of processing.
Right to Data Portability: Receive your data in a structured format.
Right to Object: Object to processing based on legitimate interests.
Right to Withdraw Consent: Withdraw consent at any time.

To exercise these rights, contact us at support@lynkiq.ai.

6. Your Rights Under CCPA

If you are a California resident, you have the right to:

Know what personal information is collected
Know whether your data is sold or disclosed
Say no to the sale of personal information (we do not sell data)
Access your personal information
Request deletion of your personal information
Not be discriminated against for exercising your rights

7. Data Security

We implement enterprise-grade security measures:

Encryption in Transit: TLS 1.3 for all data in transit
Encryption at Rest: AES-256/Fernet encryption for stored credentials and API keys
Infrastructure: SOC 2 and ISO 27001 certified cloud providers
Access Controls: Role-based access with full audit logging of every migration action
Password Security: bcrypt hashing (rounds=12) with enforced strength requirements
Credential Security: Session API keys auto-expire after 4 hours; saved integration keys are Fernet-encrypted and user-deletable at any time
Identity Privacy: User accounts are keyed to a SHA-256 hash of your email — we cannot reverse it to identify you

8. Data Retention

Migration Data: Zero retention — never stored on our servers
Session Platform Credentials: Maximum 4 hours, then auto-deleted
Saved Integration API Keys: Retained until you delete them via Settings → Integrations or request account deletion
AI Lead Import Contacts: Retained until you delete individual records in-app or submit a full deletion request
Account Data: Retained until account deletion is requested
Migration History: 90 days for operational and audit purposes

9. International Data Transfers

Data may be processed in the United States. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs) with our service providers.

10. Cookies and Tracking

We use minimal, essential cookies for:

Session management and authentication
Security and fraud prevention

We do not use advertising or third-party tracking cookies.

11. Children's Privacy

LynkIQ.ai is not intended for users under 18 years of age. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice on our website.

13. Contact Us

For privacy-related inquiries or to exercise your rights:

Email: support@lynkiq.ai
Data Protection Officer: Linda Olsen, CEO/Founder

Data Deletion Request
To request complete deletion of your account and data, email support@lynkiq.ai with subject line "GDPR/CCPA Deletion Request". We will process your request within 30 days.