ZG Consult

Privacy Policy

Effective date: May 8, 2026 · Last updated: May 8, 2026

This Privacy Policy describes how ZG Consult ("ZG Consult," "we," "us," or "our") collects, uses, stores, shares, transfers, and deletes personal information when you or an organization you represent ("you," "User") uses our applications, services, and integrations, including any application that connects to third-party platforms such as LinkedIn on your behalf (collectively, the "Services").

We are committed to handling personal information responsibly and in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA), where applicable.

1. Who We Are

ZG Consult provides marketing analytics, reporting automation, and consulting services. For the purposes of data protection law, ZG Consult acts as the data controller for personal information collected directly from our clients and as a data processor when we process personal information on behalf of a client in connection with reporting or analytics services.

Contact for any privacy-related question or request: amilcar@zg-consult.com.

2. Scope

This policy applies to:

Information we collect when you authorize one of our applications to access your account on a third-party platform (for example, LinkedIn) via OAuth.
Information you provide to us directly (such as when you contact us or engage us as a client).
Limited technical information generated by our use of third-party APIs to deliver Services to you.

This policy does not apply to the practices of third parties whose platforms we connect to on your behalf. Their handling of your data is governed by their own privacy policies (for LinkedIn, see the LinkedIn Privacy Policy).

3. Information We Collect

3.1 Information Accessed Through the LinkedIn APIs

When a User authorizes one of our applications to access their LinkedIn account or LinkedIn Ad Account via OAuth 2.0, we may access and process the following categories of information ("LinkedIn Content"):

Authentication tokens: the OAuth access token, refresh token, and the LinkedIn member identifier ("Member Token") associated with the authenticated user.
Ad account metadata: ad account identifiers, names, currency, status, and the campaigns, campaign groups, and creatives associated with the ad account.
Paid campaign analytics: aggregate performance metrics for sponsored content, including impressions, clicks, video views, conversions, spend, and other metrics returned by the LinkedIn Marketing API.
Organic post analytics: aggregate engagement metrics for organic posts published by the connected LinkedIn Page (for example, impressions, reactions, comments, shares, and click counts) returned by the LinkedIn Pages or Posts APIs.
Connected Page metadata: the LinkedIn Page identifier, name, and limited descriptive information for the Page(s) the User has authorized.

We do not collect or store private messages, connection lists, member networks, or LinkedIn member profile data beyond what is strictly required to identify the authenticated user and to deliver the reporting Services the User has requested.

3.2 Information You Provide Directly

Identifying information you give us when you contact us or engage us, such as your name, email address, company, and role.
Communications you send to us, including support requests and feedback.

3.3 Technical and Operational Data

Logs of API calls made by our applications (timestamps, endpoints called, and response codes) used for debugging, security, abuse prevention, and to verify our compliance with third-party platform terms.

4. How We Use Information

We use the information described above only for the purposes for which it was collected, including:

To provide the reporting and analytics Services that you or your organization have requested (for example, generating a weekly marketing performance report).
To authenticate Users and maintain authorized sessions with third-party platforms via OAuth.
To operate, secure, monitor, and improve our Services.
To comply with applicable law, third-party platform terms, and lawful requests from authorities.
To respond to your support requests and communicate with you about the Services.

We do not use LinkedIn Content, or any data obtained via the LinkedIn APIs, for advertising, advertising targeting, training of generalized machine-learning models, eligibility decisions (credit, insurance, employment, housing, or similar), surveillance, or to facilitate biased or discriminatory practices. We do not sell, rent, or trade LinkedIn Content. We do not commingle LinkedIn Content with third-party data in a way that would obscure its source.

5. How We Share Information

We do not sell personal information. We share personal information only as follows:

With the User who authorized access: reports and dashboards we generate from LinkedIn Content are delivered to the User (or organization) that authorized the connection.
Service providers: vetted infrastructure and tooling providers that host or transmit data on our behalf (for example, cloud hosting, error monitoring, file storage). These providers are contractually bound to use the data only to provide services to us and to protect it with appropriate safeguards.
Legal and safety reasons: where required by law, legal process, or to protect the rights, safety, and property of ZG Consult, our clients, or others.
Business transfers: in connection with a merger, acquisition, or sale of all or part of our business, subject to standard confidentiality protections.

6. Data Retention

We retain personal information only for as long as necessary to deliver the Services and for the limited purposes described in this policy:

OAuth access tokens and Member Tokens: retained while the User's authorization is active and required to operate the Services. Refresh tokens are stored in encrypted form.
LinkedIn Content used for reporting: retained only for the duration necessary to generate, deliver, and reasonably support the reports the User has requested. We do not maintain a separate long-term repository of LinkedIn Content for any other purpose.
Aggregated, de-identified metrics: where we retain aggregated performance metrics for trend analysis on behalf of the same User, we do not attempt to re-identify any individual.
Operational logs: retained for a short, security-appropriate period.

7. Data Security

We use industry-standard organizational and technical measures to protect personal information, including:

Encryption of personal information in transit (TLS) and at rest where stored.
Least-privilege access controls and authentication requirements for personnel.
Secret management for OAuth client credentials and refresh tokens.
Monitoring, logging, and incident-response procedures.

If we discover a security incident affecting LinkedIn Content, we will notify LinkedIn within 24 hours and notify affected Users without undue delay, in line with applicable law and platform requirements.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

Access the personal information we hold about you.
Request correction or deletion of your personal information.
Object to or restrict certain processing of your personal information.
Withdraw consent where processing is based on consent (this will not affect the lawfulness of processing before the withdrawal).
Request portability of personal information you have provided to us.
Lodge a complaint with a data protection authority.

8.1 Withdrawing LinkedIn Authorization

You may withdraw an application's access to your LinkedIn data at any time by:

Revoking the application from your LinkedIn account at LinkedIn → Settings → Data privacy → Permitted services; or
Emailing amilcar@zg-consult.com to request that we revoke and delete the associated tokens and any LinkedIn Content stored on your behalf.

8.2 Deletion Requests

Upon your request, or when you close your account with us, we will delete LinkedIn Content collected on your behalf — including the Member Token and OAuth Access Token — within seven (7) business days of receipt of the request, except where retention is required by law. We will confirm completion of the deletion to you in writing. To make a request, email amilcar@zg-consult.com with the subject line "Data Deletion Request."

9. International Data Transfers

We are based in the United States. If you access the Services from outside the United States, your personal information may be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate. Where required by law, we put in place appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

10. Children's Privacy

Our Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Third-Party Platforms

Our Services may interact with third-party platforms (including LinkedIn). Your use of those platforms is governed by their own terms and privacy policies. We have no control over, and are not responsible for, the privacy practices of those third parties.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If changes are material, we will provide a more prominent notice (for example, via email to Users with active authorizations). Your continued use of the Services after the updated policy takes effect constitutes acceptance of the changes.

13. Contact Us

If you have questions, requests, or complaints about this policy or our handling of your personal information, please contact:

ZG Consult
Attn: Privacy
amilcar@zg-consult.com