Privacy Policy
Effective Date: October 1st 2024 - Version: 1.0
The purpose of this document is to inform you about how Linbox processes your personal data when you use our services or visit our website https://linbox.app.
Linbox simplifies LinkedIn message management by syncing messages into Gmail and offering additional services through its platform. Linbox, a French company registered under SIREN 934281833, is the data controller when you use our services or website.
1. Who is Concerned?
This Privacy Policy applies to anyone who browses our website, creates an account, or uses Linbox's services, including employees of our clients. This policy does not cover how our users process personal data when using Linbox’s services to interact with third-party services like LinkedIn or Gmail. In those cases, Linbox acts as a data processor, and users should consult the respective policies.
2. What Are the Purposes for Processing Your Data?
We collect and process your personal data only when there is a legal basis. Below is a summary of the purposes, the concerned data, the legal basis, and retention periods:
| Purpose | Concerned Data | Legal Basis | Retention Period |
|---|---|---|---|
| Account management | Identification data (name, email address) | Contractual performance | Until account deletion or 3 years from last contact |
| Service provision (Gmail & LinkedIn sync) | Gmail scopes: email, profile, insert.emails, gmail.labels | Contractual performance | Duration of the contractual relationship + 2 years |
| Optimized and personalized services | Account activity data, settings | Contractual performance | For the duration of the contract or 2 years from last contact |
| Newsletter sending | Professional email address | Consent | Until consent withdrawal or 3 years from last contact |
| Payment management | Payment data (bank details, billing information) | Contractual performance | Duration of the contract + 10 years |
| Website security and functionality | Navigation data | Legitimate interest | Duration of navigation |
We will delete your data after the specified retention period unless legally required to retain it.
3. Who Has Access to Your Personal Data?
3.1 Linbox Employees
Authorized Linbox employees can access your information to ensure the proper functioning of the website and services, respond to your requests, and manage the commercial relationship.
3.2 Third-Party Services
When you use Linbox to interact with third-party services (e.g., Gmail, LinkedIn), those services may collect personal data about you. Linbox is not responsible for this data collection and recommends reviewing the privacy policies of those third parties.
3.3 Service Providers
We share your data with third-party service providers who help us operate our services, including hosting providers, payment processors, and IT developers.
3.4 Legal Requirements
Your personal data may be disclosed if required by law or necessary for legal proceedings.
4. Is Your Data Transferred Outside the European Union?
Your data may be transferred outside the European Economic Area (EEA), particularly when we use international service providers. These transfers are made with appropriate safeguards, such as the use of standard contractual clauses approved by the European Commission. For more details, contact us at gdpr@linbox.app.
5. Your Rights Regarding Personal Data
You have the following rights regarding your data:
Right of Access: You can request information about how your data is processed.
Right to Rectification: You can ask us to correct any inaccurate or incomplete personal data.
Right to Erasure: You may request the deletion of your personal data in certain circumstances.
Right to Restriction: You can request a restriction on the processing of your data.
Right to Data Portability: You can request the transfer of your data to another service.
Right to Object: You can object to the processing of your data if it’s based on legitimate interest.
Right to Withdraw Consent: You can withdraw your consent at any time, without affecting the lawfulness of the processing carried out before withdrawal.
To exercise any of these rights, contact us at gdpr@linbox.app. If you are unsatisfied with our response, you can contact the CNIL (France’s data protection authority) at www.cnil.fr.
6. Protection of Google User Data
Linbox is committed to protecting the privacy and security of the Google user data we collect. Below are the specific data protection mechanisms in place to ensure the confidentiality and security of this data:
6.1 Data Collected
Linbox collects and processes the following Google user data:
Profile Information: Linbox collects your name and email during account creation and authentication via Google OAuth.
Gmail Data: Linbox accesses Gmail labels and uses the
insert.emailspermission to sync third-party app messages (e.g., LinkedIn) into Gmail threads. This allows users to manage LinkedIn conversations directly within Gmail.
6.2 How We Use Google User Data
Linbox uses Google user data solely to provide the intended functionality of the app:
Syncing LinkedIn Messages: Linbox syncs LinkedIn messages into Gmail threads, allowing users to view and respond to LinkedIn messages directly from their Gmail inbox.
Organizing Inbox: Linbox uses Gmail labels to help users categorize and manage their LinkedIn messages, improving organization and efficiency.
6.3 Data Protection Mechanisms
Linbox ensures the security of sensitive Google user data through the following protection mechanisms:
Encryption: All Google user data is encrypted both at rest and in transit using industry-standard encryption protocols (AES-256).
Secure Storage: Data is securely stored on Google Cloud Platform (GCP), adhering to privacy-by-design principles and industry-best security standards.
Access Control: Linbox enforces strict access control measures. Data access is governed by service tokens and role-based access using Google IAM (Identity and Access Management). Only authorized systems and personnel can access Google user data, and human access is limited.
6.4 Data Sharing, Transfer, or Disclosure
Linbox does not share, transfer, or disclose any Google user data to third parties. The data is strictly used for providing and improving the application's functionality, and:
Linbox does not use Google user data for advertising or data reselling purposes.
Google user data is not transferred to any third-party services outside of those required for Linbox's core functionality.
6.5 Data Retention and Deletion
Linbox retains Google user data for the duration of the user's account and deletes it upon request. Users can request data deletion at any time by contacting gdpr@linbox.app, and their data will be permanently deleted once the account is terminated.
6.6 User Consent and Transparency
Linbox provides full transparency to users about the data it collects and processes. During signup, Linbox explicitly informs users of the required permissions, such as insert.emails, and explains that LinkedIn messages will be synced into their Gmail inbox.
7. Changes to the Privacy Policy
This Privacy Policy may be updated to reflect changes in our data processing practices or legal requirements. We will inform you of significant changes to this policy via email or on our website.