Privacy Policy
Last updated: March 15, 2026
1. Overview
Hektera ("we", "us", or "our") operates a LinkedIn automation service that publishes content to company LinkedIn pages on behalf of our clients. This Privacy Policy describes how we collect, use, and protect information when you use our service.2. LinkedIn API Integration
Our service integrates with the LinkedIn Marketing Developer Platform using the following OAuth 2.0 scopes:
w_organization_social— Used exclusively to create and publish posts to your organization's LinkedIn company page.r_organization_social— Used to read existing posts and engagement data from your LinkedIn company page.
What we do with this access: We use these permissions solely to publish AI-generated content to your organization's LinkedIn company page as instructed by you. We do not collect, store, or share any LinkedIn user data, personal profile data, connections, or private messages.
What we do not do: We do not access personal LinkedIn profiles, connection lists, messages, or any data unrelated to your organization's company page. We do not sell, rent, or share LinkedIn data with third parties.
Token storage: LinkedIn OAuth access tokens are stored securely in an encrypted credential store. Tokens are used exclusively for automated posting on your behalf and are never exposed to third parties.
Member data: The r_organization_social scope may surface engagement data that includes member-level activity (e.g., comments). In accordance with LinkedIn's API terms, we do not store any member personal data. Any member-level social activity data is processed in real-time only and is not retained for more than 48 hours.
3. Information We Collect
We collect only the information necessary to operate our service:
- Business contact information (name, business email address)
- LinkedIn company page identifier (organization ID/URN)
- OAuth 2.0 access and refresh tokens for your LinkedIn company page
- Approved post content and scheduling preferences
- Telegram chat ID for approval notifications (if applicable)
4. How We Use Your Information
- To publish approved content to your LinkedIn company page
- To send you approval notifications via Telegram
- To monitor token expiry and notify you before re-authentication is needed
- To provide customer support
5. Data Sharing
We do not sell, trade, or otherwise transfer your information to outside parties. We do not share your LinkedIn credentials or data with any third party. The only external services we use are:
- LinkedIn API — to publish content to your company page
- Anthropic Claude API — to generate post content (article summaries are sent; no personal data is included)
- Telegram Bot API — to send approval notifications
6. Data Retention
We retain your data only for as long as necessary to provide the service. You may request deletion of your data at any time by contacting us at social@hektera.com. Upon request, all stored credentials and associated data will be deleted within 10 business days.
Data retention periods:
| Data Type | Retention Period | Notes |
|---|---|---|
| Member-level social activity | Max 48 hours | Not stored; processed in real-time only |
| Organization social data | Max 6 weeks | Up to 6 months with authenticated org |
| OAuth tokens | Duration of service | Deleted within 10 business days of termination |
| Approved post content | Duration of service | Deleted on request within 10 business days |
| Contact information | Duration of service | Deleted on request within 10 business days |
API access termination: Upon termination of LinkedIn API access or cancellation of the Service for any reason, all LinkedIn data held by Hektera will be automatically and permanently deleted within 10 days, regardless of whether a deletion request has been submitted.
7. Security
We implement industry-standard security practices to protect your data, including encrypted credential storage, secure API communication over HTTPS, and access controls limiting who can view or modify your credentials.
Security Incident Reporting: In the event of a data breach or security incident involving LinkedIn data, we will notify security@linkedin.com within 24 hours of becoming aware of the incident, and will cooperate fully with LinkedIn's security response procedures. Affected users will also be notified promptly in accordance with applicable data protection law.
8. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Revoke LinkedIn API access at any time via your LinkedIn account settings
9. Telegram Integration
Hektera uses the Telegram Bot API solely to send you approval notifications for AI-generated posts before they are published to your LinkedIn company page. This integration is:
- User-controlled: You explicitly provide your Telegram chat ID to opt in.
- One-way notifications only: We send post previews; we do not read your Telegram messages.
- Approval-gated: No content is published without your explicit approval tap in Telegram.
- Revocable: You may opt out at any time by contacting us.
We do not share your Telegram chat ID with any third party, and it is used exclusively for the approval notification workflow described above.
10. GDPR & KVKK Compliance
Hektera is based in Türkiye and complies with the Turkish Personal Data Protection Law (KVKK — Law No. 6698). For users in the European Economic Area, we apply equivalent protections aligned with the General Data Protection Regulation (GDPR).
As data controller, we process only the minimum data necessary to operate the service (data minimisation principle). You have the right to access, correct, restrict, and erase your personal data at any time. To exercise these rights, contact social@hektera.com.
11. Contact
For privacy-related questions or data deletion requests, contact us at:
Hektera
Atatürk Mahallesi, 2023 Sokak, No:51/1, Urla / İzmir, Türkiye
Email: social@hektera.com
LinkedIn: linkedin.com/company/hektera