Your data, your rules

Security & Privacy

Crispy gives you full control. Managed storage by default for features like Unibox and campaigns, with data you can export or delete anytime.

Your data, your rules

Managed storage by default so features like Unibox work out of the box. Export or delete your data anytime. For full data ownership or custom data residency, talk to us about enterprise deployment options.

No credential access

We never see your LinkedIn password. Authentication happens through a secure hosted flow. Your team connects their own accounts and controls their own scope.

API keys hashed at rest

API keys are stored as SHA-256 hashes. The plaintext key is shown once at creation and cannot be retrieved. Revoke any key instantly from the dashboard.

Permission scoping

Each connected profile has granular permission scopes. Restrict tools to read-only, outbound-only, or full access. Employees control their own scope.

Infrastructure

Hosted on Railway (US West). Database on Supabase with row-level security. All connections encrypted with TLS 1.3. No self-hosted components to patch.

GDPR compliant

Standard DPA available on request. One-click data deletion. For custom data residency or full ownership requirements, talk to us about enterprise deployment options.

What data touches our servers?

The short answer: almost nothing.

Data typeStored?Details
Contacts & activitiesManaged (default)Stored for Unibox & campaigns. Export or delete anytime
LinkedIn credentialsNeverHandled by secure auth provider
API keysSHA-256 hash onlyPlaintext shown once, then discarded
Usage logs (tool name, timestamp)90 daysRate limiting & analytics only
Email & billingWhile activeDeleted within 30 days of account closure

Security FAQ

Do you need a DPA (Data Processing Agreement)?

Yes. Managed storage (default) processes contact and activity data on your behalf. A standard DPA is available on request. For full data ownership or custom data residency, talk to us about enterprise deployment options.

What happens if Crispy gets breached?

Managed storage contains contacts and activity metadata - no LinkedIn passwords or API tokens. API keys are SHA-256 hashed at rest. For full data ownership or custom data residency, talk to us about enterprise deployment options.

Can my employer see my LinkedIn messages?

Only if you grant them access. Each team member controls their own permission scope. An admin can see usage logs (which tools were called) but message content is only accessible through the Unibox if the account is in their workspace.

How do daily safety limits work?

Crispy enforces per-profile daily action caps (connection requests, messages, posts) that stay within LinkedIn's acceptable usage patterns. These limits cannot be overridden, even by API.

Is Crispy SOC 2 certified?

Crispy itself is not SOC 2 certified. Our infrastructure runs on managed cloud providers (Railway for hosting, Supabase for the database) with encrypted connections and row-level security. For full data ownership or custom data residency, talk to us about enterprise deployment options.

Can I run a pentest against Crispy?

Yes. Contact us at [email protected] to coordinate. We welcome responsible disclosure.

The complete LinkedIn API. Ready when you are.

Connect your first LinkedIn profile in under 5 minutes. Every tool, every seat, no feature gates. Safe limits, warm-up, and full permission control built in.