IC
LinkedInCarousel

GDPR Policy

Last Updated: February 22, 2026

LinkedInCarousel ("we", "us", or "our") is committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This policy explains how we collect, process, and protect personal data of users in the European Economic Area (EEA), and outlines your rights under the GDPR. This policy should be read alongside our Privacy Policy and Terms of Service.

1. Data Controller

  • LinkedInCarousel acts as the data controller for personal data collected through our platform. This means we determine the purposes and means of processing your personal data.
  • If you have questions about how your data is processed, you can contact us at support@linkedincarousel.com.

2. Legal Basis for Processing

  • Consent: We process certain data based on your explicit consent, such as when you sign up for an account or subscribe to our newsletter. You may withdraw consent at any time.
  • Contractual Necessity: We process data necessary to fulfill our contract with you, including providing the carousel creation service, managing your account, and processing payments.
  • Legitimate Interests: We process data for our legitimate business interests, such as improving the platform, preventing fraud, and ensuring security, provided these interests do not override your fundamental rights.
  • Legal Obligation: We process data when required to comply with applicable laws, regulations, or legal proceedings.

3. Personal Data We Collect

  • Identity Data: Name, email address, and account credentials.
  • Content Data: Text, images, and other materials you input to create carousels.
  • Technical Data: IP address, browser type and version, operating system, device information, and time zone.
  • Usage Data: Information about how you use the Service, including pages visited, features used, and carousel creation activity.
  • Transaction Data: Payment details and subscription history (full payment card details are processed by our payment provider, Stripe, and are not stored on our servers).
  • Communication Data: Records of correspondence if you contact us for support.

4. Your Rights Under the GDPR

  • Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how it is being processed.
  • Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings.
  • Right to Erasure (Article 17): You have the right to request deletion of your personal data ("right to be forgotten") when the data is no longer necessary, you withdraw consent, or you object to processing. We will comply unless we have a legal obligation to retain the data.
  • Right to Restriction of Processing (Article 18): You have the right to request that we limit processing of your data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
  • Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
  • Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.
  • Rights Related to Automated Decision-Making (Article 22): We do not make decisions based solely on automated processing that produce legal effects concerning you. Our AI is used to generate carousel designs, not to make decisions about you.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
  • To exercise any of these rights, please contact us at support@linkedincarousel.com. We will respond within 30 days of receiving your request.

5. Data Processors and Sub-processors

  • We use trusted third-party service providers (sub-processors) to help operate LinkedInCarousel. Each sub-processor is bound by data processing agreements that ensure GDPR-compliant handling of your data.
  • Cloud Hosting: Vercel (United States) — hosts our application and stores data.
  • Database: Supabase — stores account and application data.
  • Payment Processing: Stripe — processes subscription payments securely.
  • AI Providers: OpenAI, Google — process content data to generate carousel designs. Data sent to AI providers is used only for generating your requested output and is not used to train their models.
  • Analytics: We use privacy-respecting analytics to understand usage patterns.
  • Email: We use email service providers to send transactional and marketing communications.
  • We regularly review our sub-processors to ensure they maintain adequate data protection standards.

6. International Data Transfers

  • Some of our sub-processors are located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions where the European Commission has determined that a country provides an adequate level of data protection.
  • We only transfer data to third countries where we are confident your data will be protected to GDPR standards.

7. Data Retention

  • We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements.
  • Account data is retained while your account is active and for up to 30 days after deletion to allow for account recovery.
  • Carousel content and history are retained while your account is active. You may delete individual items at any time.
  • Transaction records are retained for up to 7 years to comply with financial and tax regulations.
  • Server logs and analytics data are retained for up to 12 months and then anonymized or deleted.

8. Data Security

  • We implement appropriate technical and organizational measures to protect personal data, including:
  • Encryption of data in transit using TLS/SSL.
  • Secure authentication mechanisms and access controls.
  • Regular security reviews and monitoring.
  • Employee access to personal data is limited to those who need it to perform their duties.
  • In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and notify affected individuals without undue delay, as required by the GDPR.

9. Cookies and Tracking

  • We use cookies and similar technologies on our platform. In accordance with GDPR and the ePrivacy Directive, we obtain your consent before placing non-essential cookies.
  • Essential Cookies: Required for the platform to function (e.g., session management, authentication). These do not require consent.
  • Analytics Cookies: Used to understand how visitors interact with our platform. These are placed only with your consent.
  • You can manage your cookie preferences at any time through your browser settings. For more detail, please refer to our Privacy Policy.

10. Data Protection Officer

  • For all data protection inquiries, GDPR-related requests, or complaints, please contact us at:
  • Email: support@linkedincarousel.com
  • We are committed to working with you to resolve any concerns. If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority in the EU Member State where you reside, work, or where the alleged infringement occurred.

11. Changes to This Policy

  • We may update this GDPR Policy from time to time. Material changes will be communicated by updating the "Last Updated" date and, where appropriate, by notifying you via email or an in-app notice.
  • We encourage you to review this policy periodically to stay informed about how we protect your data.