Skip to main content
Thought Leaderboard
PrivacyVol. 1 · June 2026

Privacy Policy

Last updated: June 1, 2026

This Privacy Policy explains how Thought Leaderboard (“we,” “us”) collects, uses, and discloses information when you visit thoughtleaderboard.org and use its features.

Thought Leaderboard is published by HoneyWired LLC, a Chicago, Illinois company. For the purposes of the EU and UK GDPR, the CCPA, and other applicable data-protection laws, HoneyWired LLC is the data controller for personal information processed through thoughtleaderboard.org.

What we collect

We collect the minimum information required to operate the publication.

Information you provide

When you submit yourself for audit or request removal, we collect:

  • The LinkedIn profile URL you submitted
  • Your email address (for confirmation and editorial follow-up)
  • Any notes you include

Information from Sign in with LinkedIn

If you choose to sign in with LinkedIn, we receive and store the information LinkedIn returns under the OpenID Connect standard:

  • Your name
  • Your email address
  • Your profile photo URL
  • An opaque LinkedIn member identifier (the OIDC sub claim)

We do not receive your post history, follower count, connections, or audience demographics.

LinkedIn-hosted profile photo URLs expire over time. Each subsequent sign-in refreshes your stored URL with the current one LinkedIn returns, so a long-dormant link doesn’t persist.

Information from rescore requests

If you are a verified profile owner and request a rescore via your account dashboard, we record:

  • The leader profile the request is for
  • Your verified LinkedIn user id and email (for editor follow-up)
  • The request timestamp and status (open or resolved)

A request is automatically marked resolved when the editor saves new scores for that profile.

Profile claim records

When a verified profile owner claims their leader profile — linking their LinkedIn-authenticated account to a profile already on the board — we record the link between your user account and the claimed leader. This allows the dashboard to display your profile, accept rescore and removal requests authenticated to you, and prevent unauthorized removal of your profile by third parties.

Information about editorially curated profiles

For profiles featured under editorial curation — public-figure posters added at the editor’s discretion — the editor draws on publicly visible LinkedIn content only: the leader’s name and headline, the public profile URL, the public profile photo URL, and the URLs of public posts cited on the scorecard. We do not scrape, copy, or store post content; citations are URLs only.

Profile photos for curated leaders are linked, not copied. The image displayed on the scorecard is loaded from the LinkedIn-hosted URL at the time the page is viewed; we do not host or cache the image file itself. LinkedIn-hosted URLs may expire over time, at which point the scorecard falls back to an initials placeholder. A curated leader may request removal at any time at the removal page.

Cookies and session data

We use a session cookie set by our authentication provider (Supabase Auth) to keep you signed in while you use the site. This is a strictly necessary cookie and is removed when you sign out. We do not use advertising cookies or third-party tracking pixels.

How we use information

  • To operate the publication, including reviewing and publishing submissions
  • To contact you about your submission, removal, or rescore request
  • To verify ownership when handling removal and rescore requests
  • To generate the editorial scoring of leaders featured on the site
  • To send transactional emails (submission confirmations, scorecard-live notifications, rescore-request alerts to the editor, removal-request acknowledgments)

We do not sell information. We do not share it for marketing.

Who we share information with

We use the following service providers (“data processors”) to operate the publication. Each is bound by their own privacy practices:

  • Vercel — hosting
  • Supabase — database and authentication
  • LinkedIn — only at the moment you initiate Sign in with LinkedIn
  • Anthropic — when the editor uses AI assistance to draft initial editorial scores from publicly visible post content. The leader’s LinkedIn URLs and the editor’s prose context are sent; no submitter or signed-in user data is sent. The editor human-reviews every score before publication
  • Resend — sends transactional emails (submission confirmations, scorecard-live notifications, rescore-request alerts to the editor, removal-request alerts)
  • Vercel Analytics — cookieless, aggregate visitor analytics. No personal identifiers, no cross-site tracking
  • Substack — only if you separately subscribe to the newsletter, in which case your email is sent to Substack directly via their subscription flow

We may also disclose information when required by law or to protect our rights.

How long we keep information

We retain information for as long as your associated profile remains on the leaderboard. When you request removal, we soft-delete your profile and retain the underlying records only as required for legal record-keeping.

Your rights

  • Request removal of your profile at any time via the removal page
  • Request access to or correction of your data by emailing the contact below
  • Sign out at any time via your account dashboard

EU and UK residents have additional rights under the GDPR including data portability and the right to lodge a complaint with a supervisory authority.

California residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) give you the following rights regarding your personal information:

  • The right to know what personal information we have collected about you
  • The right to delete personal information we hold about you
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of personal information
  • The right to non-discrimination for exercising these rights

We do not sell personal information and we do not share it for cross-context behavioral advertising. To exercise any of these rights, contact us at the privacy address below.

Legal basis for processing (EU and UK)

Where the EU or UK General Data Protection Regulation applies, we process personal information on the following lawful bases:

  • Legitimate interests (Art. 6(1)(f)) — editorial commentary on the publicly visible posting behavior of public figures is a legitimate interest of the publication, balanced against the data subject’s right to one-click removal at any time
  • Consent (Art. 6(1)(a)) — when you sign in with LinkedIn, submit yourself for audit, or subscribe to the newsletter
  • Legal obligation (Art. 6(1)(c)) — where applicable law requires us to retain records

Children

This site is not intended for users under 18. We do not knowingly collect information from minors. If you believe we have, contact us and we will remove it.

Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent revision.

Contact

For privacy questions, removal requests outside the standard flow, or to exercise any of the rights described above:

privacy@thoughtleaderboard.org

For DMCA or copyright takedown requests:

dmca@thoughtleaderboard.org