Sign in

Privacy Policy

Last updated: 2026-06-05

This Privacy Policy explains what data linksync collects, how we use it, and what rights you have. linksync is a link-in-bio service for affiliate creators: a public profile page that hosts your social handles, featured links, products, and discount codes.

Information we collect

Information you provide directly

  • Account information: email address, username, display name, bio, avatar image, and authentication credentials.
  • Page content you publish: featured links, product cards, product images, discount codes, social-platform handles, and page background (color, gradient, image, or video).
  • Billing information when you subscribe to a paid plan: name, billing address, and payment method. Card details are entered directly into Stripe and never touch our servers.
  • Communications with our support team (the contents of any email you send to hilma@linksync.me).
  • Optional onboarding survey responses if you choose to answer them.

Information collected automatically

  • Aggregated, non-identifying analytics for the pages you host: page views, link clicks, and the visitor’s country derived from the request IP at request time. We do not store the visitor’s IP address.
  • For affiliate-click tracking, we record a deduplication hash so a repeat visitor is not double-counted. The hash cannot be reversed to recover the IP.
  • Server and error logs containing technical metadata (timestamps, status codes, paths) used to keep the service running and to diagnose incidents. These rotate on a short schedule.
  • Cookies strictly necessary for authentication and to remember session state. See Cookies below.

How we use your information

  • Service delivery. Host your public bio page, render the links and products you publish, and route visitor clicks to their destinations.
  • Account management. Authenticate you, recover access, enforce plan limits, and store your editor preferences.
  • Creator analytics. Show you aggregated performance for your page: views, clicks, and countries within the window your plan exposes.
  • Customer support. Respond to your questions and help you fix issues.
  • Service improvement. Diagnose bugs, improve performance, and design new features. Aggregated, never tied back to identifiable user-level data without a legitimate need.
  • Security. Detect and prevent abuse, fraud, and credential stuffing; investigate reports submitted via the Report page.
  • Billing. Process subscription payments and reconcile invoices through Stripe.
  • Legal compliance. Meet obligations under applicable law and respond to lawful requests from authorities.
  • Communication. Send transactional emails about your account or page (e.g. broken-link alerts, billing receipts). We do not send marketing email without your opt-in.

Data retention

  • Account information. Kept while your account is active. Deleted on account closure except as noted below.
  • Page content (links, products, images, background). Kept while your account is active. Uploaded media is removed from storage when you delete the corresponding item from the editor.
  • Click and view analytics. Retained for the analytics window your plan exposes (7 days on Free, longer on Pro). Aggregated counters may persist beyond that window for plan metering and to power your dashboard summaries.
  • Server and error logs. Rotated regularly; not retained long-term.
  • Billing information. Retained as long as required by tax and accounting law (typically 6 to 10 years depending on jurisdiction). Card details are stored by Stripe, not by us.
  • Username history. When you rename your profile, we retain a mapping from your previous username to your account so old bookmarks redirect to your new URL. You can request removal of this mapping.

Subprocessors

We do not sell personal data. To run the service we rely on the following processors, each contractually bound to confidentiality and appropriate security:

  • Supabase: database, authentication, and Storage buckets for avatars.
  • AWS S3 and CloudFront: storage and delivery of background images and videos.
  • AWS SES: outbound transactional email (broken-link alerts, support correspondence).
  • Stripe: subscription billing and payment processing for Pro plans.
  • Vercel: hosting and edge delivery of the application.
  • Upstash QStash: scheduling background jobs such as the link-health checker.

Data security

We use industry-standard safeguards: HTTPS in transit, encrypted storage at rest with our subprocessors, row-level security on application data, and least-privilege credentials for server access. No system is perfectly secure; if we ever become aware of an incident affecting your data, we will notify you in line with applicable law.

Your rights and data deletion

Depending on where you live you may have rights to access, correct, export, restrict, or delete your personal data. You can exercise most of these directly from the editor: edit your account fields, swap or remove images, and delete links. To delete your account and all associated data, email hilma@linksync.me from the address on file. We will action verified requests within 30 days.

What we can delete

  • Your account record, profile fields, and avatar.
  • Links, products, images, and backgrounds you have published.
  • Analytics tied to your profile.
  • Optional onboarding survey responses.

What we cannot delete

  • Billing records required by tax and accounting law.
  • Records we are legally required to retain (e.g. to respond to law-enforcement orders or to defend legal claims).
  • Backups containing your data, until they expire on their normal rotation.
  • Aggregated analytics that no longer identify you.

Payment information

Subscription payments are processed by Stripe. We receive a customer ID and a subscription status from Stripe; we do not receive or store card numbers, CVV codes, or full expiration data. See Stripe’s privacy notice for how they handle payment data.

Cookies

We use first-party cookies strictly necessary for authentication and to remember session state across page loads. We do not use third-party advertising or cross-site tracking cookies on public bio pages. Some browsers may report a small analytics beacon on bio pages used to count views and clicks: this beacon does not set tracking cookies and does not collect identifying information about the visitor.

Children

linksync is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, email hilma@linksync.me and we will delete it.

International transfers

Our subprocessors operate from data centers in the United States and the European Union. By using linksync you understand that your data may be transferred to and processed in jurisdictions other than your own, subject to appropriate safeguards required by applicable law.

Changes to this policy

We may update this policy from time to time. Material changes will be announced in the editor or by email. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the service after a revision constitutes acceptance of the updated policy.

Contact

linksync is operated by Night Tech Oy, Y-tunnus 3617980-7, which acts as the data controller for personal data processed through the service. Email hilma@linksync.me for any privacy question or data request.