Privacy policy
Plain-language version. The legal version is identical in meaning, just longer.
Last updated: 2026-05-06
Plain-language version
We hold your account, your CV materials, your applications, your drafts, your diary, your calendar (if connected), and — if you opt in — a one-shot import of your LinkedIn profile data via the LinkedIn Member Data Portability API (3rd Party). That’s it.
We never sell, share, train, advertise, or expose your data. The full negative list is on the Security page.
You can export everything in a zip, anytime, from settings. You can delete everything, anytime, from settings. Deletion is irreversible and cascades through every backing system within 7 days.
We log every access — by you, by us, by any sub-processor. You can see the log in your settings.
We use a small, fully-disclosed list of sub-processors, listed on the Sub-processors page with country and international-transfer basis for each.
If we ever change anything material in this policy, you get an email and a 30-day notice before it takes effect. You can export and delete during the notice window with no friction.
What “personal data” means here
Per GDPR Article 4(1), personal data is any information relating to an identified or identifiable natural person. For Omoikane, that includes your email, your name, your CV content, your application history, your diary entries, your calendar events, and (if you connect LinkedIn) the subset of your LinkedIn profile data described in the LinkedIn Member Data Portability section below.
Legal basis
- Performance of a contract (Art. 6(1)(b)) — for everything required to deliver the career-coaching service you signed up for.
- Legitimate interest (Art. 6(1)(f)) — for security, fraud prevention, and audit logging.
- Legal obligation (Art. 6(1)(c)) — for accounting and tax records.
- Consent (Art. 6(1)(a)) — for the optional calendar integration AND for the optional LinkedIn data import. Both are revocable at any time from your account settings, and the LinkedIn one is also revocable from LinkedIn’s Permitted services panel (see below).
Your rights
Under GDPR you have the right to access, correct, delete, port, restrict, and object. The operational realisation of each of these is in your account settings. If anything is broken or unclear, write to privacy@omoikane.coach and we will respond within 30 days.
You also have the right to file a complaint with your national data protection authority. For the Netherlands, that’s the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
Data retention
| Category | Retention |
|---|---|
| Active account data | As long as you keep the account |
| LinkedIn-imported data | Only for as long as you have authorised the LinkedIn connection AND your account remains active. Deleted within 7 days of either: account closure on Omoikane, account closure on LinkedIn, or revocation of LinkedIn consent (whichever happens first). |
| Audit log | 90 days hot in DB, 12 months in encrypted off-site backup. The audit log records metadata of access (who accessed what kind of record, when, from where) — it does not contain LinkedIn-sourced field values or other PII payloads. |
| Closed account | 7 days for full deletion (the system runs the cascade async) |
| Billing records | 7 years per Dutch fiscal law (AWR Art. 52); we rely on Stripe as the system of record. The retention obligation is ours; Stripe is the storage mechanism. |
Security
- Transport. All HTTPS endpoints serve TLS 1.2 or higher (TLS 1.3 by default), with HSTS, certificate pinning at the edge, and modern ciphers only.
- At rest. All databases are encrypted at rest; backup archives are encrypted with
age+sopsbefore leaving the host. - Access. Production access is RBAC, least-privilege, MFA-mandatory; every access is logged in the audit trail you can read from your account settings.
- Detection. We run our own log aggregation, intrusion-detection rules, and rate-limiting at the edge.
- Breach notification. If we become aware of a personal-data breach affecting your data, we notify you within 72 hours as required by GDPR Art. 34. For breaches involving LinkedIn-sourced data we additionally notify
security@linkedin.comwithin 24 hours per the LinkedIn API Terms of Use. - No pen-test partner brand to drop here yet — when one is engaged, it will appear on the Sub-processors page.
Things we explicitly do NOT do
- We do not use Omoikane data — including LinkedIn-imported data — to make or inform decisions about credit, insurance, employment eligibility, housing, immigration, or any other consequential third-party determination.
- We do not infer, store, or trade on protected categories (race, ethnicity, religion, political opinion, trade-union membership, sexual orientation, gender identity, disability, health, biometric or genetic data).
- We do not train any model — ours or anyone else’s — on your data.
- We do not target advertising.
- We do not disclose your data to recruiters, employers, or any third party except the strictly-named sub-processors on our Sub-processors page.
Children
Omoikane is intended for users 16 and older (matching the LinkedIn age floor). We do not knowingly collect personal data from anyone under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will delete it.
LinkedIn Member Data Portability
Omoikane integrates with the LinkedIn Member Data Portability API (3rd Party) under the EU Digital Markets Act (Regulation (EU) 2022/1925). The (3rd Party) variant means Omoikane offers this integration to its own customers — not just to one developer for personal use. The integration is optional and can be revoked at any time.
What we request
When you choose to connect LinkedIn, you authorise Omoikane to request a one-shot snapshot of the following Member Data Portability domains from your LinkedIn profile:
- Account history (work history, education, certifications, skills)
- Profile content (headline, summary, location, languages)
- Posts and articles you authored (text only — used only as voice samples for cover-letter drafting; never re-published)
We do not request: connections list, messages, search history, ad-engagement, payment data, or any field outside the explicit list above.
Why we request it
A career coach needs to know your work history, education, skills, and writing voice to draft a CV / letter / email tailored to a specific posting. Importing from LinkedIn is faster and less error-prone than asking you to re-type or PDF-upload everything. The data is used only to ground the AI drafts (every claim cited to its source) — never to message anyone, never to inform recruiters, never to train models.
How LinkedIn-imported data flows to our LLM provider
Drafting requires sending the relevant subset of your imported posts and CV-equivalent fields to Anthropic Claude (our LLM provider — see Sub-processors) as part of the prompt. The subset is selected per-draft by our server-side retrieval layer (we send only what the model needs to produce that one draft, not your whole imported corpus). Anthropic’s API processes the prompt and returns the draft; Anthropic does not retain prompts beyond the request, does not train any model on the data, and is contractually bound by EU Standard Contractual Clauses for any US-region traffic. The transferred subset is the same data flow whether you uploaded a CV PDF or imported from LinkedIn — there is no LinkedIn-specific deviation in how we route it.
How we store it
LinkedIn-imported data is stored in our primary application database (a YugabyteDB cluster — Postgres-protocol distributed SQL, replicated 3x across our gigahost.no Norway hosts and a Leiden DMZ witness — see Sub-processors for hosting locations). At-rest encryption is enabled on all replicas. Transit between hosts is via IPsec. Vector embeddings of your data live in Qdrant on the same infrastructure. Per the Security page, TLS protects every leg of the data path.
How long we keep it
See Data retention above. The short version: only while your LinkedIn connection is authorised AND your Omoikane account is active.
LinkedIn’s OAuth implementation expires the Portability access token automatically 12 months after authorisation, meaning Omoikane must obtain fresh consent from you to continue the integration past one year. If you do not re-consent within 7 days of token expiry, our system treats it as a revocation and runs the deletion cascade. We do not silently extend, and we do not retain LinkedIn-imported data past expiry without your fresh consent.
Per LinkedIn DMA Portability API Terms §3.1, deletion begins immediately upon your request — by revoking the connection from your Omoikane settings, or by closing your Omoikane account: the data is removed from active production systems (database, vector store, AI-generated drafts that referenced the imported data) within minutes, and the cascade through replicas, encrypted backups, and audit-log archive markers completes within 7 days. No LinkedIn-imported data remains queryable by Omoikane or any sub-processor past the immediate-removal step.
When a deletion trigger reaches us asynchronously from LinkedIn’s side (you revoke from LinkedIn’s Permitted services panel, you close your LinkedIn account, or the OAuth grant expires without renewal), the same cascade runs from the moment we detect the signal: immediate removal from production, full cascade complete within 7 days.
How to revoke
You can revoke the LinkedIn connection from two places, and either is sufficient:
- From Omoikane — Settings → Integrations → LinkedIn → Disconnect
- From LinkedIn — Profile photo (Me) → Settings & Privacy → Data Privacy → Other applications → Permitted services → remove Omoikane.Coach
Revoking from either side triggers immediate removal of all LinkedIn-imported data from production systems, with the full cascade through replicas, encrypted backups, and audit-log archive markers completing within 7 days.
Display of imported data
Per LinkedIn DMA Portability API Terms §2.1, we make no claim that LinkedIn has “verified” or “confirmed” the accuracy of any imported data. When we display LinkedIn-imported fields back to you, or use them in a draft, we present them as data you provided to LinkedIn — surfaced via the portability channel — and you remain the source of truth.
Compliance commitments
Omoikane processes LinkedIn data under, and acknowledges:
- The LinkedIn API Terms of Use (linkedin.com/legal/l/api-terms-of-use)
- The LinkedIn DMA Portability API Additional Terms (linkedin.com/legal/l/portability-api-terms)
- The LinkedIn BD Data Processing Agreement (legal.linkedin.com/bd-dpa) incorporated by reference into the DMA Portability Terms via §3.3 thereof
Controller/processor characterisation
For the LinkedIn-imported data subset, Omoikane acts as the sole data controller in the GDPR sense once the data leaves LinkedIn under the user’s portability right (Art. 20 GDPR / DMA Art. 6(9)). LinkedIn is the source channel and remains controller for the data they continue to hold on you.
We acknowledge that the LinkedIn BD Data Processing Agreement, which the DMA Portability Terms incorporate by reference, places a number of processor-style obligations on the receiving party regardless of the formal controller/controller framing — including (i) industry-standard security obligations, (ii) 24-hour breach notification to LinkedIn, (iii) cooperation with audit requests, and (iv) sub-processor disclosure. We treat those obligations as binding on Omoikane and have built them into our security posture, our breach-response playbook (see Security above), and the Sub-processors register. The sole-controller framing applies to the GDPR-rights side (you exercise GDPR rights against us, not against LinkedIn, for the imported subset); the BD DPA framing applies to the technical-security and breach-cooperation side.
Controller and contact
Controller: Omoikane.Coach (sole-trader registered in Amsterdam, the Netherlands). General contact: privacy@omoikane.coach Data protection contact: privacy@omoikane.coach. Under GDPR Art. 37 a sole-trader at our scale is not required to appoint a formal Data Protection Officer (no large-scale systematic monitoring, no large-scale special-category processing); we have therefore designated a data protection contact who handles GDPR requests, breach response, and supervisory-authority liaison. We will appoint a formal DPO if/when our processing scale crosses the Art. 37 threshold and will notify you here. Postal address: Available on request via privacy@omoikane.coach — sole-trader registered in Amsterdam, the Netherlands.
Changes to this policy
If we change anything material in this policy you get an email at least 30 days before the change takes effect, and a complete diff of what changed. You can export and delete during the notice window without friction. Non-material changes (typo fixes, link updates, restructuring without semantic change) take effect immediately and are reflected in the Last updated timestamp at the top of this page.