Legal · Version 2.0

Privacy Policy

How SalesTouch processes account, LinkedIn, MCP, billing and analytics data, including GDPR rights, retention and service providers.

Last updated 16 July 2026

1. Who we are

SalesTouch is a LinkedIn Model Context Protocol (MCP) service operated by Antoine Deschamps in France. It lets professional users connect an AI client such as Claude or Codex to LinkedIn, inspect professional information, manage conversations and carry out user-requested outreach actions.

For privacy questions or to exercise your rights, contact support@salestouch.io.

2. When this policy applies

This Policy applies to the SalesTouch website, web application, MCP server, desktop application, support communications and related services (together, the Service).

It covers personal data relating to:

  • Website visitors, account holders and organization members;
  • People who contact SalesTouch or receive product communications;
  • LinkedIn members, prospects and other individuals whose professional data a customer chooses to process through the Service.

It does not govern LinkedIn, Stripe, Google, GitHub, Anthropic or another third-party service. Their own terms and privacy policies apply to their independent processing.

3. Our GDPR roles

SalesTouch is the data controller for account administration, authentication, billing, product security, support, service communications and our own analytics.

When a customer uses the Service to process LinkedIn contacts, conversations, prospect lists, messages or other content for the customer's purposes, the customer is normally the controller and SalesTouch acts as its processor. The customer is responsible for having a valid legal basis, giving required notices and respecting objections and other rights. The data-processing terms in our Terms of Service apply to that processing.

4. Data we process

CategoryExamplesMain source
Account and organization dataName, work email, password hash, profile image, organization, role and languageYou; Google or GitHub if you use social sign-in
Authentication and security dataSession and OAuth tokens, IP address, browser, device, login events and security logsYour device and use of the Service
Billing dataPlan, subscription status, billing address, tax ID, invoices and Stripe customer or payment referencesYou and Stripe
Connected LinkedIn account dataLinkedIn identifier, profile details, account status, connection metadata and, if you choose infinite login, encrypted login, password and TOTP secretYou, the desktop app, LinkedIn and our connection provider
LinkedIn and prospect dataPublic professional profiles, employers, roles, posts, relations, invitations, conversation participants, message content and outreach statusLinkedIn through the account you connect; data you submit
MCP and product activityTool name, command, target, request parameters, result summary, timestamps, errors, queued actions and temporary exportsYour AI client and use of the Service
AI dataInstructions, relevant prospect or message context, generated suggestions and, if supplied, an encrypted Anthropic API keyYou, your AI client and Anthropic
Support and communicationsSupport messages, feedback, email preferences and repliesYou
Analytics and diagnosticsPage or feature interactions, device and browser information, approximate location derived from IP, and application errorsYour use of the Service

Payment-card details are collected directly by Stripe. SalesTouch does not store complete card numbers.

Please do not use the Service to process sensitive personal data unless it is strictly necessary, lawful and expressly supported by the relevant feature.

5. Why we process data

PurposeGDPR legal basis
Create accounts, authenticate users, provide MCP and desktop features, connect LinkedIn accounts and execute requested actionsPerformance of our contract with the customer
Manage subscriptions, payments, invoices, tax and accountingContract and legal obligations
Secure the Service, prevent abuse, troubleshoot failures and keep operational recordsOur legitimate interests in operating a safe and reliable service
Improve features, understand product performance and diagnose errorsOur legitimate interests in improving and operating the Service
Send verification, password-reset, billing, security and material service noticesContract and legal obligations
Send relevant product news to professional usersOur legitimate interests, subject to an easy unsubscribe and applicable e-privacy rules
Answer support requests and enforce or defend legal claimsContract and our legitimate interests

Where we rely on legitimate interests, we assess the necessity and impact of the processing. You may object as described below.

6. How LinkedIn and AI data are used

SalesTouch accesses LinkedIn only through an account and permissions connected by a customer. Depending on the MCP tool requested, the Service may search or retrieve professional information, synchronize conversations, prepare or send invitations and messages, publish or interact with content, and maintain action limits or follow-up queues.

AI-generated text can be inaccurate or inappropriate. SalesTouch does not use prospect data to make decisions producing legal or similarly significant effects on individuals. The customer decides which data to process and remains responsible for reviewing actions and outputs before use.

When a feature uses Anthropic, the prompt and relevant context are sent to Anthropic to generate the requested output. SalesTouch does not use customer content to train its own general-purpose AI model.

7. Service providers and recipients

We disclose data only when needed to provide the Service, comply with law, protect rights or complete a business transaction. Current provider categories include:

ProviderRole in the ServiceData concerned
Vercel and our managed PostgreSQL infrastructureHosting, application delivery and database infrastructureAccount, customer content, logs and technical data
UnipileLinkedIn account connection, synchronization and actionsConnected-account data and LinkedIn data
LinkedInSource and destination for actions requested through a connected accountLinkedIn identifiers, content and actions
StripeCheckout, subscriptions, payments, tax and billing portalAccount, billing and transaction data
ResendTransactional and product email deliveryName, email, message and delivery data
PostHog EUProduct analytics, diagnostics and application logsUsage, identity and technical data as configured
InngestBackground-job orchestrationJob payloads and operational metadata needed for the task
AnthropicAI generation for features that use itPrompts, relevant context and generated output
Google and GitHubOptional social sign-inAccount identity and authentication data

Authorized staff and professional advisers may access data on a need-to-know and confidentiality basis. We do not sell personal data or use prospect data for third-party advertising.

8. International transfers

Some providers process data outside the European Economic Area. Where required, we rely on an adequacy decision, the EU-U.S. Data Privacy Framework for certified recipients, the European Commission's Standard Contractual Clauses, or another lawful transfer mechanism, together with appropriate supplementary measures.

You can request information about the safeguards relevant to your data at support@salestouch.io.

9. Retention

We keep personal data only for as long as needed for the purpose described, then delete or anonymize it unless a legal hold or statutory retention period applies.

DataTypical retention rule
Account and organization dataWhile the account is active, then only what is required for up to 5 years to manage disputes or prove the contractual relationship
Sessions, access tokens and verification dataUntil expiry, revocation or account deletion, subject to short security logs
Connected LinkedIn credentialsUntil the connection is removed or the account is terminated; credentials are stored encrypted
Customer LinkedIn, prospect and message dataFor the duration of the customer relationship or until the customer deletes it, then deletion or return subject to legal obligations and the backup cycle
Temporary MCP scrape exportsDownload access expires after 7 days
MCP tool-call activity logs90 days
Support correspondenceUp to 3 years after the last substantive contact, longer if required for a dispute
Product-marketing contactsUntil unsubscribe or objection, and no more than 3 years after the last active relationship or contact unless renewed
Invoices and accounting records10 years where required by French law

Backups are isolated from ordinary use and overwritten on a rolling schedule. A lawful preservation request or legal claim may extend a stated period.

10. Cookies and analytics

SalesTouch uses browser storage for authentication, security, language or interface settings and checkout continuity. These technologies support the Service you request.

We use PostHog for product analytics and error diagnostics. PostHog may store or read identifiers in cookies or local storage and receive usage, device, browser and error information. We use this information to understand feature adoption, improve the Service and investigate failures.

Server-side events and logs are also processed when necessary to secure, operate and diagnose the Service.

11. Security

We use measures designed to protect data in light of the risks, including transport encryption, access controls, tenant-scoped authorization, encrypted storage for LinkedIn passwords, TOTP secrets and customer-supplied API keys, token expiration, rate limits, logging and restricted production access.

No online service can guarantee absolute security. You are responsible for protecting your devices, AI-client access and account credentials, and for promptly reporting suspected misuse.

12. Your rights

Subject to applicable conditions, you may request:

  • Access to and a copy of your personal data;
  • Correction of inaccurate or incomplete data;
  • Deletion of data;
  • Restriction of processing;
  • Portability of data you provided where processing is automated and based on contract or consent;
  • Objection to processing based on legitimate interests or for direct marketing;
  • Withdrawal of consent at any time, without affecting earlier lawful processing;
  • Information about relevant international-transfer safeguards.

To exercise a right, email support@salestouch.io. We may request proportionate information to verify your identity. We normally respond within one month; the GDPR permits an extension of up to two further months for complex or numerous requests.

If SalesTouch processes your data only on behalf of one of our customers, please contact that customer first. We will assist the customer as required.

You may lodge a complaint with the French Commission nationale de l'informatique et des libertés (CNIL) at cnil.fr or with the supervisory authority where you live or work.

13. Your responsibilities for other people's data

Customers must use an appropriate legal basis for prospecting and other processing, provide required privacy information, honor opt-outs and suppression lists, minimize imported data, set appropriate retention periods and ensure that their instructions comply with applicable law. SalesTouch does not determine whether a particular outreach campaign is lawful for a customer's audience or jurisdiction.

14. Children

The Service is intended for professional users aged 18 or older and is not directed to children. Please contact us if you believe a child has provided personal data to SalesTouch.

15. Changes and contact

We may update this Policy when the product, providers or law changes. We will post the new date here and give additional notice when a change materially affects your rights or how we use data.

Questions, requests or complaints can be sent to support@salestouch.io.