Privacy Policy
How SalesTouch processes account, LinkedIn, MCP, billing and analytics data, including GDPR rights, retention and service providers.
Last updated 16 July 2026
1. Who we are
SalesTouch is a LinkedIn Model Context Protocol (MCP) service operated by Antoine Deschamps in France. It lets professional users connect an AI client such as Claude or Codex to LinkedIn, inspect professional information, manage conversations and carry out user-requested outreach actions.
For privacy questions or to exercise your rights, contact support@salestouch.io.
2. When this policy applies
This Policy applies to the SalesTouch website, web application, MCP server, desktop application, support communications and related services (together, the Service).
It covers personal data relating to:
- Website visitors, account holders and organization members;
- People who contact SalesTouch or receive product communications;
- LinkedIn members, prospects and other individuals whose professional data a customer chooses to process through the Service.
It does not govern LinkedIn, Stripe, Google, GitHub, Anthropic or another third-party service. Their own terms and privacy policies apply to their independent processing.
3. Our GDPR roles
SalesTouch is the data controller for account administration, authentication, billing, product security, support, service communications and our own analytics.
When a customer uses the Service to process LinkedIn contacts, conversations, prospect lists, messages or other content for the customer's purposes, the customer is normally the controller and SalesTouch acts as its processor. The customer is responsible for having a valid legal basis, giving required notices and respecting objections and other rights. The data-processing terms in our Terms of Service apply to that processing.
4. Data we process
| Category | Examples | Main source |
|---|---|---|
| Account and organization data | Name, work email, password hash, profile image, organization, role and language | You; Google or GitHub if you use social sign-in |
| Authentication and security data | Session and OAuth tokens, IP address, browser, device, login events and security logs | Your device and use of the Service |
| Billing data | Plan, subscription status, billing address, tax ID, invoices and Stripe customer or payment references | You and Stripe |
| Connected LinkedIn account data | LinkedIn identifier, profile details, account status, connection metadata and, if you choose infinite login, encrypted login, password and TOTP secret | You, the desktop app, LinkedIn and our connection provider |
| LinkedIn and prospect data | Public professional profiles, employers, roles, posts, relations, invitations, conversation participants, message content and outreach status | LinkedIn through the account you connect; data you submit |
| MCP and product activity | Tool name, command, target, request parameters, result summary, timestamps, errors, queued actions and temporary exports | Your AI client and use of the Service |
| AI data | Instructions, relevant prospect or message context, generated suggestions and, if supplied, an encrypted Anthropic API key | You, your AI client and Anthropic |
| Support and communications | Support messages, feedback, email preferences and replies | You |
| Analytics and diagnostics | Page or feature interactions, device and browser information, approximate location derived from IP, and application errors | Your use of the Service |
Payment-card details are collected directly by Stripe. SalesTouch does not store complete card numbers.
Please do not use the Service to process sensitive personal data unless it is strictly necessary, lawful and expressly supported by the relevant feature.
5. Why we process data
| Purpose | GDPR legal basis |
|---|---|
| Create accounts, authenticate users, provide MCP and desktop features, connect LinkedIn accounts and execute requested actions | Performance of our contract with the customer |
| Manage subscriptions, payments, invoices, tax and accounting | Contract and legal obligations |
| Secure the Service, prevent abuse, troubleshoot failures and keep operational records | Our legitimate interests in operating a safe and reliable service |
| Improve features, understand product performance and diagnose errors | Our legitimate interests in improving and operating the Service |
| Send verification, password-reset, billing, security and material service notices | Contract and legal obligations |
| Send relevant product news to professional users | Our legitimate interests, subject to an easy unsubscribe and applicable e-privacy rules |
| Answer support requests and enforce or defend legal claims | Contract and our legitimate interests |
Where we rely on legitimate interests, we assess the necessity and impact of the processing. You may object as described below.
6. How LinkedIn and AI data are used
SalesTouch accesses LinkedIn only through an account and permissions connected by a customer. Depending on the MCP tool requested, the Service may search or retrieve professional information, synchronize conversations, prepare or send invitations and messages, publish or interact with content, and maintain action limits or follow-up queues.
AI-generated text can be inaccurate or inappropriate. SalesTouch does not use prospect data to make decisions producing legal or similarly significant effects on individuals. The customer decides which data to process and remains responsible for reviewing actions and outputs before use.
When a feature uses Anthropic, the prompt and relevant context are sent to Anthropic to generate the requested output. SalesTouch does not use customer content to train its own general-purpose AI model.
7. Service providers and recipients
We disclose data only when needed to provide the Service, comply with law, protect rights or complete a business transaction. Current provider categories include:
| Provider | Role in the Service | Data concerned |
|---|---|---|
| Vercel and our managed PostgreSQL infrastructure | Hosting, application delivery and database infrastructure | Account, customer content, logs and technical data |
| Unipile | LinkedIn account connection, synchronization and actions | Connected-account data and LinkedIn data |
| Source and destination for actions requested through a connected account | LinkedIn identifiers, content and actions | |
| Stripe | Checkout, subscriptions, payments, tax and billing portal | Account, billing and transaction data |
| Resend | Transactional and product email delivery | Name, email, message and delivery data |
| PostHog EU | Product analytics, diagnostics and application logs | Usage, identity and technical data as configured |
| Inngest | Background-job orchestration | Job payloads and operational metadata needed for the task |
| Anthropic | AI generation for features that use it | Prompts, relevant context and generated output |
| Google and GitHub | Optional social sign-in | Account identity and authentication data |
Authorized staff and professional advisers may access data on a need-to-know and confidentiality basis. We do not sell personal data or use prospect data for third-party advertising.
8. International transfers
Some providers process data outside the European Economic Area. Where required, we rely on an adequacy decision, the EU-U.S. Data Privacy Framework for certified recipients, the European Commission's Standard Contractual Clauses, or another lawful transfer mechanism, together with appropriate supplementary measures.
You can request information about the safeguards relevant to your data at support@salestouch.io.
9. Retention
We keep personal data only for as long as needed for the purpose described, then delete or anonymize it unless a legal hold or statutory retention period applies.
| Data | Typical retention rule |
|---|---|
| Account and organization data | While the account is active, then only what is required for up to 5 years to manage disputes or prove the contractual relationship |
| Sessions, access tokens and verification data | Until expiry, revocation or account deletion, subject to short security logs |
| Connected LinkedIn credentials | Until the connection is removed or the account is terminated; credentials are stored encrypted |
| Customer LinkedIn, prospect and message data | For the duration of the customer relationship or until the customer deletes it, then deletion or return subject to legal obligations and the backup cycle |
| Temporary MCP scrape exports | Download access expires after 7 days |
| MCP tool-call activity logs | 90 days |
| Support correspondence | Up to 3 years after the last substantive contact, longer if required for a dispute |
| Product-marketing contacts | Until unsubscribe or objection, and no more than 3 years after the last active relationship or contact unless renewed |
| Invoices and accounting records | 10 years where required by French law |
Backups are isolated from ordinary use and overwritten on a rolling schedule. A lawful preservation request or legal claim may extend a stated period.
10. Cookies and analytics
SalesTouch uses browser storage for authentication, security, language or interface settings and checkout continuity. These technologies support the Service you request.
We use PostHog for product analytics and error diagnostics. PostHog may store or read identifiers in cookies or local storage and receive usage, device, browser and error information. We use this information to understand feature adoption, improve the Service and investigate failures.
Server-side events and logs are also processed when necessary to secure, operate and diagnose the Service.
11. Security
We use measures designed to protect data in light of the risks, including transport encryption, access controls, tenant-scoped authorization, encrypted storage for LinkedIn passwords, TOTP secrets and customer-supplied API keys, token expiration, rate limits, logging and restricted production access.
No online service can guarantee absolute security. You are responsible for protecting your devices, AI-client access and account credentials, and for promptly reporting suspected misuse.
12. Your rights
Subject to applicable conditions, you may request:
- Access to and a copy of your personal data;
- Correction of inaccurate or incomplete data;
- Deletion of data;
- Restriction of processing;
- Portability of data you provided where processing is automated and based on contract or consent;
- Objection to processing based on legitimate interests or for direct marketing;
- Withdrawal of consent at any time, without affecting earlier lawful processing;
- Information about relevant international-transfer safeguards.
To exercise a right, email support@salestouch.io. We may request proportionate information to verify your identity. We normally respond within one month; the GDPR permits an extension of up to two further months for complex or numerous requests.
If SalesTouch processes your data only on behalf of one of our customers, please contact that customer first. We will assist the customer as required.
You may lodge a complaint with the French Commission nationale de l'informatique et des libertés (CNIL) at cnil.fr or with the supervisory authority where you live or work.
13. Your responsibilities for other people's data
Customers must use an appropriate legal basis for prospecting and other processing, provide required privacy information, honor opt-outs and suppression lists, minimize imported data, set appropriate retention periods and ensure that their instructions comply with applicable law. SalesTouch does not determine whether a particular outreach campaign is lawful for a customer's audience or jurisdiction.
14. Children
The Service is intended for professional users aged 18 or older and is not directed to children. Please contact us if you believe a child has provided personal data to SalesTouch.
15. Changes and contact
We may update this Policy when the product, providers or law changes. We will post the new date here and give additional notice when a change materially affects your rights or how we use data.
Questions, requests or complaints can be sent to support@salestouch.io.