Privacy notice & your control
Notice version: art14-v1-2026-07-03
Who is responsible
Controller: Buffed by AI Inc (Wyoming, USA). Privacy contact: reply to any message you received from us, or use the erasure link included in that message. As a controller outside the EU, we are assessing the appointment of an EU representative (Art. 27 GDPR).
Why you may have received a message from us
You previously published a professional introduction and LinkedIn URL in a public Telegram “mutual connect” thread. We stored a minimal private seed record from that public post to decide whether to invite you to a private networking-dashboard pilot. The source thread and date are shown on your private preview. We treat that post as a lead signal only — not as consent to publish you, market to you, train models on your data, or let agents contact you.
What we hold and why
- Seed records (unclaimed): name, LinkedIn URL, your public self-description, thread/date provenance. Purpose: deciding on and delivering a one-time pilot invitation. Legal basis under assessment: legitimate interest (Art. 6(1)(f)); a documented assessment is reviewed before any outreach wave.
- Claimed accounts: what you choose to add. Basis: performing the service you asked for (Art. 6(1)(b)).
- Suppression markers: a minimal key (e.g. a LinkedIn slug) kept after erasure so you are never re-imported or re-contacted.
What is public
- Nothing, by default. Unclaimed records are never visible to other users (enforced by row-level security in the database).
- Discoverability is OFF by default, separate from claiming, and separate from every contact channel; each channel needs its own opt-in and handles are encrypted.
- Silence never creates visibility: if you do nothing, nothing is published and the seed record is deleted or minimised under our retention rule.
Your rights — no account needed
- Erase: every message and preview includes a one-click erasure link; erasure is immediate, propagates to derived data (tags, scores, previews), and works without registration.
- Object / stop contact: reply REMOVE to any message; you will not be contacted again.
- Access, correction, export, restriction: request via any of the above routes; we respond within one month.
- Complaint: you may complain to your local EU data-protection authority.
What we never do
- No scraping of LinkedIn; only data you posted publicly in the thread or export yourself.
- No automated messages or invitations — a human sends everything; AI assists with drafts.
- No model training on seed or private data; no inference of sensitive traits.
- Private LinkedIn imports never feed the public directory; they stay isolated to your account, exportable and deletable.
- Previews are masked, watermarked, expiring, and revocable; we minimize what is shown.
Storage, recipients, retention
- Hosting: Microsoft Azure, EU/EEA regions. Processors: Azure (hosting), an LLM API provider for ranking explanations (only the public self-description is processed), EU-hosted analytics once live.
- Retention: an unclaimed seed record is deleted no later than ~8 weeks after we first contact you (a 4-week claim window, then up to 4 weeks hidden in quarantine before hard deletion + a suppression marker so you are never re-imported or re-contacted); records we never contacted are deleted when the outreach program ends; preview links expire; claimed accounts last while you use the service; backups expire on a fixed schedule.
- Profiling: relevance ranking exists only inside the pilot for opted-in members, is explained next to every score, and produces no legal or similarly significant effects.