Privacy Policy

Last updated: February 17, 2026

1. Who we are

Crispy is operated by Closyn LLC ("we", "us"). This policy explains how we collect, use, and protect your information when you use our service at crispy.sh.

2. What we collect

  • Account information: Email address and password hash when you sign up.
  • LinkedIn connection: When you connect your LinkedIn, we store an authentication token provided by our third-party provider (Unipile). We never store your LinkedIn username or password.
  • API usage logs: We log which API tools are called, when, and by which account for rate limiting and analytics. We do not log the content of messages or posts you create.
  • Billing information: Payment is processed by Stripe. We store your Stripe customer ID and subscription status. We do not store credit card numbers.

3. How we use your data

  • To provide and maintain the Service
  • To authenticate API requests and enforce rate limits
  • To process payments and manage subscriptions
  • To send important service-related communications
  • To detect and prevent abuse or fraud

4. LinkedIn data

Crispy acts as a pass-through to LinkedIn via our API provider. When you use our tools (search, messaging, posting), requests are executed in real-time against LinkedIn. We do not bulk-download, cache, or store your LinkedIn data, contacts, messages, or posts on our servers. API responses are returned directly to your MCP client.

5. Third-party services

  • Supabase: Database hosting and authentication. Data is stored in Supabase's infrastructure.
  • Unipile: LinkedIn API provider. Handles the connection between Crispy and your LinkedIn account.
  • Stripe: Payment processing. Subject to Stripe's Privacy Policy.
  • Vercel: Hosting provider. Subject to Vercel's Privacy Policy.

6. Data security

API keys are stored as SHA-256 hashes and cannot be retrieved after creation. All connections use HTTPS. Database access is controlled by row-level security policies. We follow industry-standard practices to protect your data.

7. Data retention

We retain your account data for as long as your account is active. Usage logs are retained for 90 days. When you delete your account or disconnect your LinkedIn, associated data is removed within 30 days.

8. Your rights

You can:

  • Disconnect your LinkedIn account at any time from the dashboard
  • Delete your Crispy account and all associated data
  • Request a copy of the data we hold about you
  • Request correction or deletion of your personal data

To exercise these rights, contact us at support@shyft.ai.

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or analytics scripts.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or through the Service.

11. Contact

Questions about this Privacy Policy? Contact us at support@shyft.ai.