Privacy Policy for Linkie.to

1. Who We Are

The Data Controller (the entity responsible for your personal data) is Linkie.to, registered in Croatia.

If you have any questions about this policy or your data protection rights, please contact us at support@linkie.to.

2. Information We Collect

We collect different types of information depending on whether you are a user creating a profile ("Creator") or a visitor to a Creator's profile ("Visitor").

A. Information You Provide to Us (Creators)

Account Information: When you register for an account, we collect your email address to create and manage your account, communicate with you, and send you service-related updates.

B. Information We Collect Automatically (Visitors & Creators)

When you access the Service (either as a Creator or as a Visitor viewing a profile), our servers automatically collect certain information. To protect your privacy, we take steps to anonymize this data where possible.

Visitor Analytics: We collect anonymized or pseudonymized data from Visitors to provide analytics to our Creators. This includes:

• Hashed (anonymized) IP address
• Referring website ("Referrer")
• Operating System (e.g., Windows, macOS)
• Browser type (e.g., Chrome, Safari)
• Location data (country and city, as provided by our hosting service, Vercel)

This data is aggregated and presented to Creators in an anonymized format (e.g., "200 clicks from Germany").

Data Retention: We retain analytics data for a period of 365 days (1 year). After this period, analytics events are automatically deleted from our systems. This retention period allows Creators to analyze trends and performance over time while ensuring we do not retain data longer than necessary.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Maintain the Service: To create your account, display your profile, and provide core functionality.
• To Process Payments: To manage "Pro" subscriptions, including billing and refunds, using our payment processor.
• To Communicate with You: To send transactional emails (like password resets or payment receipts) and service updates.
• To Provide Analytics: To offer aggregated and anonymized analytics to our Creators about their profile traffic.
• To Improve Our Service: To understand how users interact with our site, diagnose technical problems, and enhance security.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Performance of a Contract: We process your email address (Creator) and payment details (Pro Creator) to fulfill our contract with you (i.e., provide the Service you signed up for).
• Legitimate Interest: We process anonymized visitor data for analytics and security purposes, which is a legitimate interest for both us (to improve our service) and our Creators (to understand their audience).

5. Third-Party Services (Our Sub-processors)

We do not sell, rent, or trade your personal information. We only share data with trusted third-party services (known as "sub-processors") who help us operate our Service:

• Stripe: To process payments for our "Pro" subscriptions. We do not store your full credit card details.
• Google Analytics: To help us understand website traffic and usage patterns. This service requires your consent via our cookie banner.
• PostHog: To collect product analytics and understand user behavior (e.g., feature usage, page interactions, session recordings). PostHog processes anonymized usage data including page views, clicks, device type, browser, and location data. This service requires your consent via our cookie banner.
• Vercel: To host our website and application. Vercel may collect location and device data to provide the service.
• Mailgun: To send transactional emails (e.g., password resets, welcome emails, and invoices).

Google OAuth Integration: When you connect your Google account to use our Google Sheets integration, we use Google OAuth 2.0 to securely authenticate and access only the specific Google Sheets data you authorize. We request minimal permissions necessary for the integration to function (specifically, access to create and update spreadsheets that you explicitly configure).

7. International Data Transfers

Some of our third-party service providers are located outside the European Economic Area (EEA), which means your personal data may be transferred to countries that do not provide the same level of data protection as EU law.

We ensure that such transfers comply with applicable data protection laws through appropriate safeguards:

• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with service providers located outside the EEA (including Stripe, PostHog, and Google Analytics in the United States).
• Adequacy Decisions: Where available, we rely on European Commission adequacy decisions for countries deemed to provide adequate data protection.
• Encryption and Security: All data transferred internationally is encrypted in transit using TLS protocols.

For more information about international data transfers and the safeguards we use, please contact us at support@linkie.to.

8. Data Security and Protection Mechanisms

We implement industry-standard security measures to protect your personal information, including data obtained through third-party integrations:

• Encryption at Rest: OAuth tokens and access credentials for third-party integrations (such as Google OAuth tokens) are encrypted using AES-256-GCM encryption before being stored in our database. This ensures that even if our database is compromised, your authentication tokens remain protected.
• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security) protocols.
• Secure Token Storage: Google OAuth access tokens and refresh tokens are stored in an encrypted format using authenticated encryption (AES-256-GCM), which provides both confidentiality and integrity protection.
• Minimal Scope Access: When you connect your Google account, we request only the minimum permissions necessary for the Google Sheets integration to function. We do not request access to your entire Google Drive or other Google services beyond what is explicitly needed.
• Access Controls: Only authorized system processes can decrypt and use stored OAuth tokens, and access is logged for security auditing purposes.
• Regular Security Audits: We conduct regular security reviews and updates to ensure our data protection mechanisms remain effective against emerging threats.

If you have questions about our security practices or wish to report a security concern, please contact us at support@linkie.to.

9. Cookies and Tracking

We use cookies for two purposes:

• Essential Cookies: These are necessary for the website to function (e.g., to keep you logged into your account). These cookies do not require your consent.
• Analytics Cookies: These help us understand how users interact with our site so we can improve it. We use Google Analytics and PostHog for analytics tracking. These services may set cookies and collect usage data including page views, clicks, session duration, device information, and browser type.

Cookie Consent: You will be given the option to accept or reject non-essential cookies (Analytics and Marketing) via a cookie banner when you first visit our site. You can change your cookie preferences at any time. Analytics tracking (including Google Analytics and PostHog) will only be active if you have consented to Analytics cookies.

Do Not Track (DNT): We respect the Do Not Track browser setting. If you have DNT enabled, we will not load third-party analytics scripts.

10. Your Data Rights under GDPR

As we are based in the EU, you have specific rights regarding your personal data:

• The Right to Access: You can request copies of your personal data.
• The Right to Rectification: You can request that we correct any information you believe is inaccurate.
• The Right to Erasure (Deletion): You can delete your account and associated personal data at any time from your Account Settings page. You can also request erasure by contacting us.
• The Right to Restrict Processing: You have the right to request that we restrict the processing of your data under certain conditions.
• The Right to Object to Processing: You have the right to object to our processing of your data based on legitimate interest.
• The Right to Data Portability: You can request that we transfer the data we have collected to another organization, or directly to you.

To exercise any of these rights, please contact us at support@linkie.to.

11. Data Deletion

You can permanently delete your Linkie.to account and all associated personal data directly from your "Account Settings" panel.

12. Children's Privacy

Our Service is not intended for or directed at children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children.

13. Right to Lodge a Complaint

If you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority. In Croatia, this is the Croatian Personal Data Protection Agency (AZOP).

14. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to request information about the personal data we collect, use, disclose, and sell.
• Right to Delete: You have the right to request deletion of your personal data.
• Right to Opt-Out of Sale: You have the right to opt out of the "sale" of your personal information. Under CCPA, sharing data with third-party analytics services (like Google Analytics, Facebook Pixel, and PostHog) may constitute a "sale." You can exercise this right by visiting our Do Not Sell My Personal Information page.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your rights, please contact us at support@linkie.to or visit our Do Not Sell page.

15. Changes to This Privacy Policy

We may update this policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

16. Contact Us

If you have any questions, please contact us at support@linkie.to.