No LinkedIn credentials
The core workflow accepts profile URLs or identifiers. It does not ask for a LinkedIn password, session cookie, or account connection.
See what AI Outreach receives, which providers process it, how long records are kept, and the contract terms available for customer data.
Last reviewed July 15, 2026
The core workflow accepts profile URLs or identifiers. It does not ask for a LinkedIn password, session cookie, or account connection.
Workspace data is returned only after authenticated owner or authorized-team checks on protected application paths.
Portable export and deletion-request controls support customer access and erasure workflows, subject to legal retention needs.
Data flow
Prospect data is used to run the workflow the customer requested. Payment processing is separate from enrichment and generation.
A customer creates an account and uploads or enters a prospect list.
Account details, campaign instructions, prospect contact fields, company details, and professional-profile URLs or identifiers.
The application stores workspace records in its database and scopes access to the authenticated owner or authorized team.
Workflow configuration, source rows, provider responses, research, qualification, generated drafts, and operational metadata.
When a workflow requests profile enrichment, the configured profile provider receives the minimum lookup input needed for that request.
Usually a LinkedIn profile URL or identifier; Bright Data or a RapidAPI-hosted provider returns professional-profile data.
AI providers process selected profile, company, and campaign context to produce research, qualification, and message drafts.
Relevant professional-profile fields, company context, customer instructions, prompts, and generated output sent to Perplexity, Z.AI, or Google Gemini.
Results remain in the customer workspace until viewed, exported, integrated, or removed under the retention and deletion controls below.
Selected results may be exported to Google Sheets or a customer-configured destination. Billing stays on a separate Stripe flow.
Application controls
These statements describe controls visible in the application and repository. Deployment-specific assurance is confirmed separately during security review.
Protected workspace routes apply authenticated user ownership or explicit team authorization before returning workspace data.
Production outbound webhook destinations require HTTPS, and sensitive webhook credentials are encrypted at rest.
Provider requests are tied to a workflow purpose and carry the context needed for enrichment, research, generation, export, or billing.
Customers can request a portable account export and account deletion; deletion is delayed by a grace period to prevent accidental loss.
Raw API diagnostics use a bounded retention job before deletion, while privacy-preserving cost totals can remain aggregated.
Customer-configured completion webhooks use rotating HMAC secrets, signed payloads, delivery logs, and expiring download links.
Service providers
A provider receives data only when the corresponding product path is configured or requested. The list below covers the core enrichment, research, generation, export, and billing integrations.
| Provider | Why it is used | Data involved | When |
|---|---|---|---|
| Bright Data(opens provider information in a new tab)Professional-profile enrichment | Retrieve public professional-profile data for a customer-requested workflow. | LinkedIn profile URL or identifier, request metadata, and the resulting public profile response. | Only when Bright Data is the configured enrichment provider for the requested profile. |
| RapidAPI(opens provider information in a new tab)API marketplace and professional-profile enrichment | Route a profile lookup to the configured LinkedIn-data API publisher. | LinkedIn profile URL or identifier, API request metadata, and the provider response. | Only when a RapidAPI-hosted enrichment provider handles the requested profile. |
| Perplexity(opens provider information in a new tab)Web-grounded research | Research a prospect or company and return grounded context for qualification and drafting. | Prompt instructions, relevant professional-profile data, company or domain context, and generated response. | When a workflow uses Perplexity research or a user invokes Perplexity-assisted autofill. |
| Z.AI(opens provider information in a new tab)Primary outreach message generation | Generate customer-requested outreach drafts from selected campaign and prospect context. | Prompt instructions, relevant professional-profile fields, company and campaign context, and generated response. | When user-visible message writing or prose synthesis uses the configured Z.AI primary provider. |
| Google(opens provider information in a new tab)Gemini generation and Google Sheets export | Generate research or message drafts and export customer-selected workflow results to a sheet. | Prompt and workflow context for Gemini; selected result fields and connection identifiers for Google Sheets. | When Gemini generation is configured or a customer requests a Google Sheets integration. |
| Stripe(opens provider information in a new tab)Payments and subscription management | Process checkout, subscriptions, credit purchases, invoices, fraud prevention, and customer billing support. | Customer and account identifiers, email, order and plan metadata, and payment details entered directly into Stripe. | When a customer starts or manages a paid transaction. Prospect lists are not part of the billing flow. |
Deployment-specific hosting, email, monitoring, and abuse-prevention vendors are confirmed in an executed DPA or customer security review because they vary by environment.
Retention
A shorter period applies when data is deleted and no legal retention obligation remains. A litigation hold or legal obligation can require a limited record to be kept longer.
While the account is active; certain account records may be retained for up to 1 year after closure.
An earlier deletion request is honored unless a narrower record must be kept for legal, fraud-prevention, or dispute purposes.
Up to 2 years, or earlier when the customer deletes the data or completes an account-deletion request.
The deletion workflow covers source prospects, enrichment, research, generated messages, and associated images.
Demo inputs, generated research, and results are deleted within 7 days.
A daily retention task purges the demo submission, its dedicated workflow graph, and any copied showcase content.
Up to 7 years where accounting, tax, chargeback, or other legal obligations require it.
Stripe handles card data. The application retains transaction references and business records needed for billing obligations.
Usage and security records may be retained up to 12 months. Raw API request/response diagnostics are configured for 30–60 days (45 days by default).
The raw API-log retention job aggregates cost totals before deleting diagnostic rows; aggregates do not preserve prompt or response bodies.
The Privacy Policy remains the public policy of record for individual privacy rights and retention commitments.
LinkedIn stance
AI Outreach is not affiliated with, endorsed by, or sponsored by LinkedIn. Its core workflow does not request LinkedIn account credentials or directly operate a customer's LinkedIn account.
Customers provide profile URLs and must have a lawful basis to use prospect information. LinkedIn's current terms restrict unauthorized scraping and automation. A subscription to AI Outreach does not grant permission to violate LinkedIn's rules, privacy law, anti-spam law, or a third party's rights.
Customers should review LinkedIn's User Agreement (opens in a new tab) and use supported methods or obtain permission where required. Generated messages are drafts for customer review; customers remain responsible for how and where they send them.
Download the editable DPA draft, complete the party and transfer details, and send it for review. The template is not an executed agreement or legal advice.
Privacy requests: privacy@aioutreach.io