Commently
Commently
AI agent for LinkedIn commenting
TermsPrivacySecurityRefundContactLogin
Trust & Security

Security & Compliance

We build Commently with security-by-design so your data stays protected while you automate LinkedIn commenting responsibly.

Last updated: 2026-04-20

Encryption
Sensitive tokens and cookies are protected with application-layer encryption when stored.
Secure Transport
All traffic between your browser, the dashboard, and our APIs is encrypted in transit via HTTPS.
Operational Controls
We apply least-privilege access and monitor systems to detect abuse and keep the service reliable.

1. What We Protect

Commently is designed to handle the minimum information needed to authenticate you, store your settings, and generate comment suggestions. We explicitly avoid storing LinkedIn passwords and do not sell personal information.

2. Data Encryption

  • In transit: encryption is used for network communication between clients and our servers.
  • At rest (where applicable): we protect stored data using encryption controls provided by our infrastructure and services.
  • Application-layer encryption: sensitive cookies/tokens required for LinkedIn connectivity are stored encrypted, not in plaintext.

3. Access Control

  • Production access is limited to authorized personnel on a need-to-know basis.
  • We follow the least-privilege principle and limit elevated access to sensitive systems.
  • We aim to avoid logging sensitive data and scrub/limit secrets from application logs.

4. Monitoring & Abuse Prevention

We monitor service health and investigate suspicious activity to protect our users and reduce abuse. Rate-limiting and authentication checks are used to safeguard sensitive endpoints.

5. Data Minimization

We collect and process only what is necessary for the product to work. You can remove local extension data by uninstalling the extension and clearing your browser storage.

6. AI & Third-Party Services

When you use AI features, the text you submit to generate a response may be sent to an AI provider. You control what you submit and should review all outputs before publishing.

7. Compliance Posture

  • Privacy principles: we follow privacy-by-design and limit data collection to what is needed.
  • GDPR readiness: we aim to align with GDPR principles. We are not currently certified under a formal GDPR certification scheme.
  • Security reviews: we maintain secure development practices such as code reviews and secrets handling to reduce risk.

8. Reporting a Security Issue

If you believe you’ve found a security vulnerability, please contact us from the dashboard. Include steps to reproduce and any relevant screenshots or logs (avoid sharing secrets).

Go to DashboardPrivacy Policy