Privacy Policy

1. Who We Are

Amelia Vibe, LLC ("Amelia Vibe", "we", "our" or "us") is a limited liability company. We help professionals maintain a consistent LinkedIn presence by generating, scheduling, and publishing posts they approve. We operate globally.

Privacy contact: For any data-protection enquiries, contact privacy@ameliavibe.com. We do not currently appoint a Data Protection Officer (DPO) as we do not meet the appointment thresholds under GDPR Article 37.

2. Scope

This Policy explains how we collect, use, disclose, and safeguard personal information when you:

• visit ameliavibe.com or any sub-domain,
• use our browser extension ("Amelia Vibe Extension"),
• create an account or otherwise use our application ("Services"), or
• interact with our Telegram bot or WhatsApp Business account,
• interact with us via support, email, social media, or marketing.

3. What Data We Collect

We do not request or store your LinkedIn password. We do not access your LinkedIn private messages, connections list, or any data beyond what is described above.

What happens if you don't provide data: Account Data is required to create and use your account — without it, we cannot provide the Services. LinkedIn OAuth Data is required to publish posts on your behalf. All other data categories (X, Google Drive, OneDrive, Marketing) are optional — you can use Amelia Vibe without connecting those integrations.

3.1 Google Sign-In Data

When you choose "Continue with Google," we request only the openid, email, and profile scopes. We use the resulting Google ID token to (a) create your Amelia Vibe account, and (b) let you log in-out securely.

3.2 X (Twitter) Integration Data

When you connect your X account, we request the following OAuth 2.0 scopes: dm.read, dm.write, tweet.read, users.read, bookmark.read, offline.access. We use these permissions to (a) receive content you share with us via direct message, (b) send you confirmation replies, (c) read your public tweets and bookmarks for content inspiration, and (d) keep you connected without requiring you to re-authorize. We do not post tweets on your behalf, and we do not access your followers list, likes, or any data beyond the scopes listed above. When you request post drafts, content you have shared via DM or bookmarks may be sent to our AI providers (listed in Section 6) as context to generate those drafts. We do not send your X analytics or engagement data to AI providers.

3.3 Google Drive Integration Data

If you choose to connect Google Drive, we request the drive.readonly and userinfo.email scopes via a separate OAuth consent flow. We use these permissions to (a) list folders so you can pick one to map, (b) read file names and metadata from your selected folder, and (c) download file contents for processing into content inspiration. When you request post drafts, file contents from your selected folder may be sent to our AI providers (listed in Section 6) as context to generate those drafts. We access only the folder you select — we do not browse, index, or store files from any other part of your Drive. We do not send your Google Drive data to AI providers for any purpose other than generating content you have requested. We do not use Google Drive data to train, improve, or fine-tune any machine-learning or AI models. Amelia Vibe employees and contractors do not access your Google Drive file contents unless (a) you have given explicit consent for a specific support request, (b) it is necessary for security or abuse investigation, or (c) it is required by law. File metadata synced from your selected folder is retained only while your Google Drive integration is active and is used solely to provide the service. We do not build permanent databases of Google user data. You can disconnect Google Drive at any time from your account settings, and we will delete your Drive OAuth tokens, synced file metadata, and any cached file content within 10 days.

3.4 OneDrive Integration Data

If you choose to connect OneDrive, we request the Files.Read and User.Read scopes via Microsoft's OAuth consent flow. We use these permissions to (a) list folders so you can pick one to map, (b) read file names and metadata from your selected folder, and (c) download file contents for processing into content inspiration. When you request post drafts, file contents from your selected folder may be sent to our AI providers (listed in Section 6) as context to generate those drafts. We access only the folder you select — we do not browse, index, or store files from any other part of your OneDrive. We do not send your OneDrive data to AI providers for any purpose other than generating content you have requested. We do not use OneDrive data to train, improve, or fine-tune any machine-learning or AI models. Amelia Vibe employees and contractors do not access your OneDrive file contents unless (a) you have given explicit consent for a specific support request, (b) it is necessary for security or abuse investigation, or (c) it is required by law. File metadata synced from your selected folder is retained only while your OneDrive integration is active and is used solely to provide the service. We do not build permanent databases of Microsoft user data. You can disconnect OneDrive at any time from your account settings, and we will delete your OneDrive OAuth tokens, synced file metadata, and any cached file content within 10 days.

3.5 Browser Extension Data

The Amelia Vibe browser extension lets you save web pages and selected text to your Amelia Vibe account, or start a chat conversation using page content as context. The extension collects the following data only when you explicitly click "Save to Amelia" or "Chat about this":

• Page URL and page title of the active tab
• Selected text (if any text is highlighted on the page)
• Favicon URL for display purposes

The extension does not run in the background, does not track your browsing history, does not collect data from pages you visit unless you explicitly trigger a save or chat action, and does not inject ads or modify page content. The extension stores your authentication token locally in your browser using chrome.storage.local to keep you signed in. You can sign out at any time from the extension popup, which deletes the stored token.

When you use "Save to Amelia," the captured data is sent to our servers and processed through the same pipeline described in Section 5 (AI providers may be used to summarise or classify the content). When you use "Chat about this," the page context is passed to the compose chat as an initial message.

3.6 LinkedIn Integration Data

When you connect your LinkedIn account, we currently use the LinkedIn API to (a) retrieve your name, headline, and profile photo for display within the app, and (b) publish posts you approve to your LinkedIn profile. All LinkedIn member data is displayed only within the Amelia Vibe application — we do not export, transfer, or make it available outside the app.

Planned analytics features: If we obtain access to LinkedIn's Community Management API, we intend to retrieve aggregate post performance metrics (impressions, reactions, comments, reshares) for your authenticated profile. This data would be (a) displayed only within Amelia Vibe to show you how your posts perform, (b) stored in compliance with LinkedIn's Data Storage Requirements, and (c) deleted within 10 days if you disconnect. We will not send LinkedIn analytics or profile data to AI providers, use it for advertising, sales, or recruiting purposes, or combine it with data from other sources.

3.7 Messaging Channel Data (Telegram & WhatsApp)

You may optionally connect a Telegram or WhatsApp account to send content to Amelia Vibe via messaging. This integration is entirely user-initiated — you generate a temporary linking code in your dashboard and voluntarily send it to our bot. We do not initiate contact or message you first.

When you link your account, we collect and store: (a) your phone number (WhatsApp) or Telegram user ID, (b) your display name or username from the platform, and (c) a temporary 6-character linking code that expires after 10 minutes. We use this data solely to identify your account when you send messages to the bot.

We do not currently store the content of messages you send via Telegram or WhatsApp. When content capture is enabled in the future, message text will be processed to extract content inspiration for post drafting (the same pipeline described in Section 5) and will not be retained long-term. We will never share your message contents with third parties without your authorisation, except where required by law.

Messages transit through Telegram's Bot API and Meta's WhatsApp Cloud APIrespectively — these platforms have their own privacy policies that apply to message delivery. You can disconnect either integration at any time from Settings → Integrations, or by sending "stop" to the bot.

4. How We Use Your Data

1. Provide, maintain, and improve the Services
2. Authenticate you and secure your account
3. Generate, schedule, and publish posts you approve
4. Track usage to enforce plan limits and bill correctly
5. Communicate product updates, security alerts, or marketing (if opted in)
6. Detect and prevent abuse or violations of our Terms
7. Comply with legal obligations (tax, accounting, fraud prevention)

5. Automated Processing & AI

Amelia Vibe uses artificial intelligence to generate post drafts, score how well a draft aligns with your identity (alignment scoring), and analyse your writing style. These features involve automated processing of the content and preferences you provide.

• What it does: Our AI models (listed in Section 6) take your profile anchor, content pillars, style guide, and any reference material you provide, then generate suggested post text and numeric alignment scores.
• No solely automated decisions: Every draft is presented as a suggestion. You decide whether to edit, approve, or discard it. No content is published without your explicit action. No account-level decisions (access, pricing, eligibility) are made by automated means alone.
• Your right to object: Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. If you believe any automated output has affected you in such a way, contact privacy@ameliavibe.com and we will review it with human involvement.

6. How & Why We Share Data

We never sell your information. We share data only with the third parties listed below and only as needed to operate the Service. For a detailed list of all sub-processors, including data locations and processing purposes, see our Sub-Processors page.

Amelia Vibe's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including its Limited Use requirements. Specifically, we:

• Do not transfer Google user data to third parties unless necessary to provide user-facing features you have explicitly requested (e.g., sending file contents to AI providers when you request post drafts), as required by law, or with your explicit consent.
• Do not use Google user data for serving advertisements, including retargeting, personalised, or interest-based advertising.
• Do not use Google user data to determine creditworthiness or for lending purposes.
• Do not use Google user data to train, improve, or fine-tune any machine-learning or AI models (our AI providers are contractually prohibited from using your data for model training as well).
• Do not transfer Google user data to any application or service that does not meet the Google API Services User Data Policy.

Amelia Vibe's use of information received from Microsoft APIs (including OneDrive) will adhere to the Microsoft APIs Terms of Use. Specifically, we do not use Microsoft user data for advertising, model training, creditworthiness assessments, or any purpose unrelated to providing the features you have explicitly requested.

We do not sell your personal information.

Our use of LinkedIn data is subject to the LinkedIn API Terms of Use, LinkedIn Marketing API Terms, and LinkedIn Data Storage Requirements. Our use of X (Twitter) data is subject to the X Developer Agreement. Our use of Microsoft OneDrive data is subject to the Microsoft APIs Terms of Use. Our use of the WhatsApp Business Platform is subject to the WhatsApp Business Messaging Policy. Our Telegram bot complies with the Telegram Bot Developer Terms of Service.

7. International Transfers

We host data in the United States and Canada. When information is transferred outside your jurisdiction, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission, or
• Comparable contractual or organisational safeguards.

8. Security

• HTTPS/TLS encryption for all data in transit
• AES-256 encryption at rest, including all OAuth tokens and API credentials
• Encryption key management through our infrastructure provider's managed key services
• Role-based access controls & least-privilege principles
• Routine security monitoring, logging, and backups
• Application security practices aligned with OWASP Top 10

No internet transmission is 100% secure. In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of it (as required by GDPR Article 33). If the breach poses a high risk to your rights and freedoms, we will also notify you directly without undue delay (Article 34). Where required by other laws (e.g., CCPA, PIPEDA), we will comply with applicable breach notification timelines.

In the event of a security incident involving data obtained from Google APIs, we will promptly notify Google at security@google.com in addition to affected users and any authorities required by law.

9. Data Retention

• Account & OAuth tokens (LinkedIn, X, Google Drive, OneDrive) — retained while you have an active account or until you revoke permissions for the respective platform.
• Generated content & usage logs — retained for 24 months unless you request earlier deletion.
• LinkedIn data — we currently store your authenticated profile data (name, headline, photo) and post identifiers with no time restriction, in accordance with LinkedIn's Data Storage Requirements. If we add analytics features in the future, aggregate reporting data will be retained for up to 12 months and member social activity data (e.g., individual comments or reactions from other members) will be cached for no more than 48 hours, per LinkedIn's requirements.
• X bookmarks & DM content — processed on receipt to extract content inspiration; raw bookmark and DM data is not stored long-term and is deleted within 30 days of processing.
• Messaging channel links (Telegram, WhatsApp) — retained while the integration is connected. Temporary linking codes expire and are deleted after 10 minutes. Message content is not stored.
• Billing records — retained for at least 7 years to meet tax and accounting obligations.

You may delete your account at any time from the app or by emailing amelia@ameliavibe.com.

LinkedIn data deletion: If you disconnect LinkedIn or delete your account, we will delete your LinkedIn OAuth tokens and any LinkedIn data retrieved via the LinkedIn APIs on your behalf within 10 days, unless retention is required by law.

X data deletion: If you disconnect your X account or delete your Amelia Vibe account, we will delete your X OAuth tokens, stored DM content, and any X data retrieved on your behalf within 10 days, unless retention is required by law.

Google Drive data deletion: If you disconnect Google Drive or delete your Amelia Vibe account, we will delete your Google Drive OAuth tokens, synced file metadata, and any file content retrieved on your behalf within 10 days, unless retention is required by law.

OneDrive data deletion: If you disconnect OneDrive or delete your Amelia Vibe account, we will delete your OneDrive OAuth tokens, synced file metadata, and any file content retrieved on your behalf within 10 days, unless retention is required by law.

Messaging channel deletion: If you disconnect Telegram or WhatsApp (from Settings → Integrations or by sending "stop" to the bot), we will delete your phone number or Telegram user ID and any associated metadata immediately.

10. Your Rights

To exercise any right, email privacy@ameliavibe.com. We respond within 30 days (or as required by law).

Withdrawing consent: Where we rely on consent as a legal basis, you may withdraw it at any time by updating your preferences in account settings or emailing us. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent.

Right to complain: If you are in the EU/EEA or UK and are unsatisfied with how we handle your data, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU authorities is available at edpb.europa.eu. For the UK, contact the Information Commissioner's Office (ICO).

Data portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV). Email privacy@ameliavibe.com to request an export.

• Disconnect LinkedIn: you can disconnect your LinkedIn account from your Amelia Vibe settings at any time. We will delete your LinkedIn OAuth tokens and any LinkedIn data within 10 days of disconnection.
• Disconnect X: you can disconnect your X account from your Amelia Vibe settings at any time. We will delete your X OAuth tokens and any X data within 10 days of disconnection.
• Disconnect Google Drive: you can disconnect Google Drive from your Amelia Vibe settings at any time. You can also revoke access in Google Account → Security → Third-party apps with account access. We will delete your Google Drive OAuth tokens and any synced data within 10 days of disconnection.
• Disconnect OneDrive: you can disconnect OneDrive from your Amelia Vibe settings at any time. You can also revoke access in Microsoft Account → Privacy → Apps and services. We will delete your OneDrive OAuth tokens and any synced data within 10 days of disconnection.
• Disconnect Telegram or WhatsApp: you can disconnect from Settings → Integrations at any time, or send "stop" to the bot to unlink immediately. Your phone number or Telegram user ID will be deleted upon disconnection.

11. Cookies & Tracking

We use first-party and limited third-party cookies for authentication, analytics, and remembering preferences. Most browsers let you refuse or delete cookies; doing so may affect functionality.

12. Children

Amelia Vibe is not directed at children under 16, and we do not knowingly collect their personal information.

13. Changes to This Policy

If we make material changes, we will notify you by email or in-app banner and update the "Last updated" date. Continued use of the Services constitutes acceptance of the revised policy.

14. Contact Us

Have questions about this policy? Contact us at amelia@ameliavibe.com