A

AutoLinked

by RAY AI

Privacy Policy

Effective Date: April 13, 2026 · Last Updated: April 13, 2026

1. Introduction

RAY AI ("we", "us", "our") operates AutoLinked, a LinkedIn audience expansion tool available at auto-linked.in (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

RAY AI is based in San Francisco, California. If you are a California resident, please see Section 9 (Your California Privacy Rights) for additional disclosures required under the California Consumer Privacy Act (CCPA/CPRA). If you are located in the European Economic Area (EEA), please see Section 10 (EEA/GDPR Rights).

2. Information We Collect

We collect the following categories of personal information:

Category (CCPA) Examples Source
A. Identifiers Name, email address, IP address You (registration)
B. Account credentials Hashed password (Argon2id), LinkedIn session cookies (AES/Fernet-encrypted), optional TOTP secret (encrypted) You (onboarding)
D. Commercial information Subscription status, campaign configurations Service usage
F. Internet / network activity Login timestamps, user agent, pages visited within the Service, security audit events Automatic collection
K. Inferences ML-derived lead relevance scores, match predictions Derived from LinkedIn data

LinkedIn Lead Data: When you use our Service, we access publicly available LinkedIn profile information (name, job title, company, industry) of individuals appearing in LinkedIn search results on your behalf. This data is processed to identify relevant professional contacts based on your campaign criteria.

Sensitive personal information: We do not knowingly collect sensitive personal information as defined by the CCPA/CPRA (e.g., Social Security numbers, financial account details, precise geolocation, racial/ethnic origin).

3. How We Use Your Information

We use personal information for the following business and commercial purposes:

  • Providing the Service: Account management, LinkedIn session handling, lead discovery, connection request automation
  • Security: Brute-force protection, rate limiting, audit logging, fraud prevention
  • Communication: Email verification, password reset, service notifications
  • Improvement: ML model training for lead qualification accuracy (using anonymized feature vectors, not raw personal data)

4. How We Share Your Information

We share personal information only with the following categories of service providers, strictly for operating the Service:

  • Resend (resend.com) — Email delivery for verification, welcome, and password reset emails
  • Anthropic (anthropic.com) — LLM inference for lead qualification. We send anonymized profile characteristics only; no direct identifiers (name, email) of end users are transmitted

We do not sell or share your personal information for cross-context behavioral advertising or any purpose other than operating the Service. See Section 7.

5. Data Retention

  • Account data: Retained until you delete your account
  • LinkedIn lead data: 6 months after last interaction, then automatically purged
  • Security audit logs: 6 months, then automatically purged
  • Activity logs / task history: 90 days, then automatically purged
  • LinkedIn passwords: Deleted immediately after successful first login (only session cookies are retained, encrypted)

6. Data Security

We implement industry-standard technical and organizational measures to protect your data:

  • Passwords hashed with Argon2id (memory-hard, GPU-resistant)
  • LinkedIn cookies and TOTP secrets encrypted with AES (Fernet) using PBKDF2-HMAC-SHA256 key derivation (600,000 iterations)
  • Zero-trust container network segmentation (frontend/backend isolation)
  • Rate limiting at both reverse proxy and application layers
  • Automated brute-force lockout (5 failed attempts → 30-minute lockout)
  • All containers run with minimal privileges (capability drop, no-new-privileges)
  • TLS encryption for all connections in transit

Data at rest is stored on servers located in Germany (Netcup, Nuremberg). While we implement robust security measures, no method of transmission or storage is 100% secure.

7. "Do Not Sell or Share My Personal Information"

RAY AI does not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising purposes as defined under the CCPA/CPRA.

Because we do not sell or share personal information, there is no need to opt out. However, if you believe we are selling or sharing your data, you may contact us at the address below and we will investigate.

8. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will delete it promptly.

9. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, security, completing a transaction).
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information. No opt-out is necessary.
  • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information beyond what is necessary to provide the Service.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

How to exercise your rights: Submit a verifiable consumer request by emailing privacy@rayai.de. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

Response timing: We will respond to verifiable requests within 45 days. If we need additional time, we will inform you of the reason and extension period (up to 90 days total).

CCPA Metrics (Previous 12 Months)

Requests to know: 0 received, 0 complied
Requests to delete: 0 received, 0 complied
Requests to opt-out: 0 received (not applicable — we do not sell PI)
Mean response time: N/A (no requests received)

10. European Economic Area (GDPR)

If you are located in the EEA, the UK, or Switzerland, the following additional disclosures apply:

Legal bases for processing:

  • Contract performance (Art. 6(1)(b) GDPR): Account management, service delivery, email communication
  • Legitimate interest (Art. 6(1)(f) GDPR): Security measures, fraud prevention, service improvement

Your rights under GDPR:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)

International data transfers: Our servers are located in Germany. Service providers (Resend, Anthropic) may process data in the United States. Transfers to the US are covered by Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR.

Supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority in your country of residence.

11. Third-Party Links

The Service interacts with LinkedIn (linkedin.com) on your behalf. LinkedIn's own privacy policy governs their collection and use of data. We are not responsible for LinkedIn's privacy practices.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights:

RAY AI
San Francisco, CA
Email: privacy@rayai.de

For GDPR-specific inquiries, you may also contact our EU representative: AKARA Solutions GmbH, Feldstraße 97, 25421 Pinneberg, Germany — info@akara-solutions.de

← Back to Registration