If you're asking is scraping LinkedIn legal in 2026, here's the short answer: public scraping is not automatically criminal after hiQ, but building a business on LinkedIn data is still not safe. Those are different statements. I learned that the expensive way. I was sued by LinkedIn. Proxycurl and I have since settled.
Just because it is legal doesn't mean that LinkedIn won't have any recourse. The TOS are a contract and if they can prove damages because Apollo and Seamless violated that contract they may have a claim against them.
That commenter got to the point faster than most lawyers do. That is the whole article.
A practical audit checklist for browser extensions, vendors, databases, model training, backups, and customer exposure.
Download now →
TL;DR
| Factor | Public scraping after hiQ | Buying from a broker | Building on LinkedIn-derived data | Winner |
|---|---|---|---|---|
| Criminal exposure | ⭐⭐⭐⭐☆ | ⭐⭐⭐⭐☆ | ⭐⭐⭐⭐☆ | Tie |
| Contract safety | ⭐☆☆☆☆ | ☆☆☆☆☆ | ☆☆☆☆☆ | None |
| Civil lawsuit risk | ⭐⭐☆☆☆ | ⭐☆☆☆☆ | ☆☆☆☆☆ | Public scraping, narrowly |
| Business durability | ☆☆☆☆☆ | ☆☆☆☆☆ | ☆☆☆☆☆ | None |
| Discovery survivability | ⭐☆☆☆☆ | ⭐☆☆☆☆ | ☆☆☆☆☆ | Barely public scraping |
| Long-term founder sanity | ☆☆☆☆☆ | ☆☆☆☆☆ | ☆☆☆☆☆ | None |
| Overall score | 1.86/5 | 1.14/5 | 0.71/5 | Do not build here |
My actual answer to is scraping LinkedIn legal in 2026 is this:
- Narrow legal answer: scraping public LinkedIn pages is not automatically criminal under the CFAA after hiQ.
- Useful operator answer: LinkedIn data is still not safe to build on.
- Buyer answer: buying it from a vendor does not clean the chain of custody.
- Founder answer: the lawsuit risk is not the only problem. Discovery, customer notice, data deletion, and code deletion are the real problem.
Why I'm writing this
I was a named defendant in LinkedIn Corporation v. Nubela Pte. Ltd., Proxycurl LLC, Steven Goh, and Bach Le, filed in the Northern District of California on January 24, 2025, Case No. 3:25-cv-00828.
Proxycurl and I have settled with LinkedIn. I am not going to relitigate the case here. I am also not going to discuss settlement terms beyond that sentence.
What I can do is correct a mistake in how people used my earlier writing.
Back in 2019, I wrote a post called Is LinkedIn Scraping Legal? on the Nubela blog. That post made a narrow legal point about the CFAA and public data. I still think the narrow point was correct. The broader conclusion many people took from it, that LinkedIn data was therefore safe to build on, was not correct.
That distinction matters more in 2026 than it did in 2019.
The reason is simple. Once you are the defendant, the question changes. It stops being "can I win an internet argument about public data" and becomes "what can this plaintiff do to my company before the merits even matter".
That is a different question. It has a different answer.
Legal does not mean safe
People like the question is scraping LinkedIn legal because it sounds binary.
It is not binary.
At a minimum, you need four buckets:
- Criminal law: can the government prosecute you?
- Civil statutory claims: can a private plaintiff sue you under a statute like the CFAA, 18 U.S.C. § 1030(g)?
- Contract claims: did you agree to terms and then violate them?
- Other civil claims: unfair competition, misappropriation, trademark, fraud, and whatever else a plaintiff decides to stack in.
The case people keep citing is hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th 1180 (9th Cir. 2022).
What hiQ actually did was narrower than the folklore around it. It helped on the specific CFAA question around scraping public LinkedIn pages. It did not hold that scraping LinkedIn is generally safe. It did not erase contract claims. It did not erase California state-law claims. It did not tell buyers of LinkedIn-derived data that they were fine.
This is the part I underestimated for too long.
My 2019 post literally said: "You'd still have to be compliant with websites' ToS." That caveat was doing more work than the headline.
Readers remembered the headline. They forgot the caveat. I probably helped that happen.
So if you want the answer in plain English, here it is: public scraping may be outside one narrow theory of criminal or statutory liability, but that does not make your company safe from LinkedIn.
That is the frame I wish I had pushed harder from the start.
The User Agreement catches almost everyone
If you do anything in B2B data, this is the part you should read twice.
Most people talk about "public data" like it ends the discussion. It does not. The contract is where the danger lives.
LinkedIn's complaint said LinkedIn had more than one billion members at the time. If you have a LinkedIn account, had one in the past, or administer a LinkedIn Company Page, there is a good chance you are in contract land already.
And courts enforce click-through contracts all the time. This is not exotic law.
The scraping clause is not the only clause
Most people know there is a scraping clause in LinkedIn's User Agreement.
Section 8.2(2) says you cannot:
"Develop, support or use software, devices, scripts, robots or any other means or processes (such as crawlers, browser plugins and add-ons or any other technology) to scrape or copy the Services..."
Fine. Everyone expects that.
The clause more buyers should care about is Section 8.2(4):
"Copy, use, display or distribute any information (including content) obtained from the Services, whether directly or through third parties (such as search tools or data aggregators or brokers), without the consent of the content owner..."
That language matters. Especially the phrase "whether directly or through third parties ... data aggregators or brokers".
If you are a LinkedIn member and you buy a CSV, enrichment feed, or vendor dataset that contains LinkedIn-derived data, LinkedIn has a contract clause written for that fact pattern.
The data being public does not solve that.
The vendor being a respected vendor does not solve that.
The vendor being outside the US does not solve that.
There are two more clauses worth reading.
Section 8.2(11):
"Rent, lease, loan, trade, sell/re-sell or otherwise monetize the Services or related data or access to the same, without LinkedIn's consent."
Section 8.2(13):
"Use bots or other unauthorized automated methods to access the Services..."
This is not a narrow anti-scraping rule. It is a broad contractual perimeter.
Company Pages pull companies in too
A lot of founders forget this part.
If your company has a LinkedIn Page, the company did not just make a marketing asset. It clicked into a contract too.
LinkedIn's complaint walked through Nubela's and Proxycurl's Company Pages, and pointed out that creating those pages required agreement to LinkedIn's terms. The complaint also used forum-selection language to bring a Singaporean company and a Wyoming LLC into the Northern District of California.
This feels administrative until it doesn't.
Then it is jurisdiction.
Deleting your account does not make this go away
This is the part that usually gets silence.
Section 5 of LinkedIn's User Agreement contains a survival clause. It says sections including 6 and 8.2 survive termination.
Section 8.2 is the whole block that contains the scraping clause, the third-party broker clause, the resale clause, and the bots clause.
Section 6 is the dispute-resolution and governing-law machinery.
So no, you do not get to close your account and pretend the contract never happened.
The restrictions that matter here can outlive the account.
The practical consequence
If you are, or ever were, a LinkedIn member or a Page administrator, and you buy, use, resell, or build on LinkedIn-derived data, LinkedIn has a plausible breach-of-contract story against you.
I am being careful with that wording.
I am not saying every such case wins.
I am saying this is not a posture I would build a business on anymore.
I got logged out of my account and LinkedIn gave me a warning that they detected automation software and I could get banned if it continues. It’s annoying because I wasn’t automating anything but I did delete the Apollo extension asap
That is not a court opinion. It is still useful. It tells you how people experience the lower rungs of enforcement.
What the complaint actually said
There is a point where abstract debate stops being useful.
Reading a complaint with your own name in it will do that.
Six claims at once
LinkedIn's complaint stacked six claims:
- Breach of contract
- Fraud and deceit under California Civil Code §§ 1572 and 1710
- Computer Fraud and Abuse Act
- California Unfair Competition Law under Bus. & Prof. Code § 17200
- Trademark dilution by tarnishment under the Lanham Act
- Misappropriation
This matters for a boring reason.
Even if you think two or three of those are weak, you still have to live with the rest while the case runs.
You do not need to lose every issue for the process to become punishing.
They quoted my own writing back at me
This was probably the cleanest lesson in the whole case.
LinkedIn quoted my own blog post back at me.
Complaint paragraph 60 quoted my old warning that scraping in disregard of terms of service is where things become tricky.
Complaint paragraph 61 quoted my old point that fake accounts used to access otherwise inaccessible data are obvious trouble.
It also quoted: "Clearly fraudulent activities are a big no-no in web scraping."
I wrote those lines as caveats. Litigation turned them into admissions.
That is not unfair. That is just how this works.
If you run a data business and you write publicly about legal boundaries, assume every sentence may come back later in a pleading.
Because it might.
The scary part was the remedy
The part founders should study is not the headline of the complaint. It is the prayer for relief.
Complaint paragraph 121 asked for an order requiring destruction of not just the allegedly scraped LinkedIn data, but also any data that was:
"inferred, aggregated, or synthesized as a result of data wrongfully extracted and copied from LinkedIn's website"
Paragraph 122 asked for destruction of software code and other tools for scraping LinkedIn.
Paragraph 123 asked for customer notification.
That is the piece people skip past too quickly.
If a plaintiff asks for raw data deletion, that is one thing.
If the plaintiff asks for deletion of downstream inferred and aggregated data, that is much worse. Now you are talking about feature stores, model training sets, enrichment outputs, derivative fields, and internal systems built on top of disputed source data.
If you trained a model on LinkedIn-derived data, you do not get to wave your hands and say the weights are spiritually separate from the input.
Maybe you win that argument eventually. Good luck enjoying the trip there.
Discovery is the punishment
This is the part non-lawyers tend to underweight.
The complaint is the public event. Discovery is the expensive event.
Every claim opens another door
Each claim creates another set of things the plaintiff can ask about.
Breach of contract means account creation, acceptance of terms, internal knowledge, use of tools, and downstream use.
CFAA means access patterns, infrastructure, logs, credentials, proxies, and notice.
Trademark means marketing copy, sales collateral, web pages, browser extensions, screenshots, and customer messaging.
Unfair competition and misappropriation can widen everything.
One case becomes several overlapping excavations into how your company actually runs.
What gets opened up
If you have never been through discovery, here is the operator version.
Potentially relevant material can include:
- email hits for terms like
linkedin,scrape,extension,proxy,captcha,sales nav - Slack messages and DMs
- Git history
- Jira tickets
- CI logs
- database schemas
- old backups
- proxy vendor contracts
- CAPTCHA solver invoices
- customer contracts tied to the data
- internal docs discussing data provenance
- browser extension prototypes
- prior entities and side projects run by founders
This is what I mean when I say legal does not mean safe.
You can have a clever merits argument and still be in a terrible business position.
The asymmetry is built in
LinkedIn's complaint was signed by Munger, Tolles & Olson.
That matters.
Large plaintiffs can fund long litigation campaigns. Startups generally cannot. Even profitable ones feel it.
This is not a morality tale. It is arithmetic.
Fight, settle, or default. Those are all bad doors.
The time to decide is before the data enters the building.
Buyers are not bystanders
A lot of buyers still think the vendor absorbs all the risk.
No.
If LinkedIn sues your vendor, you can get subpoenaed. Your diligence file matters. Your procurement emails matter. Your Slack jokes matter. Your model input docs matter.
If your internal posture was basically "we know where this probably came from but let's not ask too many questions", that is not a good position to discover later.
You will get banned, all your accounts, if you continue to bypass, there will be threat of legal action. it’s not sustainable buisness model.
The grammar is rough. The business point is not.
Apollo and Seamless were the warning shot
Not every enforcement step starts with a complaint.
That matters.
Public reporting in 2025 noted that Apollo.io and Seamless.ai had their LinkedIn Company Pages removed. LeadGenius and LiGo both wrote about it as part of a broader crackdown on LinkedIn-adjacent scraping and extension behavior.
I am being careful here. I am sticking to the public reporting and the visible fact pattern.
The useful point is not some definitive claim about their internal conduct. The useful point is that LinkedIn showed it can act unilaterally, publicly, and before any public lawsuit appears.
That means there is an enforcement ladder.
My rough version of the ladder looks like this:
- account restrictions
- automation warnings
- Company Page removals
- cease-and-desist letters
- federal complaint
The point is not that every company will climb every rung in order.
The point is that these rungs are real. We have seen them in the wild.
Apollo & Seamless had their entire company pages deleted from Linkedin yesterday for violating their terms of service by scraping data Edit: Idk if this part is true but their competition is saying users that continue to use these tools’ extensions on Linkedin are risk to get banned from Linkedin. Again - the competition is saying this - not saying it’s true
That quote is useful because it shows market perception in real time. People saw the page removals and immediately started asking a more serious question than "is scraping legal". They started asking what happens to users, extensions, and account risk.
That is the right direction.
There is also a practical point here for operators. If your product depends on goodwill from a platform you are contractually at odds with, that dependency is fragile even before a judge touches the case.
The only safe path I trust now
This is where I changed my mind.
If you are building, using, or scaling with B2B data, I think the only durable answer is this:
Use data that does not have LinkedIn as a source.
Not "mostly not".
Not "we only enrich with it".
Not "we bought it rather than scraped it".
Not "we deleted it later".
None of that is clean enough.
What zero LinkedIn data actually means
When I say zero LinkedIn data, I mean something strict enough to survive diligence and strict enough to survive discovery.
That means:
- no LinkedIn-sourced rows in prod, staging, notebooks, or dev databases
- no LinkedIn URLs, member IDs, or copied fields in code paths
- no LinkedIn content in training sets, evals, prompt corpora, or fine-tunes
- no vendor whose vendor touched LinkedIn
- no Chrome extensions touching
linkedin.com - no internal prototypes that hit LinkedIn and then got "deleted"
- no reachable Git blobs containing LinkedIn-specific scraping code
- no forgotten S3 backups with stale data dumps
This sounds severe.
It is severe.
That is because discovery is severe.
If you want to be able to say under oath that LinkedIn data was never part of the product, then that needs to be true in a boring, literal, systems-engineering sense.
Not in a vibes sense.
Why I'm building NinjaPear this way
This is one reason I am building NinjaPear with a zero-LinkedIn-data posture.
The point is not that I suddenly stopped caring about B2B data. I care about it more than ever.
The point is that I no longer think LinkedIn is a durable substrate for a company.
That is why products like the Customer API, Company Monitor, and Pricing sit on a different posture entirely. The data model has to work without LinkedIn in ingestion, training, enrichment, or internal tooling.
This is not me trying to sneak in a sales pitch.
It is the conclusion the lawsuit forced me to take seriously.
I spent years arguing about legal boundaries. I now care more about whether a company can still exist in 10 years without carrying this particular exposure around.
For me, that answer requires a clean break.
Why I do not keep a LinkedIn profile anymore
I want to be explicit here because people misread this.
Neither NinjaPear nor I maintain a LinkedIn profile now. No member account. No Company Page. No Showcase Page.
The reason is not that we want to scrape LinkedIn. We do not. We will not.
The reason is that if the User Agreement is broad, and its relevant restrictions survive termination, then the lowest-exposure posture is simply not to be a party to that contract anymore.
Some readers will think that is too strict.
Fair enough.
After being named in a complaint, strictness started looking cheaper.
My actual answer
So, one more time, is scraping LinkedIn legal in 2026?
My answer is:
- If you mean criminally illegal under the CFAA, public scraping is not automatically illegal after hiQ.
- If you mean safe to build a business on, no, I do not think it is safe.
- If you mean safe because a vendor sold it to you, also no.
- If you mean safe because you only enriched or modeled on top of it, still no.
That is the biggest thing I changed my mind about.
I used to think the narrow legal answer carried more practical protection than it actually does.
It doesn't.
The question I would ask now is much uglier and much better:
If LinkedIn's lawyers subpoenaed everything tomorrow, what would they find?
If the answer includes uncertain provenance, browser extensions touching LinkedIn, old Git history, model training on LinkedIn-derived features, or vendor contracts you have never really audited, then you have work to do.
Probably this week.
This article is not legal advice. You should talk to your own counsel for your own facts.
But as operator advice, I am comfortable being blunt: do not build your company on LinkedIn data.
Start by auditing what you already have. Then remove what you cannot defend. Then build future systems so this problem does not come back.
Use it to audit extensions, vendors, data provenance, model inputs, backups, and customer notification risk before someone else does it for you.
Download now →
If you are starting from scratch, build on sources that do not route through LinkedIn at all. That is the only answer I trust now.
References
- Nubela, Is LinkedIn Scraping Legal? https://nubela.co/blog/is-linkedin-scraping-legal/
- hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th 1180 (9th Cir. 2022).
- LinkedIn Corporation v. Nubela Pte. Ltd., Proxycurl LLC, Steven Goh, and Bach Le, Case No. 3:25-cv-00828, Complaint (N.D. Cal. Jan. 24, 2025). Matter subsequently settled.
- LinkedIn User Agreement, effective Nov. 20, 2024. https://www.linkedin.com/legal/user-agreement
- LeadGenius, LinkedIn's Crackdown on Data Scrapers: Why Apollo.io and Seamless.ai Were Targeted, and Who's Next https://www.leadgenius.com/resources/linkedins-crackdown-on-data-scrapers-why-apollo-io-and-seamless-ai-were-targeted--and-whos-next
- LiGo, LinkedIn Bans Apollo & Seamless: Major Data Scraping Crackdown https://ligo.ertiqah.com/blog/linkedins-major-crackdown-on-data-scraping-apollo-and-seamless-company-pages-gone
- 18 U.S.C. § 1030(g). https://www.law.cornell.edu/uscode/text/18/1030