Security & account safety

Safety as a product layer, not a marketing claim.

Most LinkedIn automation tools tell you they're "100% safe." That's a vibe, not a guarantee. This page walks through what we actually do to protect connected accounts, the infrastructure we run on, and the technical brief we'll share with prospective customers under NDA.

Request security brief See the pillars

Last reviewed 21 May 2026·Refreshed quarterly·UK-hosted

The four pillars

What every connected account gets, by default.

No tiers, no add-ons. The same four protections apply on the £39 Starter plan as on Enterprise. Safety is not the upsell.

Pillar 01

Dedicated proxies per account

Each LinkedIn account gets its own residential proxy IP, geo-matched to the account holder. Never shared between customers. Never shared between your own accounts. Never rotated.

Pillar 02

Behaviour-randomised actions

Send windows, micro-delays between actions, session gaps, and end-of-day tapers, all randomised to mirror real user behaviour in the account holder's timezone. No 9:00:00.000 sends.

Pillar 03

Account-aware throttling

LinkedIn's weekly invitation ceiling is dynamic and per-account — typically between 80 and 200. Badgr reads each account's individual ceiling from observed throttle signals and stays under it automatically.

Pillar 04

Hard kill-switch on verification

The moment LinkedIn shows a security verification (captcha, phone code, ID check), the account halts. No retries, ever. You complete verification in LinkedIn directly; Badgr resumes from where it paused. Other accounts in the same workspace are unaffected.

The full technical detail — proxy provider, exact throttle thresholds, our own restriction rate vs the industry — is in our security brief. We share it with prospective customers under a one-page NDA.

Request the brief →

Infrastructure & data handling.

The plumbing under the product — where it runs, what it stores, who can read it.

Hosting

UK-hosted infrastructure

Production runs on UK-region cloud infrastructure. Backups stay in-region. No US data transfers for EU/UK customer data.

Encryption

Encrypted at rest and in transit

All customer data, including LinkedIn session tokens, is encrypted at rest with AES-256. All transport is TLS 1.3 with HSTS.

GDPR

GDPR-aligned by default

Standard DPA available on request. Data deletion is honoured within 30 days. We don't sell, share, or resell customer data — full stop.

Access

Least-privilege access

Production access is restricted to two named engineers. Every production read is logged. Sensitive operations require two-person sign-off.

Credentials

LinkedIn credentials never stored

We use OAuth-style session tokens, refreshed on rotation. Your LinkedIn password never touches our servers. If you change it, the session is invalidated automatically.

Audit

Action log per account

Every automated action on a connected account is recorded with timestamp, source, and outcome. Exportable as CSV from the dashboard. Useful when a client asks "what did you do on my account this week?"

What we deliberately don't do.

Operational decisions that are sometimes more revealing than features.

  • We don't share proxy IPs across customers. Even on the cheapest tier. Pool proxies are the single biggest cause of multi-account restrictions; we won't ship that pattern.
  • We don't retry on verification prompts. If LinkedIn shows a captcha, we stop. Retry-on-fail compounds the signal that the account is bot-driven and pushes accounts into restriction faster.
  • We don't sell or share customer data. Not aggregated, not anonymised, not "shared with trusted partners." Outbound data goes nowhere except into your own dashboard and exports.
  • We don't bury safety behind upsells. Dedicated proxies, throttling, behaviour randomisation, and the kill-switch are on every paid tier — not gated to Enterprise.
  • We don't claim a restriction rate we can't yet verify. Ask us again in six months when we have a year of operational data across hundreds of accounts. Until then, the honest answer is "we believe the architecture is sound; the evidence is still being built."

Security brief

Request the full technical brief.

A four-page PDF for prospective customers: proxy provider, exact throttle parameters, action-log schema, incident response procedure, and our current restriction rate (per account, per month) where we have data to share.

  • Standard DPA included
  • One-page mutual NDA on request
  • Reply from a real human within one working day

Sent within one working day. We don't add you to any mailing list.

Trial it on a low-stakes account first.

The fastest way to evaluate safety is to connect a single account, run a small campaign for two weeks, and watch the action log. Trial is 14 days, no card.

Start free trial See pricing