← Back

Privacy Notice

Last updated: 25 March 2026

1. Controller

The entity responsible for this website and the service offered is:

invytee
Hetzendorfer Straße, 1120 Wien, Austria
Email: info@invytee.eu

2. What does this service do?

This service allows users to sign in with their LinkedIn account and, based on their profile data, generate a personalised brochure or visual content. The content can then be shared or published on LinkedIn.

The service also provides an admin panel for clients, where they can upload their own templates and generate individual invite links for campaigns.

3. What data do we process?

3.1 Technical use of the website

When you access this website, the server processes certain log data for technical reasons, including:

  • IP address
  • Date and time of access
  • Browser type
  • Operating system
  • Page / URL accessed
  • Referrer URL
  • Error messages and system logs

Purpose: Ensuring technical operation, error analysis and prevention of abuse.
Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR.

3.2 LinkedIn login and identification

When you sign in with your LinkedIn account, the system may process the following data transmitted by LinkedIn:

  • LinkedIn ID
  • Name
  • Profile picture
  • Language / locale (where applicable)
  • OpenID identification data (where applicable)
  • Access token for API use

Purpose: Identifying the user, providing the service and generating personalised content.
Legal basis: Performance of a contract / pre-contractual measures pursuant to Art. 6(1)(b) GDPR.
Retention: Data is held in a server-side session only. Sessions expire after 1 hour and are deleted on logout.

3.3 Generation of brochures or visual content

The system generates a brochure or visual content based on your LinkedIn profile data and the selected template. The following data may be processed:

  • Name
  • Profile picture
  • Internal user ID
  • Selected template
  • Generated image file or output

Purpose: Creating personalised content for the user.
Legal basis: Art. 6(1)(b) GDPR.
Retention: Generated files are deleted when the session ends or on logout.

3.4 Publishing on LinkedIn

When you use the LinkedIn posting feature, the system may process the following data:

  • Text of the post you create
  • Uploaded or generated image
  • Technical identifier of the LinkedIn account
  • API data required for publishing

Purpose: Carrying out the publication on LinkedIn requested by the user.
Legal basis: Art. 6(1)(b) GDPR, and where applicable additionally Art. 6(1)(a) GDPR.

3.5 Use of the client / admin panel

This section applies only if the admin panel is actively used. The following data may be processed:

  • Client's email address
  • Password in hashed form
  • Account identifier
  • Uploaded template files
  • Generated individual invite links
  • Creation date and log data

Purpose: Managing client accounts, storing templates and creating campaign / invite links.
Legal basis: Art. 6(1)(b) GDPR.

4. Source of data

Data is collected directly from the individual concerned, or via LinkedIn when the user signs in with their LinkedIn account and consents to using the application.

5. Recipients and processors

Personal data is only shared to the extent necessary to provide the service. Recipients may include:

  • Hosting and server infrastructure: Amazon Web Services (AWS Lightsail)
  • LinkedIn, to the extent required for use of the LinkedIn API

LinkedIn may also process personal data as an independent controller within the scope of its own services. See LinkedIn's Privacy Policy.

6. Transfers to third countries

Personal data may be transferred to service providers that also process or store data outside the European Union — in particular when using external platforms or API services. Any such transfer is made in accordance with applicable data protection requirements and appropriate safeguards as required by the GDPR.

7. Retention periods

DataRetention period
Server logs7 days (log rotation)
OAuth / technical tokensDuration of session (max. 1 hour)
Generated images / brochuresDeleted on logout or session expiry
Client account data (admin panel)Until account deletion, or as required by law
Templates and invite linksUntil deleted by the client

8. Your rights

Under applicable law you have the following rights in particular:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent at any time with effect for the future

To exercise these rights, please contact us at any time using the contact details provided in section 1.

9. Right to lodge a complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority.

The competent authority in Austria is:

Österreichische Datenschutzbehörde
Barichgasse 40–42
1030 Wien
Email: dsb@dsb.gv.at

10. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or unlawful disclosure.

  • Passwords are stored as hashes only (PBKDF2-SHA256) — never in plain text.
  • Session cookies are HTTPOnly and expire after 1 hour.
  • All data transfers use HTTPS.
  • Access to template files is restricted to authenticated admin sessions.

11. Changes to this privacy notice

We reserve the right to update this privacy notice if legal requirements or our service change. The current version is always available on this page.