EElevato

LinkedIn API Compliance

LinkedIn API Compliance Documentation

Complete transparency about how Elevato uses LinkedIn's APIs to power your content creation and analytics workflows.

Overview

Elevato is a LinkedIn content creation and analytics co-pilot that helps users ideate, write, schedule, and analyze LinkedIn posts. We use LinkedIn's Community Management API (Marketing API) to publish posts to personal profiles and organization pages, and to fetch post performance analytics.

Important: Elevato focuses exclusively on content creation and analytics. We do not perform lead generation, scraping, mass outreach, or automated messaging. Our product helps you create better content—nothing more.

APIs and Scopes We Request

Personal Account Scopes

  • w_member_social — Publish posts to your personal LinkedIn profile
  • openid — Identify your LinkedIn account (via OpenID Connect)
  • profile — Retrieve basic profile information (name, profile picture) for display in our UI
  • email — Optional scope for account verification (if required by LinkedIn)

Organization Management Scopes

These scopes are only requested when you explicitly choose to connect organization pages you administer:

  • r_organization_admin — Enumerate organization pages you administer (for access control)
  • r_organization_social — Read organization page post data and statistics
  • w_organization_social — Publish posts to organization pages you administer
  • r_member_postAnalytics — Read post performance metrics for member-created content
  • r_organization_followers — Read aggregate follower counts for organization pages
  • r_organization_social_feed — Access organization page feed data
  • w_organization_social_feed — Post to organization page feeds
  • w_member_social_feed — Post to member feeds
  • r_basicprofile — Basic profile information access
  • r_1st_connections_size — Aggregate connection count (for analytics)

Note: We request only the minimum scopes necessary to enable our core functionality. We do not request messaging scopes, lead generation scopes, or any permissions unrelated to content publishing and analytics.

What Data We Access and Why

Identity Information

  • LinkedIn Member ID — Required to construct author URNs (urn:li:person:...) for publishing posts. Retrieved via OpenID Connect /userinfo endpoint.
  • Basic Profile Fields — Name and profile picture URL, displayed in our UI to show which LinkedIn account is connected.

Content Data

  • Post Content — Text content you draft in Elevato and choose to publish to LinkedIn. This is your content, not data we scrape from LinkedIn.
  • LinkedIn Post IDs — Unique identifiers returned by LinkedIn when posts are published. We store these to fetch analytics and display post status.

Organization Data

  • Organization IDs and Names — For organization pages you administer, we store IDs and display names so you can select which page to post to.

Analytics Data

  • Post Metrics — Aggregated performance data: impressions, reactions (likes), comments, shares, clicks, engagement rate, follower counts. This is aggregate data, not individual user viewing behavior.

What We Don't Access: We do not access your LinkedIn inbox, private messages, connection lists for marketing purposes, or email addresses for lead generation. We do not scrape LinkedIn profiles or automate viewing of other users' profiles.

How Publishing Works

When you create a post in Elevato and choose to publish it to LinkedIn:

  1. We construct a UGC Post request using the LinkedIn UGC Posts API.
  2. For personal posts: We use your LinkedIn member ID to construct an author URN (urn:li:person:{id}).
  3. For organization posts: We use the organization URN (urn:li:organization:{id}) for pages you administer.
  4. We send the post content to LinkedIn's API endpoint: POST https://api.linkedin.com/v2/ugcPosts
  5. LinkedIn returns a post ID, which we store to enable analytics fetching and status tracking.

All publishing is initiated by explicit user action. We do not automatically publish content without your consent.

How Analytics Work

We fetch post performance metrics using LinkedIn's analytics APIs:

  • Personal Posts: Uses the memberCreatorPostAnalytics endpoint to fetch aggregated metrics (impressions, reactions, comments, shares, members reached).
  • Organization Posts: Uses the organizationalEntityShareStatistics endpoint to fetch aggregated metrics (impressions, likes, comments, shares, clicks).

We store these aggregated metrics in our database to power your analytics dashboard. This data represents aggregate counts, not individual user viewing behavior.

Data Storage and Security

Storage

All data is stored in secure, encrypted databases with encryption at rest. All API communication uses HTTPS/TLS encryption in transit.

What We Store

  • Access Tokens — Stored securely in our backend systems, server-side only. Never exposed to client-side code or stored in browser storage.
  • Organization Data — Organization IDs and names that you have access to administer, stored securely for the purpose of enabling organization page posting.
  • Post Data — Your drafted content and LinkedIn post IDs returned by LinkedIn, stored to enable analytics fetching and status tracking.
  • Metrics Data — Aggregated post metrics snapshots stored to power your analytics dashboard and historical reporting.

Security Practices

  • OAuth 2.0 authorization flow (industry standard)
  • Access tokens stored server-side only (never in browser cookies, localStorage, or client-side code)
  • All API requests made server-side through secure backend endpoints
  • Credentials managed through secure environment configuration (not hardcoded)
  • Token expiration tracking and user notifications for reconnection

Data Retention and Deletion

Retention Periods

  • Access Tokens: Retained while your LinkedIn integration is active. Deleted immediately when you disconnect LinkedIn or delete your Elevato account.
  • Organization Data: Retained while your organization integration is active. Deleted when you disconnect organizations or delete your account.
  • Post IDs and Metrics: Retained to provide historical analytics while your account is active. Deleted upon account deletion or upon your request.
  • Draft Content: Retained while your account is active. Deleted upon account deletion or upon your request.

How to Delete Your Data

  • In Elevato: Go to Settings → Integrations → Disconnect LinkedIn. This immediately deletes stored access tokens and organization mappings.
  • On LinkedIn: You can revoke Elevato's access at any time via LinkedIn Settings & Privacy → Data privacy → Other applications → Permitted services.
  • Account Deletion: Deleting your Elevato account removes all LinkedIn-related data we store (tokens, organization mappings, post IDs, metrics, drafts).

What We Don't Do

To ensure compliance with LinkedIn's Terms and best practices:

  • We do not scrape LinkedIn profiles or automate viewing of profiles
  • We do not send automated connection requests or messages
  • We do not harvest contact information for lead generation or CRM enrichment
  • We do not use LinkedIn data for advertising or retargeting
  • We do not share LinkedIn data with third parties for marketing purposes

Disclosures

Powered by LinkedIn API

Elevato is not affiliated with, endorsed by, or sponsored by LinkedIn. LinkedIn, the LinkedIn logo, and related marks are trademarks of LinkedIn Corporation.

Your use of LinkedIn data through Elevato is subject to LinkedIn's Terms of Service and API Terms of Use.

Relevant LinkedIn Policies

Questions or Concerns?

If you have questions about our LinkedIn API usage or data handling practices, please contact us at privacy@getelevato.com.

← Back to Privacy Policy