VYRALVYRAL
Log inSign up for early launch

Privacy Policy

Last updated: December 2025

How VYRAL protects and processes your personal data.

1. Who We Are

VYRAL ("we", "us") is the data controller responsible for your personal data. We operate fully under GDPR and EU privacy regulations.

2. Data We Collect

2.1 Account Data

  • Name and email
  • Password (hashed)
  • Billing information
  • Settings and preferences

2.2 LinkedIn Data

When you connect your LinkedIn account, we access your data through LinkedIn's official API with your explicit consent. We request the following OAuth scopes:

  • openid – OpenID Connect authentication
  • profile – Basic profile information (name, LinkedIn ID)
  • email – Email address for account linking
  • r_member_postAnalytics – Read-only access to analytics for posts you authored
  • w_member_social – Publish posts to LinkedIn (user-initiated only)

LinkedIn Data Fields We Store

For each LinkedIn post you import or connect, we store:

  • Post URN (unique identifier)
  • Impressions count
  • Reactions/likes count
  • Comments count
  • Reshares/reposts count
  • Post type (text, image, video, document, article, poll)
  • Media type (if applicable)
  • Post content text
  • Publication timestamp

We only access analytics for posts you have authored. We only publish posts when you explicitly initiate and confirm the action. We never automatically post, comment, like, or perform any actions without your direct approval. We never access your private messages, contacts, or notifications. We never access your LinkedIn password. All access requires your explicit OAuth consent.

2.3 LinkedIn Publishing

When you choose to publish content to LinkedIn through VYRAL:

  • Publishing is always user-initiated — you must click "Publish" and confirm
  • You can review and edit content before publishing
  • We can publish text posts, and optionally images or articles (with your approval)
  • Scheduled posts require your prior approval and can be cancelled at any time
  • We store a record of published posts for your analytics and reference
  • We never publish content without your explicit action

LinkedIn OAuth Consent Flow

When you connect LinkedIn, you'll be redirected to LinkedIn's official authorization page where you can review and approve the specific permissions we're requesting. You can revoke this access at any time through your LinkedIn settings or by disconnecting within VYRAL.

LinkedIn Data Retention & Deletion

When you connect your LinkedIn account, we store your post analytics data as described above and the OAuth tokens needed to refresh this data and enable publishing.

Retention periods:

  • LinkedIn post analytics data: retained for up to 12 months, then anonymized or deleted
  • OAuth tokens: retained until you disconnect LinkedIn or delete your account
  • Publish logs: retained for up to 12 months for your reference

When you delete your LinkedIn data or disconnect your LinkedIn account, we permanently remove the associated tokens, imported posts, publish logs, and analytics from our systems within 24 hours.

To delete LinkedIn data: Go to Settings → LinkedIn Integration → Delete LinkedIn Data. This action is immediate and irreversible.

2.4 Content You Create

We store:

  • Drafts, ideas, posts, calendar entries
  • Your Blueprint
  • Campaigns and notes
  • AI prompts you submit

2.5 Usage Data

We collect device, diagnostics, crash logs, and anonymized usage data to improve performance.

3. How We Use Your Data

  • Provide analytics, insights, and scoring
  • Train your personalized AI model
  • Improve drafts and ideas
  • Enable Blueprint features
  • Publish content to LinkedIn when you initiate and confirm
  • Process payments

We do not sell your data, ever. We do not use your data outside of VYRAL. Any data used for analytics or AI training is fully anonymized and cannot be linked to you.

4. Legal Basis (GDPR)

  • Contractual necessity (Art. 6(1)(b))
  • Legitimate interest (Art. 6(1)(f))
  • Consent for LinkedIn integration, publishing, and cookies (Art. 6(1)(a))

5. Data Sharing

We only share data with GDPR-compliant processors:

  • Supabase (database + auth)
  • Stripe (billing)
  • AI model providers (OpenAI, Anthropic, etc.)
  • LinkedIn (only when you publish content)
  • Support and error monitoring tools

All processing is governed by DPAs and Standard Contractual Clauses (SCCs).

6. Your Rights

You have the right to:

  • Access your data
  • Correct your data
  • Export your data
  • Object to processing
  • Restrict processing
  • Withdraw consent
  • Delete your entire VYRAL account and all data at any time

Data deletion is immediate and irreversible. We store nothing after deletion.

7. Data Retention

  • Account data: while active
  • Drafts/posts: until you delete them
  • LinkedIn analytics data: up to 12 months, then anonymized or deleted
  • LinkedIn publish logs: up to 12 months
  • General analytics data: anonymized after 24 months
  • Billing data: 5–10 years (legal requirement)
  • LinkedIn data: until you delete it via Settings → LinkedIn Integration, or when you delete your account

8. Security

  • Encryption in transit & at rest
  • Role-based access control (RLS)
  • Zero-trust architecture
  • Strict logging and monitoring
  • OAuth tokens stored encrypted (AES-256)
  • All publish actions require authenticated session

9. Cookies

See our Cookie Policy for details.

10. Contact Us

VYRAL

Copenhagen, Denmark

CVR: 45239411

Email: johan@getvyral.io