Privacy Policy

Last updated: January 28, 2026

Overview

mcp-linkedin is an open-source MCP (Model Context Protocol) server that enables LinkedIn post management from Claude Desktop. This policy explains how the application handles your data.

Data Collection

mcp-linkedin does not collect, store, or transmit any personal data to third parties. Specifically:

• No analytics or telemetry
• No tracking cookies
• No data sent to our servers beyond what is required for OAuth authentication
• No user activity logging

OAuth Authentication

To connect to LinkedIn, the application uses LinkedIn's OAuth 2.0 flow:

• Your LinkedIn credentials are entered directly on LinkedIn's website, never in our application
• An OAuth relay server (linkedin-oauth-relay.fly.dev) facilitates the token exchange. This server does not store tokens or any user data
• Access tokens are stored locally in your operating system's secure keychain (macOS Keychain, Windows Credential Manager, or Linux Secret Service)
• Tokens are never written to plain text files or transmitted to any third party

macOS Keychain Prompt

On macOS, after completing the LinkedIn OAuth flow you will see a system dialog:

"node" wants to use your confidential information stored in "mcp-linkedin" in your keychain.
To allow this, enter the "login" keychain password.

This is expected and safe. Here is what is happening:

• mcp-linkedin stores your LinkedIn OAuth token in your operating system's secure keychain, not in a plain text file
• macOS requires your login password to authorize node (the runtime that runs mcp-linkedin) to read or write that keychain entry
• This is the same prompt you see when any application accesses saved passwords in Keychain Access
• Your Mac password is handled entirely by macOS and is never seen or stored by mcp-linkedin
• You can verify this by opening Keychain Access.app and searching for "mcp-linkedin" to see the stored entry

On Windows and Linux, equivalent secure credential storage is used (Windows Credential Manager and libsecret/Secret Service, respectively) with their own system prompts.

LinkedIn API Access

The application requests the w_member_social scope, which allows:

• Creating, editing, and deleting your LinkedIn posts
• Adding comments and reactions to posts
• Retrieving your recent posts
• Accessing your basic profile information

All API calls are made directly from your local machine to LinkedIn's servers. No content passes through our infrastructure.

Scheduled Posts

If you use the post scheduling feature, scheduled post data is stored in a local SQLite database on your machine. This data never leaves your device.

Data Storage Summary

• OAuth tokens: OS keychain (local)
• Scheduled posts: SQLite database (local)
• Post content: Sent directly to LinkedIn API (local to LinkedIn)
• On our servers: Nothing

Open Source

The complete source code is available at github.com/ldraney/mcp-linkedin for independent review and audit.

Third-Party Services

• LinkedIn API - Subject to LinkedIn's Privacy Policy
• Fly.io - Hosts the OAuth relay server. Subject to Fly.io's Privacy Policy

Changes

Any changes to this policy will be reflected in this page and in the project's Git history.

Contact

For questions about this privacy policy, please open an issue at github.com/ldraney/mcp-linkedin/issues.