Privacy Policy
Last updated: June 27, 2026
Learn how we collect, use, disclose, and safeguard your personal information when you use our services. In short: we use what you share with Amelia — your notes, files, and links — only to help write your posts. When you share a link, we retrieve the public content at that URL so Amelia can draft from it, and we access LinkedIn only through LinkedIn’s official APIs and publicly available information. We don’t sell, rent, or broker your data, and Amelia is not a data broker.
1. Who We Are
Amelia Vibe, LLC ("Amelia Vibe", "we", "our" or "us") is a limited liability company. We help professionals maintain a consistent LinkedIn presence by generating, scheduling, and publishing posts they approve. We operate globally.
Privacy contact: For any data-protection enquiries, contact privacy@ameliavibe.com. We do not currently appoint a Data Protection Officer (DPO) as we do not meet the appointment thresholds under GDPR Article 37.
2. Scope
This Policy explains how we collect, use, disclose, and safeguard personal information when you:
- visit ameliavibe.com or any sub-domain,
- use our browser extension ("Amelia Vibe Extension"),
- create an account or otherwise use our application ("Services"), or
- interact with our Telegram bot or WhatsApp Business account,
- interact with us via support, email, social media, or marketing.
3. What Data We Collect
| Category | Examples | Legal Basis (GDPR) / Purpose |
|---|---|---|
| Account Data | Name, email address, password-less auth token | Contract: create & secure your account |
| LinkedIn OAuth Data | OAuth tokens, member identifier (profile/URN), name, headline, profile photo URL, post identifiers (share/ugc URNs), scheduled/published post content you approve, and, where post analytics are enabled for your account, aggregate post analytics (impressions, reactions, comments, reshares) for your authenticated profile only, retrieved via LinkedIn's Community Management API. | Contract & Consent: generate, schedule, publish content you approve; display your own post performance |
| Content & Usage Data | Topics you select, AI-generated posts, approvals/skips, credit usage, log files, device/browser info | Legitimate interests: operate, improve, secure, and bill for the Services |
| Shared Links & Retrieved Content | URLs you share (in chat, via the browser extension, or forwarded through a connected messaging account) and the public content we retrieve from them via third-party content-retrieval services. See Section 6. | Legitimate interests & Consent: retrieve the content you ask Amelia to draft from |
| Voice & Audio Data | Voice memos and audio you record or upload for dictation/transcription, and the resulting text transcript | Consent: convert your speech to text so you can dictate content for post drafting |
| Payment Data | Stripe customer ID, plan tier, last 4 of card (we never store full card numbers) | Contract & Legal obligation: process payments, prevent fraud |
| X (Twitter) OAuth Data | OAuth tokens, X user ID, username, direct messages you send to Amelia's X account, tweet URLs shared via DM, bookmarks (if enabled) | Consent: capture content you share with us via X DM for use in post drafting; read bookmarks for content inspiration |
| Google Drive Data | OAuth tokens, email address associated with your Google account, file names and metadata (type, size, modification date) from a folder you select, file contents for processing | Consent: sync files from a folder you choose to use as content inspiration for post drafting |
| OneDrive Data | OAuth tokens, email address associated with your Microsoft account, file names and metadata (type, size, modification date) from a folder you select, file contents for processing | Consent: sync files from a folder you choose to use as content inspiration for post drafting |
| Browser Extension Data | Page URL, page title, selected text, favicon URL of pages you explicitly choose to save or chat about via the extension | Consent: capture web content you choose to send to Amelia Vibe for content inspiration and post drafting |
| Messaging Channel Data | Phone number (WhatsApp) or Telegram user ID, display name or username from the platform, temporary 6-character linking codes | Consent: link your messaging account so you can send content to Amelia Vibe via Telegram or WhatsApp |
| Marketing Data (optional) | Newsletter opt-in, survey responses, referral info | Consent: send product updates or marketing you've opted into |
We do not request or store your LinkedIn password. We do not access your LinkedIn private messages, connections list, or any data beyond what is described above.
What happens if you don't provide data: Account Data is required to create and use your account; without it, we cannot provide the Services. LinkedIn OAuth Data is required to publish posts on your behalf. All other data categories (X, Google Drive, OneDrive, Marketing) are optional, and you can use Amelia Vibe without connecting those integrations.
3.1 Google Sign-In Data
When you choose "Continue with Google," we request only the openid, email, and profile scopes. We use the resulting Google ID token to (a) create your Amelia Vibe account, and (b) let you log in-out securely.
3.2 X (Twitter) Integration Data
When you connect your X account, we request the following OAuth 2.0 scopes: dm.read, dm.write, tweet.read, users.read, bookmark.read, offline.access. We use these permissions to (a) receive content you share with us via direct message, (b) send you confirmation replies, (c) read your public tweets and bookmarks for content inspiration, and (d) keep you connected without requiring you to re-authorize. We do not post tweets on your behalf, and we do not access your followers list, likes, or any data beyond the scopes listed above. When you request post drafts, content you have shared via DM or bookmarks may be sent to our AI providers (listed in Section 6) as context to generate those drafts. We do not send your X analytics or engagement data to AI providers.
3.3 Google Drive Integration Data
If you choose to connect Google Drive, we request the drive.readonly and userinfo.email scopes via a separate OAuth consent flow. We use these permissions to (a) list folders so you can pick one to map, (b) read file names and metadata from your selected folder, and (c) download file contents for processing into content inspiration. When you request post drafts, file contents from your selected folder may be sent to our AI providers (listed in Section 6) as context to generate those drafts. We access only the folder you select. We do not browse, index, or store files from any other part of your Drive. We do not send your Google Drive data to AI providers for any purpose other than generating content you have requested. We do not use Google Drive data to train, improve, or fine-tune any machine-learning or AI models. Amelia Vibe employees and contractors do not access your Google Drive file contents unless (a) you have given explicit consent for a specific support request, (b) it is necessary for security or abuse investigation, or (c) it is required by law. File metadata synced from your selected folder is retained only while your Google Drive integration is active and is used solely to provide the service. We do not build permanent databases of Google user data. You can disconnect Google Drive at any time from your account settings, and we will delete your Drive OAuth tokens, synced file metadata, and any cached file content within 10 days.
3.4 OneDrive Integration Data
If you choose to connect OneDrive, we request the Files.Read and User.Read scopes via Microsoft's OAuth consent flow. We use these permissions to (a) list folders so you can pick one to map, (b) read file names and metadata from your selected folder, and (c) download file contents for processing into content inspiration. When you request post drafts, file contents from your selected folder may be sent to our AI providers (listed in Section 6) as context to generate those drafts. We access only the folder you select. We do not browse, index, or store files from any other part of your OneDrive. We do not send your OneDrive data to AI providers for any purpose other than generating content you have requested. We do not use OneDrive data to train, improve, or fine-tune any machine-learning or AI models. Amelia Vibe employees and contractors do not access your OneDrive file contents unless (a) you have given explicit consent for a specific support request, (b) it is necessary for security or abuse investigation, or (c) it is required by law. File metadata synced from your selected folder is retained only while your OneDrive integration is active and is used solely to provide the service. We do not build permanent databases of Microsoft user data. You can disconnect OneDrive at any time from your account settings, and we will delete your OneDrive OAuth tokens, synced file metadata, and any cached file content within 10 days.
3.5 Browser Extension Data
The Amelia Vibe browser extension lets you save web pages and selected text to your Amelia Vibe account, or start a chat conversation using page content as context. The extension collects the following data only when you explicitly click "Save to Amelia" or "Chat about this":
- Page URL and page title of the active tab
- Selected text (if any text is highlighted on the page)
- Favicon URL for display purposes
The extension does not run in the background, does not track your browsing history, does not collect data from pages you visit unless you explicitly trigger a save or chat action, and does not inject ads or modify page content. The extension stores your authentication token locally in your browser using chrome.storage.local to keep you signed in. You can sign out at any time from the extension popup, which deletes the stored token.
When you use "Save to Amelia," the captured data is sent to our servers and processed through the same pipeline described in Section 5 (AI providers may be used to summarise or classify the content). When you use "Chat about this," the page context is passed to the compose chat as an initial message.
3.6 LinkedIn Integration Data
When you connect your LinkedIn account, we use the LinkedIn API to (a) retrieve your name, headline, and profile photo for display within the app, and (b) publish posts you approve to your LinkedIn profile. All LinkedIn member data is displayed only within the Amelia Vibe application. We do not export, transfer, or make it available outside the app.
Analytics: We have access to LinkedIn's Community Management API and, where this feature is enabled for your account, retrieve aggregate post performance metrics (impressions, reactions, comments, reshares) for your authenticated profile. This data is (a) displayed only within Amelia Vibe to show you how your posts perform, and (b) stored in compliance with LinkedIn's Data Storage Requirements: member profile data is cached for no more than 24 hours, member social activity data (such as individual reactions or comments from other members) for no more than 48 hours, after which it is refreshed from LinkedIn or deleted, and all LinkedIn data is deleted within 10 days if you disconnect. We will not send LinkedIn analytics or profile data to AI providers, use it for advertising, sales, or recruiting purposes, or combine it with data from other sources.
3.7 Messaging Channel Data (Telegram & WhatsApp)
You may optionally connect a Telegram or WhatsApp account to send content to Amelia Vibe via messaging. This integration is entirely user-initiated: you generate a temporary linking code in your dashboard and voluntarily send it to our bot. We do not initiate contact or message you first.
When you link your account, we collect and store: (a) your phone number (WhatsApp) or Telegram user ID, (b) your display name or username from the platform, and (c) a temporary 6-character linking code that expires after 10 minutes. We use this data solely to identify your account when you send messages to the bot.
We do not currently store the content of messages you send via Telegram or WhatsApp. When content capture is enabled in the future, message text will be processed to extract content inspiration for post drafting (the same pipeline described in Section 5) and will not be retained long-term. We will never share your message contents with third parties without your authorisation, except where required by law.
Messages transit through Telegram's Bot API and Meta's WhatsApp Cloud APIrespectively. These platforms have their own privacy policies that apply to message delivery. You can disconnect either integration at any time from Settings → Integrations, or by sending "stop" to the bot.
3.8 Voice & Audio Transcription
When you dictate by voice or upload an audio file, we send the audio to a third-party speech-to-text provider to convert it into a text transcript you can use for post drafting. We use Deepgram, Inc. for real-time dictation (audio is streamed live as you speak) and OpenAI (Whisper) for transcribing uploaded audio files. Only the audio you explicitly record or upload for this purpose is sent; we do not access your microphone in the background. The resulting transcript is treated like any other content you provide and may be sent to our AI providers (listed in Section 6) when you request post drafts. You can review, edit, or delete a transcript at any time.
4. How We Use Your Data
- Provide, maintain, and improve the Services
- Authenticate you and secure your account
- Generate, schedule, and publish posts you approve
- Track usage to enforce plan limits and bill correctly
- Communicate product updates, security alerts, or marketing (if opted in)
- Detect and prevent abuse or violations of our Terms
- Comply with legal obligations (tax, accounting, fraud prevention)
5. Automated Processing & AI
Amelia Vibe uses artificial intelligence to generate post drafts, score how well a draft aligns with your direction and writing patterns (alignment scoring), and analyse the kind of post you want. These features involve automated processing of the content and preferences you provide.
- What it does: Our AI models (listed in Section 6) take your direction, topics, writing patterns, and any reference material you provide, then generate suggested post text and numeric alignment scores.
- No solely automated decisions: Every draft is presented as a suggestion. You decide whether to edit, approve, or discard it. No content is published without your explicit action. No account-level decisions (access, pricing, eligibility) are made by automated means alone.
- Your right to object: Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. If you believe any automated output has affected you in such a way, contact privacy@ameliavibe.com and we will review it with human involvement.
6. How & Why We Share Data
We never sell, rent, or broker your information, and Amelia is not a data broker. We share data only with the third parties listed below and only as needed to operate the Service. For a detailed list of all sub-processors, including data locations and processing purposes, see our Sub-Processors page.
Amelia Vibe's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including its Limited Use requirements. Specifically, we:
- Do not transfer Google user data to third parties unless necessary to provide user-facing features you have explicitly requested (e.g., sending file contents to AI providers when you request post drafts), as required by law, or with your explicit consent.
- Do not use Google user data for serving advertisements, including retargeting, personalised, or interest-based advertising.
- Do not use Google user data to determine creditworthiness or for lending purposes.
- Do not use Google user data to train, improve, or fine-tune any machine-learning or AI models (our AI providers are contractually prohibited from using your data for model training as well).
- Do not transfer Google user data to any application or service that does not meet the Google API Services User Data Policy.
Amelia Vibe's use of information received from Microsoft APIs (including OneDrive) will adhere to the Microsoft APIs Terms of Use. Specifically, we do not use Microsoft user data for advertising, model training, creditworthiness assessments, or any purpose unrelated to providing the features you have explicitly requested.
We access LinkedIn only through LinkedIn's official APIs and publicly available information, consistent with the LinkedIn API Terms of Use.
| Recipient | Reason | Safeguards |
|---|---|---|
| LinkedIn Corp. | Publish posts you approve | OAuth 2.0; minimal scopes requested |
| Google LLC | Sync files from a Drive folder you select for content inspiration | OAuth 2.0; read-only scope; only the folder you choose |
| Microsoft Corp. | Sync files from a OneDrive folder you select for content inspiration | OAuth 2.0; read-only scope; only the folder you choose |
| X Corp. | Receive content you share via DM; read bookmarks for inspiration | OAuth 2.0 PKCE; minimal scopes; tokens encrypted at rest |
| Meta Platforms (WhatsApp Cloud API) | Send and receive messages when you use the WhatsApp integration | User-initiated linking; no OAuth; phone number used only for message delivery |
| Telegram FZ-LLC (Bot API) | Send and receive messages when you use the Telegram integration | User-initiated linking; no OAuth; Telegram user ID used only for message delivery |
| Stripe Inc. | Payment processing & invoicing | PCI-DSS compliant; tokenised payments |
| Supabase Ltd. | Managed Postgres DB, auth, storage | Data encrypted in transit & at rest |
| OpenAI / Anthropic (AI providers) | Generate suggested post drafts from prompts and context you provide; transcribe uploaded audio files; generate images; content moderation | API agreements prohibit use of your data for model training; providers may retain inputs briefly (up to 30 days) for abuse and safety monitoring only |
| Deepgram, Inc. | Real-time speech-to-text for voice dictation | Audio streamed only when you dictate; we opt out of model-improvement, so audio is not used for training and is retained only to process the request |
| Third-party content-retrieval services | Retrieve the public content at a link you share (a tweet, a social post, or an article) so Amelia can draft from it | Only the web address you share and the public content retrieved are processed; LinkedIn links are never passed to these services |
| PostHog, Inc. | Product analytics, feature flags | Anonymised events; DPA in place |
| Functional Software, Inc. (Sentry) | Error monitoring, performance tracing | Error data only; DPA in place |
| Service providers | Operate or improve the Services | Bound by confidentiality & DPAs |
| Authorities (when required) | Legal compliance or to protect rights & safety | Only where strictly necessary |
We do not sell your personal information.
Our use of LinkedIn data is subject to the LinkedIn API Terms of Use, LinkedIn Marketing API Terms, and LinkedIn Data Storage Requirements. Our use of X (Twitter) data is subject to the X Developer Agreement. Our use of Microsoft OneDrive data is subject to the Microsoft APIs Terms of Use. Our use of the WhatsApp Business Platform is subject to the WhatsApp Business Messaging Policy. Our Telegram bot complies with the Telegram Bot Developer Terms of Service.
7. International Transfers
We host data in the United States and Canada. When information is transferred outside your jurisdiction, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission, or
- Comparable contractual or organisational safeguards.
8. Security
- HTTPS/TLS encryption for all data in transit
- AES-256 encryption at rest, including all OAuth tokens and API credentials
- Encryption key management through our infrastructure provider's managed key services
- Role-based access controls & least-privilege principles
- Routine security monitoring, logging, and backups
- Application security practices aligned with OWASP Top 10
No internet transmission is 100% secure. In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of it (as required by GDPR Article 33). If the breach poses a high risk to your rights and freedoms, we will also notify you directly without undue delay (Article 34). Where required by other laws (e.g., CCPA, PIPEDA), we will comply with applicable breach notification timelines.
In the event of a security incident involving data obtained from Google APIs, we will promptly notify Google at security@google.com in addition to affected users and any authorities required by law.
9. Data Retention
- Account & OAuth tokens (LinkedIn, X, Google Drive, OneDrive): retained while you have an active account or until you revoke permissions for the respective platform.
- Generated content & usage logs: retained for 24 months unless you request earlier deletion.
- LinkedIn data: we store your authenticated profile data (name, headline, photo) and post identifiers while your account is connected, in accordance with LinkedIn's Data Storage Requirements. Where post analytics are enabled for your account, aggregate reporting metrics for your own posts are retained for up to 12 months; member profile data is cached for no more than 24 hours and member social activity data (e.g., individual comments or reactions from other members) for no more than 48 hours, after which it is refreshed from LinkedIn or deleted, per LinkedIn's requirements.
- X bookmarks & DM content: processed on receipt to extract content inspiration; raw bookmark and DM data is not stored long-term and is deleted within 30 days of processing.
- Voice & audio: audio you record or upload is sent to our transcription providers (Deepgram, OpenAI Whisper) to produce a transcript. We retain the transcript with your content; you can delete it at any time. Streamed dictation audio is not stored by us after transcription.
- Messaging channel links (Telegram, WhatsApp): retained while the integration is connected. Temporary linking codes expire and are deleted after 10 minutes. Message content is not stored.
- Billing records: retained for at least 7 years to meet tax and accounting obligations.
You may delete your account at any time from the app or by emailing amelia@ameliavibe.com.
LinkedIn data deletion: If you disconnect LinkedIn or delete your account, we will delete your LinkedIn OAuth tokens and any LinkedIn data retrieved via the LinkedIn APIs on your behalf within 10 days, unless retention is required by law.
X data deletion: If you disconnect your X account or delete your Amelia Vibe account, we will delete your X OAuth tokens, stored DM content, and any X data retrieved on your behalf within 10 days, unless retention is required by law.
Google Drive data deletion: If you disconnect Google Drive or delete your Amelia Vibe account, we will delete your Google Drive OAuth tokens, synced file metadata, and any file content retrieved on your behalf within 10 days, unless retention is required by law.
OneDrive data deletion: If you disconnect OneDrive or delete your Amelia Vibe account, we will delete your OneDrive OAuth tokens, synced file metadata, and any file content retrieved on your behalf within 10 days, unless retention is required by law.
Messaging channel deletion: If you disconnect Telegram or WhatsApp (from Settings → Integrations or by sending "stop" to the bot), we will delete your phone number or Telegram user ID and any associated metadata immediately.
10. Your Rights
| Region | Rights |
|---|---|
| EU/UK (GDPR) | Access, rectification, erasure, restriction, portability, objection, automated-decision review |
| California (CCPA/CPRA) | Know, delete, correct, opt-out of "sale"/"sharing", non-discrimination |
| Canada (PIPEDA) | Access, correction, withdraw consent |
| Other jurisdictions | We extend comparable rights wherever feasible |
To exercise any right, email privacy@ameliavibe.com. We respond within 30 days (or as required by law).
Withdrawing consent: Where we rely on consent as a legal basis, you may withdraw it at any time by updating your preferences in account settings or emailing us. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent.
Right to complain: If you are in the EU/EEA or UK and are unsatisfied with how we handle your data, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU authorities is available at edpb.europa.eu. For the UK, contact the Information Commissioner's Office (ICO).
Data portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV). Email privacy@ameliavibe.com to request an export.
- Disconnect LinkedIn: you can disconnect your LinkedIn account from your Amelia Vibe settings at any time. We will delete your LinkedIn OAuth tokens and any LinkedIn data within 10 days of disconnection.
- Disconnect X: you can disconnect your X account from your Amelia Vibe settings at any time. We will delete your X OAuth tokens and any X data within 10 days of disconnection.
- Disconnect Google Drive: you can disconnect Google Drive from your Amelia Vibe settings at any time. You can also revoke access in Google Account → Security → Third-party apps with account access. We will delete your Google Drive OAuth tokens and any synced data within 10 days of disconnection.
- Disconnect OneDrive: you can disconnect OneDrive from your Amelia Vibe settings at any time. You can also revoke access in Microsoft Account → Privacy → Apps and services. We will delete your OneDrive OAuth tokens and any synced data within 10 days of disconnection.
- Disconnect Telegram or WhatsApp: you can disconnect from Settings → Integrations at any time, or send "stop" to the bot to unlink immediately. Your phone number or Telegram user ID will be deleted upon disconnection.
11. Cookies & Tracking
We use first-party and limited third-party cookies for authentication, analytics, and remembering preferences. Most browsers let you refuse or delete cookies; doing so may affect functionality. You can manage your cookie preferences at any time using the cookie consent banner.
Your cookie consent applies across all Amelia Vibe domains and subdomains, including:
- ameliavibe.com: main application
- secure.ameliavibe.com: payment processing
- api.ameliavibe.com: API services
- status.ameliavibe.com: service status
12. Children
Amelia Vibe is not directed at children under 16, and we do not knowingly collect their personal information.
13. Changes to This Policy
If we make material changes, we will notify you by email or in-app banner and update the "Last updated" date. Continued use of the Services constitutes acceptance of the revised policy.
14. Contact Us
Have questions about this policy? Contact us at amelia@ameliavibe.com
Amelia Vibe, LLC
777 Brickell Ave, Suite 500 PMB 1083
Miami, FL 33131, United States