Privacy Policy

This Privacy Policy describes how Scaling Symphony ("we," "us," "our," or "Ziplined") collects, uses, and discloses your personal information when you use:

• Our browser extension for LinkedIn content synchronization
• Our web application at ziplined.io
• Our AI assistant integrations (ChatGPT, Claude)
• Our marketing website and related services

We are committed to protecting your personal information and your right to privacy. When you use our services, you trust us with your personal information. We take your privacy very seriously.

This Privacy Policy applies to all information collected through our services, as well as any related services, sales, marketing, or events.

Please read this Privacy Policy carefully as it will help you understand what we do with the information we collect.

To help explain things as clearly as possible, every time any of these terms are referenced, they are defined as:

Cookie

A small file placed on your device to enable certain features and functionality.

Company

When this policy mentions "Company," "we," "us," or "our," it refers to Scaling Symphony.

Country

Where Scaling Symphony or the owners/founders are based, in this case Netherlands.

Extension

Our Chrome browser extension that syncs LinkedIn data to your Ziplined workspace.

Personal Data

Any information that directly, indirectly, or in connection with other information allows for the identification of a natural person.

Service

Refers to the software as a service provided by Ziplined, including the Chrome extension and web application.

Third-party service

Refers to service providers, promotional and marketing partners, and others who provide services or whose products or services we think may interest you.

Website

Ziplined's site, which can be accessed via https://ziplined.io.

Workspace

Your private or team environment within Ziplined where your synced data and content are stored.

You

A person or entity that is registered with Ziplined to use the Services.

We collect several different types of information for various purposes to provide and improve our Service to you.

Ziplined uses the collected data for various purposes:

• To provide and maintain our Service
• To notify you about changes to our Service
• To allow you to participate in interactive features when you choose to do so
• To provide customer support
• To gather analysis or valuable information so that we can improve our Service
• To monitor the usage of our Service
• To detect, prevent and address technical issues
• To provide you with news, special offers and general information about services we offer (unless you opt out)
• To personalize your experience and provide content recommendations based on your preferences
• To process payments and manage subscriptions (when applicable)

If you are from the European Economic Area (EEA), Ziplined's legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

Ziplined may process your Personal Data because:

• Contract Performance: We need to perform a contract with you (e.g., to provide our Service)
• Consent: You have given us explicit permission to do so (e.g., for marketing communications)
• Legitimate Interests: The processing is in our legitimate interests and it's not overridden by your rights (e.g., analytics, improvements, security)
• Legal Obligation: To comply with applicable laws and regulations

The security of your Personal Data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Security Measures

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security audits and updates
• Workspace isolation to ensure your data remains private
• Backup systems to prevent data loss

Data Storage

Your data is stored on secure cloud infrastructure with industry-standard security certifications. We use reputable cloud service providers that maintain high security standards and compliance with international data protection regulations.

We may employ third-party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Our browser extension allows you to sync your professional content from LinkedIn to your Ziplined workspace. When you use this feature:

• We only access your own public LinkedIn data that you have published
• The extension requires you to be logged into LinkedIn
• Data synchronization happens only when you initiate it or based on your preferences
• Your data is stored in your private workspace and is not accessible to other users

Browser Permissions

Our extension requests certain browser permissions to function properly. Each permission serves a specific purpose:

• cookies: Required to read LinkedIn CSRF tokens for secure API authentication
• storage: To save sync state, preferences, and session data locally on your device
• activeTab: To access the currently active LinkedIn tab for data extraction when you visit LinkedIn
• scripting: To inject content scripts that read your public LinkedIn profile, posts, and analytics
• tabs: To detect and automatically manage LinkedIn tabs for seamless syncing
• declarativeNetRequest: To modify request headers required for authentication flows
• declarativeNetRequestWithHostAccess: To access LinkedIn domains (*.linkedin.com) for data synchronization

All permissions are used exclusively for syncing your LinkedIn data to Ziplined. We do not track your browsing activity on other websites.

What We Don't Do

• Access other users' private data or content
• Post or modify content on your behalf without your explicit action
• Access your private messages or connections
• Sell or share your LinkedIn data with third parties

Ziplined will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.

Retention Periods

• Account Data: Retained while your account is active
• LinkedIn Profile & Posts: Retained while your account is active to provide AI insights
• Analytics Data: Aggregated and anonymized data may be retained indefinitely for improvement purposes
• Support Communications: Retained for 2 years for reference and quality assurance
• Payment Records: Retained for 7 years as required by law
• Marketing Consent: Retained until you withdraw consent

Account Deletion

If you delete your account or request data deletion:

• Your personal data will be deleted within 30 days
• Backups may retain data for up to 90 days for disaster recovery
• We may retain anonymized, aggregated data for analytics
• Some data may be retained longer if required by law

Depending on your location and applicable laws, you may have certain rights regarding your personal information. We honor these rights regardless of your location.

10.1 General Rights

• Access Your Data: You can request a copy of the personal information we have about you in a structured, machine-readable format
• Correct Your Data: You can request correction of inaccurate or incomplete personal information
• Delete Your Data: You can request deletion of your personal information (subject to legal obligations)
• Restrict Processing: You can request restriction of processing in certain circumstances
• Data Portability: You can request a copy of your data in a portable format
• Object to Processing: You can object to processing based on legitimate interests
• Withdraw Consent: Where we rely on consent, you can withdraw it at any time

10.2 GDPR Rights (EEA Residents)

If you are in the European Economic Area, you have additional rights under GDPR:

• The right to lodge a complaint with a supervisory authority
• The right to detailed information about how your data is processed
• Enhanced rights to data portability and erasure

10.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: [email protected]
• Subject: "Data Rights Request"

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

We are based in the Netherlands, but our hosting infrastructure (Railway) and some service providers are located in the United States.

Safeguards for International Transfers

When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses with our service providers
• Adequacy Decisions: Where possible, we transfer data to countries with adequacy decisions from the EU Commission
• Contractual Obligations: Our service providers are contractually obligated to protect your data

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Our Service is not intended for anyone under the age of 16. We do not knowingly collect personally identifiable information from anyone under the age of 16.

If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 16 without verification of parental consent, we take steps to remove that information from our servers.

If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent's consent before we collect and use that information.

We may update our Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top of this Privacy Policy
• Sending you an email notification (for material changes)
• Displaying a prominent notice in our Service

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

If you have any questions about this Privacy Policy, please contact us:

For data protection inquiries specifically, please use the subject line "Privacy Policy Inquiry" to ensure faster processing of your request.