Privacy Policy
Developer: Invent Better
Last updated: March 11, 2026
Data Controller: Mickael Romaniello, operating as Invent Better (Entreprise Individuelle), based in France. For all data protection inquiries: contact@invent-better.com
Overview
Toki is a macOS desktop app for scheduling and publishing LinkedIn posts. We designed Toki with privacy as a core principle: your content is stored locally on your Mac, we collect only what is necessary to run the app, and we never sell your data.
This policy explains what data Toki collects, how it is used, and your rights regarding that data.
1. Data We Collect
1.1 Data Stored Locally on Your Mac
The following data is stored in a local SQLite database on your device and is never transmitted to our servers:
- Post content (text, image file paths, carousel slides)
- Post metadata (status, scheduled time, published time, LinkedIn post ID)
- Templates (name and content)
- Draft posts
- Local usage events (e.g., "post created", "template used") for internal app metrics only
This data remains entirely on your Mac unless you explicitly export it using the Export feature.
1.2 Data Sent to Our Services
When you use Toki, the following data is sent to our backend services (hosted on Google Firebase):
- LinkedIn profile information: Your LinkedIn display name, email address, LinkedIn ID, and profile picture URL (received during the LinkedIn OAuth sign-in)
- Usage counts: Number of posts published and carousels created per month (used to enforce Free plan limits)
- App metadata: App version, platform (macOS), and system locale
- Timestamps: Account creation date and last seen date
This data is stored in Google Cloud Firestore and is associated with an anonymous Firebase authentication ID.
1.3 Data Shared with Third-Party Services
| Service | Data Shared | Purpose |
|---|---|---|
| OAuth access token, post content, images. Token is sent directly from your Mac to LinkedIn — it never passes through our servers. | Publishing your posts to LinkedIn on your behalf | |
| Apple App Store / RevenueCat | Anonymous user ID, subscription status | Processing Pro subscription payments |
| Firebase Crashlytics | Crash reports, stack traces, app state at time of crash. Does not include post content or LinkedIn credentials. | Diagnosing and fixing app bugs (release builds only) |
| Firebase App Check | Device attestation token | Preventing API abuse |
| Canva (Pro, optional) | OAuth access token | Importing your Canva designs into Toki |
2. How We Use Your Data
We use the data described above for these purposes only:
- Publishing posts: Sending your content to LinkedIn at your scheduled time
- Enforcing plan limits: Tracking monthly usage to apply Free plan limits (20 posts/month, 5 carousels/month)
- Subscription management: Verifying your Pro subscription status through RevenueCat
- Crash reporting: Identifying and fixing bugs to improve app stability (release builds only)
- App improvement: Understanding aggregate usage patterns (no individual user tracking)
We do not use your data for: advertising, selling to third parties, marketing emails, user profiling or behavioral tracking, or training AI models.
3. Data Storage & Security
Local Data:
- Stored in an encrypted SQLite database on your Mac
- LinkedIn OAuth tokens are stored in macOS Keychain (via Flutter Secure Storage)
- Canva OAuth tokens are stored in macOS Keychain
Cloud Data:
- Stored in Google Cloud Firestore (Firebase) with security rules restricting access to authenticated users only
- Firebase authentication uses anonymous sign-in (no password stored)
- All communication with Firebase uses HTTPS/TLS encryption
Payment Data:
- Toki never sees, stores, or processes your payment information
- All subscription payments are handled entirely by the Apple App Store
- RevenueCat manages subscription status using anonymous identifiers
International Data Transfers
Your data may be transferred to and processed in countries outside of your country of residence, including the United States, where Google (Firebase), LinkedIn, RevenueCat, and Apple operate servers. These transfers are necessary to provide the Toki service. For EU/EEA users, these transfers are protected by Standard Contractual Clauses (SCCs) implemented by our service providers. You can review each provider's data transfer mechanisms in their respective privacy policies linked in Section 6.
4. Data Retention
- Local data is retained on your Mac until you delete it or delete your account
- Cloud data (Firestore) is retained until you delete your account
- Crash reports are retained for 90 days (Firebase Crashlytics default)
- Subscription data is managed by RevenueCat and Apple according to their retention policies
5. Account Deletion
You can delete your account and all associated data at any time from Settings > Delete Account within the app. This process:
- Deletes all your data from our Firebase servers (Firestore user document, usage data, and all associated records)
- Clears locally stored OAuth tokens from macOS Keychain
- Deletes the local SQLite database (all posts, drafts, and templates)
- Clears all app preferences
- Signs you out of Firebase
Account deletion is complete and irreversible. We do not retain any of your data after deletion.
6. Third-Party Services & Their Privacy Policies
Toki relies on the following third-party services. Each has its own privacy policy:
- Google Firebase (Firestore, Auth, Crashlytics, App Check)
- RevenueCat
- Apple (App Store)
- Canva (optional)
7. Children's Privacy
Toki is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us and we will delete it promptly.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Delete your account and all associated data (available directly in the app)
- Portability: Export your posts and templates as a JSON file (Pro feature, or available upon request)
- Objection: Object to specific data processing activities
To exercise any of these rights, contact us at the email address below.
We will respond to data access, correction, or deletion requests within 30 days for EU/EEA residents (GDPR) and 45 days for California residents (CCPA).
For EU/EEA Users (GDPR)
Our legal basis for processing your data is:
- Contract performance: Processing necessary to provide the Toki service (publishing posts, enforcing plan limits)
- Legitimate interest: Crash reporting and app improvement
- Consent: Optional integrations (Canva) and data collection during account creation
You may withdraw consent at any time by disconnecting services in Settings or deleting your account.
You also have the right to lodge a complaint with a supervisory authority. As Invent Better is based in France, the relevant authority is the CNIL (Commission Nationale de l'Informatique et des Libertés) — www.cnil.fr.
For California Users (CCPA)
- We do not sell your personal information
- We do not share your personal information for cross-context behavioral advertising
- You have the right to know what personal information we collect and to request its deletion
- You have the right to opt out of the sale of your personal information (we do not sell, so no action is required)
- You have the right to non-discrimination for exercising your CCPA rights
- Categories of personal information collected: identifiers (LinkedIn ID, email), internet activity (usage counts), and commercial information (subscription status)
- We will respond to verifiable consumer requests within 45 days
9. Changes to This Policy
We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this document. For significant changes, we will notify you through the app.
10. Contact Us
If you have questions about this privacy policy or your data, contact us at:
Email: contact@invent-better.com
Developer: Invent Better
11. Summary
| Where is my data stored? | Posts, drafts, and templates are stored locally on your Mac. Usage counts and profile info are stored in Firebase. |
| Do you sell my data? | No, never. |
| Do you show ads? | No. |
| Do you track me? | No behavioral tracking. Only aggregate usage counts for plan limits. |
| Can I delete my data? | Yes, completely and irreversibly, from Settings > Delete Account. |
| What happens if I cancel Pro? | You revert to the Free plan. Your data is never deleted. |
| Do you see my payment info? | No. Payments are handled entirely by the Apple App Store. |
| Is my LinkedIn token safe? | Yes. Stored in macOS Keychain, never transmitted to our servers. |