Privacy Policy

The data controller is Ryze Labs LLC, a Wyoming limited liability company with its registered office at:

Ryze Labs LLC
30 N Gould St Ste N
Sheridan, WY 82801
United States

Privacy contact: privacy@ryze.so. This address also serves as our GDPR data-rights contact and handles all access, deletion, portability, and objection requests.

This policy applies to the Ryze website, the Ryze web application, our APIs, and any data we process in connection with them — including data we obtain from LinkedIn through LinkedIn’s APIs when you authorize us to do so.

It does not cover LinkedIn’s own processing of your data on the LinkedIn platform. Your use of LinkedIn through Ryze is additionally governed by the LinkedIn User Agreement and LinkedIn Privacy Policy.

We collect and process the categories of data described below. We collect only what is necessary to provide the Service and will not ask for more than we need.

Account data

Your name, email address, and a password hash created at sign up. If you sign in with LinkedIn, we receive your name, email, profile picture, and LinkedIn profile URL from LinkedIn in place of a password.

User-contributed content

Content you create, upload, or submit inside Ryze — including writing samples, questionnaire responses, Brand DNA answers, drafts you compose or edit, AI-generated drafts you save, images and files you upload, and text you paste into the application. This content is yours and is not obtained from the LinkedIn API.

LinkedIn data obtained via the LinkedIn API

When you authorize Ryze to access your LinkedIn account via OAuth, we receive and process the following data on your behalf, scoped to the permissions you grant:

• Your profile data — your name, headline, profile picture, LinkedIn profile URL, and (if scope is granted) your email address.
• Your posts and post analytics — posts you author on LinkedIn and the associated metrics (impressions, reactions, comments, reshares, follower counts).
• Comments and replies on your posts — including the text of those comments and basic profile information about the commenters so we can display them to you for review and response.
• OAuth access and refresh tokens used to call the LinkedIn APIs on your behalf.

We do not collect LinkedIn data for any user you have not authenticated as. We do not scrape LinkedIn, and we do not collect LinkedIn data outside LinkedIn’s sanctioned APIs.

Technical data

IP address, device and browser type, session cookie, and request logs necessary for authentication, security, abuse prevention, and debugging.

Billing data

If you pay for Ryze, our payment processor (Stripe) collects your billing name, billing address, and card details on our behalf. Ryze does not store full card numbers.

We use personal data only for purposes that are necessary to provide and improve the Service, to meet our legal obligations, or with your consent. Each purpose is tied to a GDPR lawful basis:

Before Ryze accesses any data on your LinkedIn account, you must authorize us through LinkedIn’s OAuth 2.0 consent screen. On that screen LinkedIn shows you exactly which permissions (scopes) Ryze is requesting. You can decline, and you can revoke a previously-granted authorization at any time.

Specifically, before you authenticate you will see:

• What data will be collected — the categories listed in Section 3.
• When it will be collected — at authorization, and periodically thereafter while your authorization remains active so we can keep analytics and conversation views current.
• How it will be used — as described in Section 4.
• Who it will be shared with — only the sub-processors listed in Section 8.
• How to withdraw consent — see Section 7.

When your OAuth access or refresh token expires or is invalidated, we will ask for your consent again before continuing to collect LinkedIn data on your behalf.

You can revoke Ryze’s access to your LinkedIn account at any time inside the Ryze app (Settings → Integrations → Disconnect LinkedIn) or directly on LinkedIn at linkedin.com/psettings/permitted-services. When you disconnect, Ryze immediately deletes your OAuth tokens and all LinkedIn data collected on your behalf, as described in Section 6.

Ryze operates two distinct data streams with different retention rules. LinkedIn data is held only for the durations LinkedIn’s Data Storage Requirements permit. User-contributed content that is not “LinkedIn Data” under the LinkedIn API Terms follows our standard service retention.

Stream A — LinkedIn-sourced data

If two or more categories apply to the same data, the shorter retention period applies. We do not export, transfer, or distribute LinkedIn data outside Ryze, and we do not store it in any repository that would give third parties access to it (other than the sub-processors in Section 8 acting on our instructions).

Stream B — User-contributed content (non-LinkedIn data)

Content you create or upload in Ryze — writing samples, Brand DNA answers, questionnaire responses, drafts, uploads, your own authored conversations inside the Ryze app — is retained for as long as your account is open, subject to the per-category limits below and to your ability to delete it yourself at any time.

Anonymized aggregates are produced only from user-contributed content (Stream B). LinkedIn-sourced data (Stream A) is not included in the aggregate pool used for cross-user analytics or model training.

Under the GDPR, UK GDPR, CCPA/CPRA, and comparable laws, you have the right to:

• Access — receive a copy of your personal data.
• Rectification — correct inaccurate or incomplete data.
• Erasure — ask us to delete your data, subject to limited legal exceptions.
• Portability — receive your data in a structured, machine-readable format.
• Restriction and objection — restrict or object to certain processing based on legitimate interest.
• Withdraw consent — where processing is based on consent (including your LinkedIn OAuth authorization), withdraw it at any time.
• Non-discrimination — we will not discriminate against you for exercising any of these rights.

How to delete your LinkedIn data

You can remove all LinkedIn-sourced data from Ryze at any time without contacting us:

1. Go to Settings → Integrations in the Ryze app and click Disconnect LinkedIn. We immediately revoke our OAuth tokens and delete LinkedIn data associated with your account, or
2. Revoke Ryze’s access directly on LinkedIn at linkedin.com/psettings/permitted-services. Upon the next authenticated request, Ryze detects the revocation and purges the corresponding data.

How to exercise any other right

Email privacy@ryze.so from the address associated with your Ryze account, or use the in-app controls under Settings → Privacy & Data where available. We respond to verified requests within 30 days.

We do not sell or rent personal data. We share it only with the sub-processors listed below, each of which is bound by a data processing agreement that requires them to protect your data and process it only on our instructions.

We may also disclose personal data where required by law, valid legal process, or to protect the rights, property, or safety of Ryze, our users, or the public.

If we are ever involved in a merger, acquisition, or asset sale, we will notify you before personal data becomes subject to a different privacy policy.

Our sub-processors are based primarily in the United States. When we transfer personal data from the EEA, the United Kingdom, or Switzerland to the United States, we rely on the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and the EU-US Data Privacy Framework where applicable, together with supplementary technical measures (encryption in transit and at rest, strict access controls).

A copy of the clauses or further detail is available on request to privacy@ryze.so.

We protect personal data with organizational and technical safeguards designed to meet or exceed industry standards for a platform of this type:

• TLS 1.2+ for all data in transit
• AES-256 encryption at rest for stored data
• Bcrypt password hashing for email/password accounts
• Role-based access controls and least-privilege IAM
• Encrypted database connections
• Audit logging for access to LinkedIn data and administrative actions
• Vulnerability management and periodic security review

If we become aware of a personal data breach that is likely to affect your rights, we will notify the appropriate supervisory authority within 72 hours where required, notify affected users without undue delay, and — where LinkedIn-sourced data is involved — notify LinkedIn as required by the LinkedIn API Terms.

Ryze is not directed to children under 16, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, email privacy@ryze.so and we will delete it.

Ryze uses only strictly-necessary cookies: a session authentication cookie and a small UI-preferences cookie (theme, layout). We do not use analytics cookies, advertising cookies, or third-party tracking scripts on ryze.so, and we do not set any advertising cookies tied to LinkedIn data.

Strictly-necessary cookies are exempt from consent requirements under the EU ePrivacy Directive.

This section summarizes the commitments we make specifically with respect to LinkedIn data. They are in addition to — and are not limited by — the rest of this policy.

• Ryze uses the LinkedIn APIs under the LinkedIn API Terms of Use and the LinkedIn Marketing Developer Platform Terms. These terms are incorporated by reference into our relationship with LinkedIn.
• LinkedIn data obtained via the APIs is subject to LinkedIn’s Data Storage Requirements; we store and cache such data only for the durations those requirements permit (see Section 6).
• Before you authenticate, we obtain your freely-given consent via LinkedIn’s OAuth flow, covering the data categories, collection cadence, use, sharing, and withdrawal rights described above.
• We delete all LinkedIn-sourced data (including OAuth tokens) upon your request, upon your revocation of consent, when you close your Ryze account, if LinkedIn terminates or suspends our API access, or if we stop operating the Service.
• We do not use LinkedIn data for advertising, sales, recruiting, list-building, lead generation, CRM enrichment, audience targeting, or to train third-party AI models. LinkedIn data is displayed only to the authenticated user it belongs to and is never transferred, resold, or exported outside Ryze.
• Your use of LinkedIn through Ryze remains governed by the LinkedIn User Agreement and LinkedIn Privacy Policy.

Residents of California, Colorado, Connecticut, Virginia, Utah, and other U.S. states with comprehensive privacy laws have specific rights to know, correct, delete, and opt out of sales or sharing of their personal data. Ryze does not sell personal data and does not share personal data for cross-context behavioral advertising.

To exercise any state-law right, email privacy@ryze.so. An authorized agent may submit a request on your behalf once we verify both your identity and the agent’s authority.

We may update this Privacy Policy from time to time. The effective date and version at the top of this page always reflect the current version. If we make material changes, we will notify you by email and with a prominent in-app notice before the changes take effect, and, where your continued use of the Service would be affected, give you an opportunity to review and either accept the updated terms or delete your account.

If you believe we have not handled your personal data properly, we would like the chance to put it right — email privacy@ryze.so first. You also have the right to lodge a complaint with your local data protection authority. EU residents can find their authority via the European Data Protection Board.

Ryze Labs LLC
30 N Gould St Ste N, Sheridan, WY 82801, United States
privacy@ryze.so