eGiiG ("we," "us," "our") operates the eGiiG Agency Suite platform accessible at https://egiig.com and https://apps.egiig.com, including the eGiiG browser extension (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Full name, email address, and password (hashed)
- Business/agency name and website URL
- Billing address and payment information (processed by Stripe — we do not store credit card numbers)
- Team member names and email addresses
- Subscription plan and usage data
1.2 Client and Prospect Data
When you use our platform to manage clients and prospects, you may store:
- Client names, email addresses, phone numbers, and business details
- Prospect names, LinkedIn profile URLs, job titles, and company information
- Communication history (messages sent and received via LinkedIn, email)
- Campaign performance data (connection acceptance rates, reply rates)
- Proposal and invoice records
- Service agreements and onboarding data
1.3 LinkedIn Data (via Browser Extension)
Our browser extension collects the following data from LinkedIn with your explicit authorization:
- Session cookies (li_at, JSESSIONID): Used to authenticate API requests to LinkedIn on your behalf. These cookies are encrypted in transit and stored securely on our servers to enable cloud-based campaign execution.
- Profile information: Your LinkedIn name, profile photo URL, headline, and connection count — used to display your account in our dashboard.
- Prospect profile data: Names, titles, companies, and profile URLs of prospects you add to campaigns — collected only from profiles you explicitly select or search for.
- Message content: Connection request notes and follow-up messages you compose or that our AI generates on your behalf, and replies received from prospects.
What we do NOT collect from LinkedIn:
- We do not scrape or bulk-download LinkedIn user data
- We do not access LinkedIn data of users who have not been explicitly added to your campaigns
- We do not collect or store LinkedIn passwords
- We do not sell LinkedIn data to third parties
1.4 Advertising Platform Data (via OAuth)
When you connect advertising accounts, we access the following data through official OAuth APIs with your explicit consent:
Google Ads (OAuth 2.0):
- Scope:
adwords (Google Ads API)
- Data accessed: Campaign performance metrics, ad spend, impressions, clicks, conversions, keyword data
- Purpose: Display campaign performance in your dashboard, generate client reports
- We do not modify your Google Ads campaigns without your explicit action
Meta/Facebook Ads (OAuth 2.0):
- Scopes:
ads_management, ads_read, business_management
- Data accessed: Ad account details, campaign metrics, audience insights, spend data
- Purpose: Display ad performance, manage campaigns on your behalf, generate reports
- We comply with Meta Platform Terms and Data Use Policy
TikTok Ads (OAuth 2.0):
- Scopes:
ad_account_management, campaign_management
- Data accessed: Ad account details, campaign performance data, spend metrics
- Purpose: Display campaign data, manage ads, generate performance reports
- We comply with TikTok for Business Developer Terms
Microsoft Advertising (OAuth 2.0):
- Scope:
msads.manage
- Data accessed: Campaign metrics, ad performance data, spend information
- Purpose: Display and manage Microsoft Advertising campaigns
LinkedIn Ads (OAuth 2.0):
- Scopes:
r_ads, rw_ads, r_ads_reporting
- Data accessed: Ad account metrics, campaign data, reporting
- Purpose: Display LinkedIn ad performance and manage campaigns
1.5 Website and SEO Data
When you connect client websites via our SEO plugin:
- Website content, meta tags, page structure, and performance metrics
- Search engine ranking data, keyword positions, and backlink information
- Google Analytics and Google Search Console data (with explicit OAuth consent)
1.6 Payment Data
- Payment processing is handled entirely by Stripe, Inc.
- We store Stripe customer IDs and subscription status, but never store credit card numbers, CVVs, or full card details
- Stripe's privacy policy applies to payment data: https://stripe.com/privacy
1.7 Technical Data
We automatically collect:
- IP address, browser type, operating system, and device information
- Pages visited, features used, and session duration
- Error logs and performance data
- Cookies and similar tracking technologies
2. How We Use Your Information
We use the collected information for the following purposes:
- Service delivery: Executing LinkedIn outreach campaigns, managing ad accounts, generating reports, processing invoices and proposals
- AI-powered features: Generating personalized connection notes, composing auto-replies, filling AI training profiles, analyzing prospect data
- Cloud execution: Running LinkedIn campaigns via our servers using your authenticated session and residential proxy connections
- Client management: Storing client data, onboarding information, and communication history
- Billing: Processing payments, managing subscriptions, and sending invoices
- Service improvement: Analyzing usage patterns to improve features and performance
- Communication: Sending transactional emails (account verification, billing receipts, campaign notifications)
- Security: Detecting and preventing fraud, unauthorized access, and abuse
3. How We Share Your Information
We do NOT sell your personal information or your clients' data to third parties.
We may share information with:
3.1 Service Providers
- Stripe: Payment processing
- Residential proxy providers (e.g., Bright Data, IPRoyal): For routing LinkedIn API requests through residential IP addresses. Only the HTTP request is routed — no personal data is shared with proxy providers.
- AI providers (e.g., OpenAI, Anthropic, Azure OpenAI): Message content may be sent to AI providers for generating personalized outreach messages and auto-replies. We use API-only access with no data retention agreements where available.
- Cloud hosting providers: Server infrastructure for running the platform
3.2 Advertising Platforms
We transmit data back to advertising platforms only when you explicitly initiate actions such as creating or modifying ad campaigns through our interface.
3.3 Your Clients (White-Label)
If you use our white-label feature, your clients interact with the platform under your branding. We do not independently contact your clients.
3.4 Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request.
4. Data Retention
- Account data: Retained for the duration of your active account plus 30 days after account deletion
- Campaign data (LinkedIn, ads): Retained for the duration of your subscription. Deleted within 30 days of account closure or upon request.
- LinkedIn session cookies: Retained only while the associated LinkedIn account is connected. Deleted immediately upon account disconnection.
- Prospect and client data: Retained for the duration of your subscription. You may delete individual records at any time.
- Payment records: Retained as required by applicable tax and financial regulations (typically 7 years)
- AI-generated content: Not retained by AI providers beyond the API call. Stored on our platform only as part of your campaign data.
5. Data Security
We implement industry-standard security measures:
- All data transmitted between your browser and our servers is encrypted using TLS 1.2+
- LinkedIn session cookies are stored encrypted at rest
- Passwords are hashed using bcrypt
- Database access is restricted to authorized application services only
- Our infrastructure is hosted on secure VPS providers with firewall protection
- Regular security audits and dependency updates
- API keys and OAuth tokens are encrypted before storage
6. Your Rights and Choices
6.1 Access and Portability
You may request a copy of all personal data we hold about you by contacting support@egiig.com.
6.2 Correction
You may update your account information at any time through the dashboard Settings page.
6.3 Deletion
You may request deletion of your account and all associated data by contacting support@egiig.com. We will process deletion requests within 30 days.
6.4 OAuth Revocation
You may disconnect any connected advertising account at any time through our dashboard. This immediately revokes our access to that platform's data. You may also revoke access directly from:
6.5 LinkedIn Extension
You may uninstall the browser extension at any time. Uninstalling immediately stops all data collection from LinkedIn. To also delete stored LinkedIn session data from our servers, disconnect the LinkedIn account from the dashboard.
6.6 Email Communications
You may opt out of non-essential emails by clicking "unsubscribe" in any marketing email or updating your notification preferences in Settings.
7. Cookies and Tracking
We use the following cookies:
| Cookie |
Purpose |
Duration |
| Session cookie |
Authentication |
Browser session |
| Sanctum token |
API authentication |
30 days |
| Preference cookies |
Dashboard settings |
1 year |
We do not use third-party advertising trackers. We do not serve ads within our platform.
8. International Data Transfers
Our servers are located in Europe and the United States. If you access our Service from outside these regions, your data may be transferred to and processed in these locations. We ensure appropriate safeguards are in place for international data transfers.
9. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that a child under 18 has provided us with personal information, we will delete it promptly.
10. GDPR Compliance (European Users)
If you are a resident of the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access (Article 15)
- Right to rectification (Article 16)
- Right to erasure (Article 17)
- Right to restrict processing (Article 18)
- Right to data portability (Article 20)
- Right to object (Article 21)
Legal bases for processing:
- Contract performance: Providing the Service you signed up for
- Legitimate interest: Improving our Service, preventing fraud
- Consent: Marketing communications, AI processing of content
To exercise any of these rights, contact us at support@egiig.com.
11. CCPA Compliance (California Users)
If you are a California resident, you have the right to:
- Know what personal information we collect
- Request deletion of your personal information
- Opt out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising your privacy rights
12. Specific Platform Compliance
12.1 Google API Services
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google Ads data to display campaign performance and manage campaigns within our platform as directed by you.
12.2 Meta Platform
Our use of Meta Platform data complies with Meta Platform Terms (https://developers.facebook.com/terms/) and Meta's Data Use Policy. We access only the data necessary to provide our advertising management services.
12.3 TikTok for Business
Our use of TikTok Marketing API data complies with TikTok for Business Developer Terms. We access ad account data solely for the purpose of campaign management and reporting within our platform.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or our data practices:
- Email: support@egiig.com
- Website: https://egiig.com
- Data Protection Inquiries: privacy@egiig.com
15. Third-Party Links
Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read the privacy policies of any third-party sites you visit.