Privacy Policy

Last updated: March 27, 2026

1. Introduction

Links ("we", "our", or "us") operates this platform to provide link-in-bio pages, URL shortening, QR code generation, and analytics services. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.

2. Information We Collect

Account information: When you register, we collect your name and email address. Your password is hashed using bcrypt and never stored in plain text.

Usage data: When visitors view your hub pages, click your short links, or scan your QR codes, we record anonymized event data including: timestamp, event type, referrer URL, user-agent string, and UTM parameters. We do not store IP addresses in analytics events.

Technical data: We collect server logs for security and reliability purposes. These logs are retained for 30 days and include IP addresses, request paths, and response codes.

3. How We Use Your Information

  • To operate and maintain your account and organization
  • To provide analytics about your content and audience
  • To send transactional emails (invitation notices, password resets)
  • To detect and prevent abuse, fraud, and security incidents
  • To improve our services based on aggregate usage patterns

We do not sell your personal data to third parties. We do not use your data for advertising.

4. Data Retention

Analytics event data is retained according to your plan: 30 days (Free), 90 days (Creator), 365 days (Pro), or indefinitely (Agency). You may request deletion of your account and all associated data at any time by contacting us.

5. Cookies

We use a single session cookie to maintain your authenticated session. We do not use tracking cookies, advertising cookies, or third-party analytics scripts.

6. Data Sharing

We share your data with the following third-party processors only as necessary to operate the service:

  • SendGrid — for transactional email delivery
  • Microsoft Azure / SQL Server — for database hosting

These processors are contractually bound to handle your data only as directed by us.

7. Your Rights

Depending on your jurisdiction, you may have the right to: access a copy of your data, correct inaccurate data, request deletion of your data, or object to processing. To exercise any of these rights, contact us at the address below.

8. Security

We use HTTPS for all data in transit, bcrypt for password hashing, and HMAC-SHA256 for webhook signing. Access to production systems is limited to authorized personnel. We conduct regular security reviews.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered account holders. Continued use of the service after notice constitutes acceptance of the updated policy.

10. Contact

For privacy-related inquiries, please contact us at privacy@links.app.