Privacy Policy
Think Three Pty Ltd (ABN 92 640 133 437)
Trading as “LinkedIn for Workflows”
Effective Date: 2025-07-22
1. Introduction
This Privacy Policy describes how Think Three Pty Ltd (trading as “LinkedIn for Workflows”) collects, uses, stores, and protects personal information in connection with our automation platform (“Service”). The Service enables users to automate LinkedIn-related actions through Lead Connector CRM, the Unipile API, and third-party services such as ElevenLabs. It supports messaging, connection requests, data enrichment, profile activity tracking, two-way chat, and workflow-triggered actions. By using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.
For the purposes of applicable privacy legislation, Think Three Pty Ltd acts as a data controller for account and platform-related information and as a data processor for data processed through user-defined workflows, including LinkedIn message content, activity logs, and other information generated through your integrations.
2. Description of the Service
LinkedIn for Workflows provides a bridge between Lead Connector CRM and the Unipile API to power user-triggered LinkedIn automations. All interactions with LinkedIn occur only when initiated or configured by the user through CRM workflows or platform settings. The platform enables automated messaging, connection requests, activity monitoring, contact enrichment, and follow-up actions. The Service is designed to support genuine, compliant professional engagement and must not be used for mass scraping, bulk unsolicited messaging, automated data harvesting, or any behaviour that circumvents LinkedIn’s Terms of Service. The platform also integrates optional external services such as ElevenLabs to enhance functionality.
3. Personal Data We Collect
We collect the information necessary to deliver, secure, and improve the Service. As a data controller, we collect Agency Company Name, Agency Company Owner Name, Agency Company ID, Location ID, Installer Name, email addresses, encrypted ElevenLabs API keys, workflow configurations, and platform usage information. We also collect device, browser, and usage data through technologies such as Google Analytics, Meta Pixel, and Microsoft Clearview, subject to consent requirements where applicable.
As a data processor, we process LinkedIn-related data strictly as directed by users, including message content, connection request data, activity logs, and workflow-triggered payloads. API logs that may contain the content of LinkedIn messages or other interaction data are retained for up to ninety (90) days. These logs exist solely to allow users to identify workflow issues and to assist in resolving technical problems.
We do not independently collect or maintain archives of LinkedIn profile data, scraping outputs, connection lists, or activity history outside the log retention period.
4. How We Use Personal Data
We use personal data to operate, maintain, and enhance the Service. As a controller, we use account-level information to authenticate users, manage subscriptions, provide support, monitor security, troubleshoot problems, and administer platform functionality. As a processor, we use LinkedIn-related data and workflow inputs solely to execute user-defined automations and actions within the CRM.
We do not use personal data for automated decision-making that produces legal or significant effects. Personal information is not used for purposes unrelated to the Service, and no profiling occurs beyond the functionality explicitly configured by users within their workflows. Contact information may be used for service notifications, security updates, or legally required communications.
5. Data Sharing with Third Parties
We share personal data only with third parties necessary to provide and support the Service. These include Unipile for LinkedIn integration, ElevenLabs for optional features, Lead Connector for billing, Google Cloud Platform (GCP) for hosting, and CRM tools used internally for support. All third parties are bound by data processing agreements requiring them to protect personal information and comply with applicable privacy laws.
Use of Unipile API
Unipile serves as a data processor facilitating LinkedIn interactions. It stores message content and account settings necessary for connected accounts but does not store user login credentials. All data handled by Unipile is managed under strict security controls, and any associated data is deleted when a user disconnects their account or requests deletion. Users may review Unipile’s independent privacy practices at:
https://www.unipile.com/privacy-policy/
We do not sell or share personal information as defined under the CCPA/CPRA. We do not grant third parties access to personal data for advertising purposes beyond pseudonymous analytics details handled by cookies.
6. Security Measures
We implement administrative, technical, and physical safeguards designed to protect personal information. Data in transit is protected using industry-standard encryption protocols, and encrypted storage is applied to sensitive elements such as ElevenLabs API keys. Our hosting infrastructure includes network security, access control, and monitoring systems provided by leading cloud providers. Access to personal data is restricted to authorized personnel under the principle of least privilege. API logs and workflow payloads are retained for no more than ninety days and are securely deleted thereafter. While we apply industry-standard protections, no system can guarantee absolute security.
7. International Data Transfers
Personal data may be transferred to or stored in jurisdictions outside your country of residence, including the United States, Australia, and Europe, depending on service operations. These transfers are made in compliance with applicable laws and are supported by Standard Contractual Clauses (SCCs), the UK Addendum, and equivalent legal mechanisms employed by our service providers. By using the Service, you acknowledge that your data may be processed in jurisdictions with different data protection laws.
8. Data Retention
We retain personal data only as long as necessary to fulfil the purposes outlined in this Privacy Policy unless a longer period is legally required. API logs containing LinkedIn message content, workflow activity, and payload data are retained for up to ninety days. When a user deletes their account, all workflow settings, automation rules, integration tokens, and Unipile-related data are deleted immediately. Basic account information is retained for legitimate business purposes unless a user requests erasure, subject to legal record-keeping requirements. We do not store billing information, as billing is handled exclusively by Lead Connector.
9. Legal Bases for Processing (GDPR)
For users located in the European Union or United Kingdom, we process personal data under the following legal bases:
• Contract necessity for providing access to the Service and processing workflow automations.
• Legitimate interests, such as improving platform performance, ensuring security, and supporting user workflows, balanced against user rights.
• Consent for analytics and marketing cookies, where required.
• Compliance with legal obligations where retention or disclosure is required by law.
Users may withdraw consent or object to processing based on legitimate interests at any time.
10. Your Rights (GDPR, CCPA/CPRA, PIPEDA)
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to the processing of your personal information. You may also request a copy of your data in a portable format. Under the CCPA/CPRA, California residents have rights to request disclosure of collected information, request deletion, opt out of the sale or sharing of personal data (which we do not engage in), and exercise nondiscrimination rights.
Requests may be submitted to daniel@think3.co. We may need to verify your identity before fulfilling any request. We will respond within the timeframes required by applicable laws.
11. Children’s Privacy
The Service is intended only for users aged sixteen (16) years and older. We do not knowingly collect or process personal information from individuals under sixteen. If such data is identified, it will be deleted promptly. Parents or guardians may contact us if they believe a minor’s information has been submitted in error.
12. Cookies and Analytics
We use cookies and similar technologies for essential platform functionality, analytics, and marketing. Where required under GDPR and ePrivacy laws, non-essential cookies such as analytics and marketing cookies are only used after obtaining explicit consent. Users may manage cookie preferences through browser settings or applicable consent tools. Analytics providers such as Google Analytics, Meta Pixel, and Microsoft Clearview may collect pseudonymous usage information, device identifiers, and interaction metrics to help improve the Service.
13. Data Deletion Requests
Users may request deletion of their data at any time by contacting daniel@think3.co. Upon such a request, workflow settings, automation configurations, access tokens, and Unipile-related data will be removed immediately. Log data older than ninety days is automatically deleted, while recent logs will be scheduled for deletion at the end of the retention cycle unless earlier deletion is required by law.
14. Complaints
Users may raise concerns or complaints regarding data handling practices by contacting daniel@think3.co. Individuals in the EU may lodge complaints with their local supervisory authority. Users in Australia may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. We will make reasonable efforts to respond promptly and transparently.
15. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our services, legal requirements, or operational practices. Updates will be published with a revised effective date. Continued use of the Service after such updates constitutes acceptance of the updated policy.
16. Contact Information
For questions, privacy requests, or concerns, please contact:
Think Three Pty Ltd (ABN 92 640 133 437)
80 McIntyre St
Hendra QLD 4011
Australia
Email: daniel@think3.co
Attention: Daniel Marr