In plain English: AudienceFlow is an analytics tool for LinkedIn page administrators. We access your page's follower and visitor statistics through the official LinkedIn Pages Data Portability API (DMA) — solely to show you aggregated demographic analytics about your own audience. We never sell your data, never access personal data of your followers, and never post on your behalf.
01 Data Controller
The data controller responsible for the processing of your personal data is:
02 Data We Collect
When you use AudienceFlow, we may collect the following categories of data:
- Account data: Your email address and password (hashed) used to create your AudienceFlow account.
- LinkedIn authentication data: An OAuth access token provided by LinkedIn when you connect your LinkedIn page. This token allows us to read follower and visitor statistics on your behalf. We do not store your LinkedIn credentials.
- Aggregated follower and visitor statistics: Demographic analytics about your LinkedIn page's followers and visitors (e.g., job function distribution, seniority levels, geographic regions, industries, company size). This data is retrieved via the
dmaOrganizationalPageEdgeAnalytics endpoint and is aggregated, anonymized — it does not contain personal data of individual followers or visitors.
- ICP configuration: Your defined ideal customer profile criteria, which you provide voluntarily.
- Usage data: Standard server logs (IP address, browser type, pages visited) for security and service improvement purposes.
03 LinkedIn Data Usage
AudienceFlow accesses LinkedIn data exclusively through the official LinkedIn Pages Data Portability API (Digital Markets Act), specifically the dmaOrganizationalPageEdgeAnalytics endpoint, using the r_dma_admin_pages_content permission scope. Access is granted only when you explicitly authorize our application as a LinkedIn page administrator via OAuth.
Our use of LinkedIn data is strictly limited to:
- Retrieving aggregated, anonymized follower and visitor demographic analytics for LinkedIn pages you administer (job function, industry, seniority, geography, company size breakdowns).
- Retrieving follower and visitor trend data over time (up to 365 days).
- Displaying these statistics within your AudienceFlow dashboard.
- Generating audience analytics, ICP scoring, and AI-powered recommendations based on this data.
We explicitly do NOT:
- Access the personal profiles or personal data of your individual LinkedIn followers.
- Post, comment, like, or perform any action on LinkedIn on your behalf.
- Scrape, crawl, or extract data from LinkedIn outside of official API endpoints.
- Share, sell, or transfer LinkedIn-sourced data to any third party.
- Use LinkedIn data to build profiles of individual people.
- Use LinkedIn data for advertising, targeting, or any purpose other than providing the analytics service described herein.
Our use of data obtained from LinkedIn complies with the LinkedIn API Terms of Use, the Pages Data Portability API terms, and LinkedIn's data policies under the Digital Markets Act.
04 Purpose & Legal Basis
We process your personal data for the following purposes and on the following legal bases under the GDPR:
- Service delivery (Art. 6(1)(b) GDPR — Contract): Processing your account data and LinkedIn follower statistics is necessary to provide the AudienceFlow analytics service you signed up for.
- Legitimate interests (Art. 6(1)(f) GDPR): Processing usage data and server logs to ensure the security and proper functioning of our platform.
- Consent (Art. 6(1)(a) GDPR): When you connect your LinkedIn page via OAuth, you explicitly grant us permission to access your page's follower and visitor statistics. You may revoke this consent at any time.
05 No Sale of Personal Data
We do not sell, rent, lease, or otherwise transfer your personal data or LinkedIn-sourced data to any third party for commercial purposes. This applies unconditionally — no exceptions.
06 Data Retention
- Account data: Retained for as long as your account is active. Deleted within 30 days of account deletion.
- LinkedIn OAuth tokens: Stored securely and refreshed as needed. Revoked and deleted immediately upon disconnection of your LinkedIn page or account deletion.
- Follower and visitor statistics: Retained according to your plan (90 days for Starter, unlimited for Pro). Deleted upon account deletion.
- Server logs: Retained for a maximum of 90 days.
07 Data Sharing & Third Parties
We use a limited number of third-party service providers to operate AudienceFlow. These processors act strictly on our instructions and are bound by data processing agreements:
- Supabase (database and authentication) — data stored in EU region.
- Vercel (hosting and infrastructure) — servers located in EU region.
- Stripe (payment processing) — only processes billing data; has no access to your LinkedIn data or follower statistics.
- Anthropic (AI insights generation) — only receives aggregated, anonymized audience statistics in API requests. No personal data is transmitted.
We do not share your data with any other third parties unless required by law or to protect the rights and safety of our users.
08 Security
We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. OAuth tokens are stored encrypted and are never exposed in client-side code.
While we take security seriously, no method of transmission or storage is 100% secure. If you become aware of any security issue, please contact us immediately at .
09 Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data ("right to be forgotten").
- Right to restriction: Request that we limit processing of your data.
- Right to data portability: Request your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Withdraw your LinkedIn OAuth authorization at any time, either within AudienceFlow or directly in your LinkedIn security settings.
To exercise any of these rights, contact us at . We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
10 Cookies
AudienceFlow uses only strictly necessary cookies to maintain your authenticated session. We do not use advertising, tracking, or analytics cookies. No third-party tracking scripts are loaded on our application.
11 Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify active users by email if changes are material. Continued use of AudienceFlow after changes constitutes acceptance of the updated policy.