Legal
Privacy Policy
Last updated: 2026-06-28
This Privacy Policy explains what personal data Outlink LLC (“Outlink AI,” “we,” “us”) processes, why we process it, and the choices and rights you have. It is written to be accurate to how the product actually works: you connect your own inbox and your own Google Search Console property, you set guardrails, and the service runs link-building outreach within those rails while you review a digest.
Who we are
Outlink LLC is the controller of the personal data described in this policy. Our registered mailing address is 1209 Mountain Road Place Northeast, Albuquerque, NM 87110. For any privacy question, or to exercise a right described below, contact us at privacy@outlinkai.com.
What we collect
- Account data — your name, email address, and a hashed password (we never store your password in readable form).
- Billing data — handled by Stripe. We store billing identifiers and subscription status; we do not store full card numbers.
- Connected-inbox content used for outreach — when you connect your Gmail or Outlook account over OAuth, we process the messages needed to send outreach from your identity and to read the replies it receives, within the sending caps you set.
- Google Search Console metrics — when you connect a property, we read ranking and coverage signals to relate outreach activity to search performance.
- Product and usage data — campaign configuration, prospect and target-page data you provide, and operational telemetry used to run and secure the service.
- Support messages — what you send us when you ask for help.
How we use it, and our legal basis
We process your data to provide the service you signed up for (performance of our contract with you): running outreach within your guardrails, handling replies, relating activity to Search Console signals, billing, and securing the product. Where we rely on legitimate interests — for example, product analytics, abuse prevention, and deliverability — we balance those interests against your rights. Where the law requires consent, we ask for it.
OAuth scopes and the “your own inbox” model
Outlink AI sends from your connected mailbox, not from a shared pool. You authorize access over OAuth during onboarding, and you can revoke that access at any time from your inbox provider or from within the product. We request only the scopes needed to send on your behalf and to read the replies your outreach receives, and we send within the per-day caps you configure. Google Search Console access is read-only and is used to surface ranking and coverage signals.
Google API Limited Use
Outlink AI’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer or use data from restricted Google scopes for serving advertising, and we do not allow humans to read this data except where you give affirmative consent, where it is necessary for security or to comply with applicable law, or where the data has been aggregated and anonymized.
Read the full policy at https://developers.google.com/terms/api-services-user-data-policy.
Who we share with
We do not sell your personal data. We share it only with the service providers that help us operate the product — payments (Stripe), transactional email (Resend), AI drafting and classification (OpenAI), domain-authority metrics (Moz), SERP and ranking data (our SERP-data provider), inbox and search signals (Google and Microsoft over OAuth), data storage (Neon), and hosting (Vercel). Each is engaged under terms that restrict their use of the data to providing their service to us. The full list, with the purpose and data categories for each, is in our Data Processing Agreement. Site analytics providers are described under Cookies and analytics below.
Cookies and analytics
We use a small number of cookies and similar technologies. Some are strictly necessary — they keep you signed in and protect against cross-site request forgery when you connect a mailbox over OAuth; the product does not work without them. We also use analytics to understand how the product is used:
- Google Analytics — where enabled, Google sets cookies and processes usage and device data (including a shortened IP address) to give us aggregate traffic statistics. You can opt out with Google’s opt-out browser add-on.
- Vercel Analytics — a privacy-friendly, aggregate measurement that does not use cookies to track you across sites.
You can control or delete cookies through your browser settings; blocking the strictly-necessary cookies will stop parts of the product from working.
Retention
We keep personal data for as long as your account is active and for as long as we need it for the purposes in this policy — to provide the service, meet legal and accounting obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete it or anonymize it. Deleting your account removes your workspace data as described below.
Your rights
Depending on where you live, you have rights over your personal data, including the rights to:
- access the data we hold about you and request a copy (portability);
- correct data that is inaccurate or incomplete (rectification);
- delete your data (erasure) — the product offers a self-serve account deletion that removes your workspace data;
- restrict or object to certain processing;
- withdraw consent where we relied on it, without affecting prior processing.
If you are in the EEA or the UK, we act on your requests without undue delay and within one month, as the GDPR requires, and you may lodge a complaint with your local data-protection supervisory authority.
If you are a California resident, the CCPA/CPRA give you the right to know what we collect, to delete it, and to opt out of any “sale” or “sharing” of personal information — we do not sell or share your personal information in that sense. We respond to verifiable requests within 45 days. To exercise any right, email privacy@outlinkai.com; we will not discriminate against you for doing so.
International transfers
We and our service providers may process data in countries other than your own. Where we transfer personal data across borders, we rely on appropriate safeguards — such as the Standard Contractual Clauses or an adequacy decision.
Email outreach and CAN-SPAM
Outreach sent through the product is configured to include the sender identification and an opt-out mechanism that anti-spam laws such as CAN-SPAM require, and we honor unsubscribe requests. You are responsible for using the product only for legitimate, earned-link outreach to relevant recipients — not for unsolicited bulk mail.
Security, children, and changes
We use technical and organizational measures — including encryption in transit, access controls, and tenant isolation — to protect your data, though no method of transmission or storage is perfectly secure. The product is a business tool and is not directed at children under 16, and we do not knowingly collect their data. We may update this policy as the product evolves; when we do, we revise the effective date shown above and, for material changes, give you notice.