TheColdDM
Log inGet started

Privacy Policy

Last updated: 25 April 2026

TheColdDM (“we”, “us”, “the Service”) helps you generate personalized cold DMs by analysing the public activity of LinkedIn profiles you choose. This page explains exactly what data we handle and why. If anything here is unclear, email support@thecolddm.com.

1. Data we collect

From you (the account holder)

  • Email address — for sign-in, transactional emails, and the 7-day reply-prompt email that powers our reply-rate analytics.
  • Optional profile bio + goal — used as input to the DM generation prompt. You can edit or delete this any time.
  • Generated DMs and templates you save — stored against your account so you can revisit them.
  • Reply reports — when you click a token link in our follow-up email indicating whether a DM got a reply, we store that outcome alongside the generation. This data is the basis of our reply-rate analytics and is the core of the product.
  • Payment metadata — if you upgrade to a paid plan, we receive a Razorpay payment ID, plan tier, and period end date. We do not see or store your card details.

From LinkedIn profiles you submit

  • Public profile fields — name, headline, current role, about section, and the most recent ~20 public posts of the profile URL you paste. We retrieve this through the Apify platform using public LinkedIn endpoints. We do not access private posts, connections, or any data behind LinkedIn auth.
  • Cache — to keep costs down, we cache scraped profile data for up to 7 days. After 7 days the cache is invalidated; a fresh fetch occurs the next time the profile is generated against.

Cookies and session storage

We use a single first-party cookie issued by Supabase Auth to keep you signed in. We do not use third-party advertising or tracking cookies. Anonymous, aggregate page-view counts may be recorded via privacy-friendly analytics; no individual user is identified.

2. How we use your data

  • To run the Service: generate DM variants, track quotas, manage subscriptions.
  • To send you transactional emails (signup confirmation, password reset, billing receipts, the 7-day reply-prompt).
  • To improve generation quality. We aggregate de-identified reply-rate data by opener style and industry. We do not train any third-party public model on your data.
  • To enforce our Terms of Service and prevent abuse.

We do not sell your data. We do not share your generated DMs, reply reports, or LinkedIn-derived data with anyone outside the processors listed below.

3. Third-party processors

TheColdDM is built on top of services that act as data processors under our instructions. Each is listed below with the data they receive.

  • Supabase (database, authentication) — stores your account, generations, templates, reply reports.
  • Vercel (hosting) — serves the application and runs serverless functions.
  • Apify (LinkedIn data) — receives the LinkedIn profile URL you submit and returns public profile data.
  • Anthropic, Groq, Google (Gemini) (LLM providers) — receives the structured profile data plus your goal/bio inputs to generate DM variants. Per their respective policies, your inputs and outputs are not used to train their public models.
  • Razorpay (payments) — handles checkout and stores card details directly. We never see your card number.
  • Resend (transactional email) — delivers signup, password-reset, and reply-prompt emails on our behalf.

4. Data retention

  • Account data — retained while your account is active, and for up to 30 days after deletion to allow recovery.
  • Generated DMs and reply reports — retained while your account is active. Aggregate reply-rate statistics may be retained indefinitely in de-identified form.
  • Scraped LinkedIn cache — purged after 7 days.
  • Billing records — retained for the period required by applicable Indian tax law (currently 8 years).

5. Your rights

You can, at any time:

  • Export your generations and templates from your dashboard.
  • Delete your account and all associated data by emailing support@thecolddm.com from the email address on the account. Deletion is irreversible after 30 days.
  • Correct any inaccurate data in your profile.
  • Object to specific processing or withdraw consent. Some objections may prevent us from providing the Service.

6. LinkedIn and other people’s data

When you generate a DM, you are submitting another person’s public LinkedIn profile URL. You confirm that you have a legitimate B2B reason to contact that person, that you will respect their preferences if they ask not to be contacted, and that you will comply with applicable anti-spam law (DPDP Act, GDPR, CAN-SPAM) and LinkedIn’s own user agreement when sending the DM. We do not store the contact’s personal data beyond the cache window above and what is needed for your generation history.

If you are a LinkedIn user and your profile has been processed by TheColdDM and you want it removed, email support@thecolddm.com with the URL and we will purge any cached data within 7 days.

7. Security

All traffic is served over TLS. Database access is gated by row-level security so users can only read their own rows. API keys are stored as encrypted environment variables. No system is perfectly secure, but we take reasonable measures and will notify affected users in the event of a confirmed breach.

8. Children

TheColdDM is a B2B tool intended for adult professionals. We do not knowingly collect data from anyone under 18.

9. International transfers

TheColdDM is operated from India. Some processors above (notably Anthropic and Vercel) are based in the United States. By using the Service you consent to your data being processed in those jurisdictions under each processor’s own safeguards.

10. Changes to this policy

We may update this policy as the product evolves. Material changes will be announced by email to active accounts at least 14 days before they take effect.

11. Contact

Questions, deletion requests, or data-protection concerns: support@thecolddm.com.

Terms of Service