Trackly logotrackly
Log In

How we handle your data

Your network is yours. We just help you use it.

Your LinkedIn connections are your whole professional network. Handing them to any app should make you a little wary. So here’s exactly what we do with them: plain English first, the technical detail if you want it.

Your LinkedIn connections

Five promises

Import your Connections.csv and all five hold. We built the code that way, so it’s not a policy you have to take on faith.

  1. 1. Your raw file is never stored

    We read your CSV in memory, pull out the fields, and drop it. The file itself never touches our disk.

  2. 2. Encrypted the moment it’s saved

    Every contact is encrypted before it hits the database. We use envelope encryption with AWS Key Management Service (KMS): a fresh data key for each import, wrapped by a key we can’t pull out of KMS.

  3. 3. We match without reading

    To show that you know 12 people at Stripe, we compare one-way hashes (HMAC-SHA256) of company names. Matching never needs a readable copy of your contacts, and it never keeps one.

  4. 4. Only you ever see them

    Your connections show up for you, inside your own jobs, and nowhere else. Trackly doesn’t message them or share them with anyone.

  5. 5. One click deletes all of it

    “Remove connections” wipes your imported network from the vault right away. Nothing kept, nothing archived.

The path your data takes

What happens when you import

Here’s the whole path, from the file you pick to a match against a job. Short version: the raw file goes nowhere.

  1. 1. Your CSV

    Your LinkedIn data export

  2. 2. Parsed in memory

    Fields pulled out in RAM

  3. 3. Encrypted vault

    AWS KMS, per-import key

  4. 4. HMAC match keys

    One-way; powers “who you know”

The raw Connections.csv is gone the second we finish parsing it. It never reaches our database or storage.
How it works, technically
  • In-memory parse. We stream the upload, pull the fields, and drop the raw bytes. The original file is never persisted (rawFileStored = false on every import).
  • Envelope encryption. Each import gets a fresh data key from AWS KMS. We encrypt every contact’s payload with it using AES-256-GCM and store only the KMS-wrapped key. Without KMS, the stored data is unreadable.
  • One-way match keys. Company match keys are HMAC-SHA256 hashes. They don’t reverse. We can check whether a contact’s company matches a job’s company without decrypting the contact.
  • Scoped to you. Your vault is tied to your account. Connections only ever surface back to you, inside your own jobs and your Network page.
  • Read-only by design. The code can read your connections to match them to your jobs, and that’s it.
  • Real delete. Removing connections runs an actual delete on your vault rows. Nothing soft-deleted, nothing archived.

Your résumé

Your résumé gets the same treatment

We use it only to sharpen your matches, and it’s held to the same bar: encrypted, tied to your account, deletable whenever you want, never shared, never used to contact anyone.

Questions about your data?

We’d rather over-explain than leave you guessing. Email us anytime at hello@usetrackly.app.