Liminl Privacy Policy
Effective Date: May 14, 2026
Liminl Inc. ("we," "us," "our," or "Liminl") operates the Liminl platform, including the Liminl website, web application, and the Liminl Chrome browser extension (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use any part of the Service. By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.
Plain English Summary
We never sell your data.
We never read your inbox without your explicit consent.
Our browser extension only operates on specific pages within its declared permissions. It does not track your general browsing activity.
You can request deletion of all of your data at any time by contacting support@goliminl.com.
Who We Are: Liminl is operated by Liminl Inc., a Delaware corporation ("we," "us," "Liminl"). For the purposes of GDPR and similar laws, we are the data controller for the information described in this policy.
Registered Address: San Francisco, CA
Contact: support@goliminl.com
Web: www.goliminl.com
If you have questions, complaints, or want to exercise any of the rights described below, write to the contact address above. We respond within 30 days.
1. Information We Collect
1.1 Information You Provide Directly
Email address (required for account creation)
Full name
Password (stored as a salted hash; we never store plaintext passwords)
Onboarding answers: career goals, target roles, focus areas, work setup preferences
Active search targets: companies and roles you have told us you want to pursue
Resume content (optional upload)
Professional information you enter into the platform (contacts, career details, notes)
Professional networking data (optional, via CSV upload or browser extension)
1.2 Information Collected Automatically
Device and browser information (type, operating system, browser version)
IP address and approximate location (city-level, derived from IP)
Usage data (pages visited within Liminl, features used, session duration)
Cookies and similar technologies (see Section 8)
1.3 Information from Google (After You Authorize via OAuth)
If you choose to connect your Google account, we may access the following depending on the scopes you authorize:
Gmail metadata: sender, recipient, date, subject line, and snippet from messages involving contacts in your network (limited to the most recent 90 to 180 days, depending on use case).
Email body content (transient): we fetch email body content when parsing for intro mentions or application-confirmation emails. We do not store the full body. We retain only a short snippet (approximately 500 characters) around the parsed mention or extracted data point.
Google Contacts and Other Contacts: names, email addresses, and associated metadata from your Google address book.
OAuth refresh token: stored encrypted at rest via application-layer encryption.
Google Calendar metadata: event titles, times, attendee lists, event descriptions, and meeting links. This data is used solely to identify professional contacts and meeting patterns to enrich your network graph, provide scheduling context for networking actions and recommendations, and detect relationship signals (such as meeting frequency) to inform pathway scoring. Calendar metadata is stored in your network graph for as long as your account is active.
You may disconnect Google access at any time through your account settings.
Google API Services User Data Policy: Liminl's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use data obtained through Google Workspace APIs to develop, improve, or train generalized AI or machine learning models.
Specifically, Liminl:
Only uses Google user data to provide and improve the user-facing features of the Service that are visible and apparent to you.
Does not transfer Google user data to third parties unless necessary to provide or improve the Service, to comply with applicable law, or as part of a merger, acquisition, or asset sale with prior notice to you.
Does not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
Does not allow humans to read Google user data unless we have your affirmative agreement for specific messages, it is necessary for security purposes (such as investigating abuse), it is necessary to comply with applicable law, or our use is limited to internal operations and the data has been aggregated and anonymized.
1.4 Information from the Liminl Chrome Extension
If you install the Liminl Chrome browser extension, the extension collects information from specific pages you visit while signed into your own accounts. The extension operates only on the sites listed in its host_permissions declaration in the extension manifest.
LinkedIn data: The extension reads your LinkedIn connections page to collect connection names, profile URLs, current positions, employers (when displayed by LinkedIn), and connection dates. The extension reads the DOM of LinkedIn pages within its declared host permissions. It does not take actions on your behalf, modify page content, or interact with LinkedIn as you.
Canvas data (when applicable): If you visit your university Canvas account while the extension is installed, the extension may read course lists and classmate information from Canvas pages within its declared host permissions.
What the extension does NOT do:
It does not collect your browsing history outside of the specific LinkedIn and Canvas pages within its declared host permissions.
It does not inject content into or modify the behavior of any web page.
It does not access data on any website other than those listed in its host permissions.
It does not set cookies. It stores its authentication token in
chrome.storage.local.It does not run in the background when you are not on a page within its declared host permissions.
Chrome Web Store User Data Policy: The use of information received from Chrome APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.
You can uninstall the Liminl Chrome extension at any time. Uninstalling stops all local data reading immediately without requiring any action on our end.
1.5 Information from Third-Party Data Sources
To improve the quality and relevance of our recommendations, we may supplement your information with publicly available professional data from third-party data providers. This may include professional titles, employer information, education history, and other publicly available career-related data. We use these third-party sources solely to enhance your networking experience within the platform. We do not sell or share enriched data with other third parties for their independent use.
1.6 AI-Call Telemetry
We log the AI/LLM calls Liminl makes on your behalf, including: model identifier, token counts, and cost. The full prompt text is sent to the LLM provider to fulfill your request, and a copy may be retained in our database for service delivery, debugging, and quality improvement. Prompt copies stored in our database are encrypted at rest.
2. What We Do Not Collect
Phone numbers (unless you explicitly enter one)
Financial or payment data (we do not process payments directly)
Precise geolocation (no GPS, no device-proximity data; we only record location information that appears in your network's profile data, such as a contact's listed city)
Browser history or browsing activity outside the specific pages the extension is scoped to
3. How We Use Your Information
We use your information for the following purposes:
To create and maintain your account
To build and maintain your professional network graph for the Pathways feature
To surface intro mentions and relationship signals from your email
To auto-detect job applications you have submitted
To generate AI-powered networking recommendations, outreach drafts, and resume suggestions
To enrich your profile with relevant professional data from third-party sources
To analyze aggregate, anonymous usage patterns and improve the Service
To communicate with you about your account, updates, and Service-related announcements
To detect, prevent, and address technical issues, security threats, and fraud
To comply with legal obligations
4. AI-Powered Features
Liminl uses artificial intelligence to generate networking recommendations, suggest relationship-building actions, draft outreach messages, and provide resume suggestions. Key points about our AI processing:
AI recommendations are generated algorithmically based on your data and goals.
We currently use the Anthropic API for AI features; data sent to this API is subject to Anthropic's data processing terms.
All AI-generated content consists of suggestions only. You always have final control over what you send or act on. Liminl never sends messages on your behalf.
We do not use your personal data to train general-purpose AI models.
5. How We Share Your Information
We do not sell your personal information. We may share your information in the following limited circumstances:
Service Providers: We share data with third-party vendors who help us operate the Service (hosting, AI processing, data enrichment, error monitoring). These providers are contractually obligated to use your data only for the purposes we specify. Current service providers include:
Anthropic API (LLM processing for outreach drafts, resume suggestions, mention extraction, and application-email classification)
Google APIs (Gmail, People, Calendar, as authorized by your OAuth consent)
Sentry (error monitoring; we scrub personally identifiable information before forwarding crash data)
Public ATS APIs such as Greenhouse and Ashby (publicly listed job data only; no user data is sent to these services)
Analytics Partners: We may use analytics tools to understand how users interact with the Service. Any analytics data is anonymized or pseudonymized before collection.
Legal Requirements: We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and obtain explicit prior consent where required.
We do not sell or share your data with advertisers, data brokers, or any party not described above.
6. Legal Basis for Processing (GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following lawful bases under Article 6 GDPR:
Activity Legal Basis Creating your Liminl account Performance of a contract (Art. 6(1)(b)) Reading Gmail, Google Contacts, and Google Calendar data after OAuth Your explicit consent via the OAuth grant (Art. 6(1)(a)) Reading LinkedIn and Canvas data via the browser extension Your explicit consent at extension install time (Art. 6(1)(a)) Building your network graph and ranking pathways Performance of the service contract (Art. 6(1)(b)) Auto-detecting application emails Legitimate interest in helping you track your job search (Art. 6(1)(f)). You can disconnect Gmail at any time to stop this processing. Generating outreach drafts and resume suggestions via LLM Your request (Art. 6(1)(b)) Security logging, fraud prevention, error monitoring Legitimate interest in operating a secure service (Art. 6(1)(f))
You may withdraw consent at any time by disconnecting the relevant integration or deleting your account.
7. Automated Decision-Making
Liminl uses large language models to draft personalized outreach messages, suggest resume improvements, extract intro mentions from email, and detect application-confirmation emails. These are assistive features. They generate suggestions that you review and choose whether to act on. We do not use automated processing to make decisions that produce legal effects or similarly significantly affect you (GDPR Art. 22). You can disable Gmail-based AI processing at any time by disconnecting the Gmail integration.
8. Cookies and Similar Technologies
Web application: The Liminl web app uses cookies for authentication (session cookies) and anti-CSRF tokens. Both are strictly necessary for the Service to function. We do not use cookies for advertising, behavioral tracking, or third-party analytics.
Chrome extension: The Liminl Chrome extension does not set cookies. It stores its authentication token in chrome.storage.local.
You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.
9. Data Storage and Security
Storage: Your data is stored in a Postgres database hosted in the United States, encrypted at rest and encrypted in transit via TLS. OAuth refresh tokens receive additional application-layer encryption. LLM prompt copies stored in our database are encrypted at rest.
Security measures: We implement reasonable technical and organizational measures to protect your personal information, including encryption of data in transit (TLS) and at rest, application-layer encryption for sensitive credentials, access controls (only authorized Liminl personnel have production database access), and regular security assessments. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
Breach notification: If we discover a breach affecting your personal data, we will notify you by email within 72 hours of becoming aware of it, where required by applicable law (including GDPR Art. 33-34 and applicable US state breach-notification laws). The notice will describe what was affected and what we are doing to remediate.
If you become aware of a security vulnerability, please report it to support@goliminl.com.
10. International Data Transfers
Liminl is operated from and primarily stores data in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
For transfers from the EEA, UK, or Switzerland to the US, we rely on:
Your explicit consent (Art. 49 GDPR), captured at account creation, or
Standard Contractual Clauses (SCCs) with our infrastructure providers
You can request copies of relevant SCCs by writing to support@goliminl.com.
11. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service.
When you request deletion of your data, it is removed from our primary database within 24 hours. Backup retention rolls off within 30 days.
Anonymized and aggregated data that cannot identify you may be retained indefinitely for analytics and product improvement.
12. Your Rights and Choices
You have the following rights over your personal data:
Access: Request a copy of the personal information we hold about you.
Correction: Request that we correct inaccurate or incomplete information.
Deletion: Request that we delete your personal information, either your data only (keeping your login) or your entire account and all data permanently. Contact support@goliminl.com to request deletion.
Restriction: Request that we pause processing of your data while a dispute or correction is pending.
Objection: Object to processing based on legitimate interest (such as application auto-detection).
Data Portability: Request a copy of your data in a structured, machine-readable format.
Opt-Out of Enrichment: Request that we stop supplementing your profile with third-party data.
Revoke Integrations: Disconnect Google or LinkedIn at any time through your account settings. Disconnecting halts new data ingestion but does not automatically delete previously ingested data. Contact support@goliminl.com to request deletion of that data.
Uninstall the Extension: You can uninstall the Liminl Chrome extension at any time. This immediately stops all local data reading.
Right to Lodge a Complaint: If you are in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at support@goliminl.com. We will respond within 30 days.
13. California Residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act.
Categories of personal information we collect:
Identifiers: name, email address, profile URLs
Authentication information: password hash, encrypted OAuth tokens
Personal communications (limited): short email-body snippets, transiently parsed for intro mentions and application confirmations
Internet activity (limited): DOM contents of LinkedIn and Canvas pages you visit while the extension is installed, within its declared host permissions
Professional or employment-related information: resume content, your contacts' employers and roles
Inferences: relationship-strength scores, target-company matches, pathway rankings computed from the above
Your CCPA rights:
Right to know: what we collect, why, and who we share with. This policy documents all three. For an account-specific copy, contact support@goliminl.com.
Right to delete: contact support@goliminl.com to request deletion.
Right to correct: contact support@goliminl.com to request corrections.
Right to opt-out of sale or sharing: we do not sell or share your personal information as defined under CCPA. If our practices ever change, we will add a "Do Not Sell or Share My Personal Information" link and notify users.
Right to limit use of sensitive personal information: we do not use your sensitive personal information for purposes beyond providing the Service.
Right to non-discrimination: exercising any of the rights above will not result in degraded service, higher prices, or denied access.
To submit a CCPA request, contact support@goliminl.com from the email address associated with your account.
14. Educational Data (FERPA)
If Liminl is used in connection with a university or educational institution, we are committed to handling any education records in compliance with the Family Educational Rights and Privacy Act (FERPA). We will enter into appropriate data processing agreements with educational institutions before accessing any FERPA-protected data. We do not use education records for any purpose other than providing the Service as directed by the educational institution.
15. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe someone under 18 has created a Liminl account, please contact us at support@goliminl.com and we will delete the account.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will update the "Effective Date" at the top when we revise this document. Substantive changes will be announced via email to your registered address at least 14 days before they take effect. Continued use of the Service after changes are posted constitutes acceptance.
17. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, contact us at:
Liminl Inc.
Email: support@goliminl.com
Web: www.goliminl.com