Privacy Policy
Effective Date: January 1, 2026
Last Updated: March 04, 2026
Table of Contents
- Information We Collect
- How We Use Your Information
- Information Sharing and Disclosure
- Data Retention
- Data Security
- Your Rights and Choices
- Cookies and Tracking Technologies
- Third-Party Services
- International Data Transfers
- Children's Privacy
- California Privacy Rights (CCPA)
- European Privacy Rights (GDPR)
- Changes to This Policy
- Contact Us
1. Information We Collect
1.1 Information You Provide Directly
When you register for an account or use our Service, you may provide:
| Category | Data Types | Purpose |
|---|---|---|
| Account Information | Name, email address, password (hashed), company name (optional) | Account creation and authentication |
| Profile Information | Phone number (for 2FA), profile picture, job title | Account security and personalization |
| Payment Information | Billing address, payment method details (processed by third-party providers) | Processing payments for paid features |
| Content You Create | URLs, custom aliases, campaign names, brand profiles, QR codes | Providing the core Service functionality |
| Communications | Support tickets, feedback, survey responses | Customer support and service improvement |
1.2 Information Collected Automatically
When you or others interact with our Service, we automatically collect:
Link Click Analytics (for links you create):
- IP Address: Used to determine geographic location, then anonymized/truncated
- Geographic Location: Country, region, and city (derived from IP)
- Device Information: Device type (mobile, desktop, tablet), operating system
- Browser Information: Browser type and version
- Referrer URL: The website that directed the visitor to your link
- Timestamp: Date and time of the click
- User Agent: Technical string identifying the browser/device
Service Usage Data:
- Login timestamps and IP addresses
- Features accessed and actions performed
- Error logs and performance data
- API usage metrics (for API users)
1.3 Information from Third Parties
We may receive information from:
- OAuth Providers: If you sign in with Google or Microsoft, we receive your name, email, and profile picture
- Payment Processors: Transaction confirmation and billing information
- Abuse Reporting Services: Information about malicious URLs or security threats
2. How We Use Your Information
2.1 To Provide and Maintain the Service
- Create and manage your account
- Process URL shortening, QR code generation, and link management
- Generate analytics and insights for your links
- Enforce brand compliance rules you configure
- Process payments and manage subscriptions
2.2 To Improve and Develop the Service
- Analyze usage patterns to improve features
- Conduct research and development
- Test new features and functionality
- Fix bugs and resolve technical issues
2.3 To Communicate with You
- Send service-related notifications and updates
- Respond to support requests and inquiries
- Send marketing communications (with your consent)
- Notify you of changes to our terms or policies
2.4 To Ensure Security and Prevent Abuse
- Detect and prevent fraud, spam, and malicious activity
- Monitor for violations of our Terms of Service
- Protect the rights and safety of our users and third parties
- Comply with legal obligations and respond to lawful requests
- Enforce our Acceptable Use Policy and protect brand integrity
2.5 Legal Bases for Processing (GDPR)
For users in the European Economic Area, we process your data based on:
- Contract Performance: Processing necessary to provide the Service you requested
- Legitimate Interests: Analytics, security, fraud prevention, and service improvement
- Consent: Marketing communications and optional features
- Legal Obligation: Compliance with applicable laws
3. Information Sharing and Disclosure
3.1 Service Providers
We share information with trusted third-party vendors who help us operate the Service:
- Cloud Infrastructure: Microsoft Azure, AWS (hosting and data storage)
- Email Services: For transactional and marketing emails
- SMS Providers: Twilio (for two-factor authentication)
- Payment Processors: Stripe, PayPal (payment processing)
- Analytics: For understanding Service usage (aggregated data only)
- Security Services: For fraud detection and abuse prevention
These providers are contractually obligated to protect your information and use it only for the purposes we specify.
3.2 Legal Requirements and Law Enforcement
We may disclose your information when we believe in good faith that disclosure is necessary to:
- Comply with applicable laws, regulations, or legal processes
- Respond to lawful requests from government authorities
- Enforce our Terms of Service and other agreements
- Protect our rights, property, or safety, or that of our users or the public
- Detect, prevent, or address fraud, security, or technical issues
- Respond to an emergency involving danger of death or serious physical injury
3.3 Business Transfers
If Link-Lytics is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or uses of your personal information.
3.4 With Your Consent
We may share your information with third parties when you explicitly consent to such sharing.
3.5 Aggregated or De-identified Data
We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, marketing, analytics, and other purposes.
4. Data Retention
We retain your information for as long as necessary to fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account Information | Duration of account plus 30 days after deletion request |
| Link Analytics Data | Up to 2 years (730 days) from collection, configurable per account |
| Shortened URLs | Until deleted by user or account termination |
| Payment Records | 7 years (for tax and legal compliance) |
| Security Logs | 1 year |
| Support Communications | 3 years from last interaction |
After these periods, we securely delete or anonymize your information. We may retain certain information longer if required by law or for legitimate business purposes (e.g., dispute resolution, enforcing agreements).
5. Data Security
We implement industry-standard technical and organizational measures to protect your information:
Encryption
- TLS 1.2+ encryption for data in transit
- AES-256 encryption for sensitive data at rest
- Secure password hashing (bcrypt/Argon2)
Access Controls
- Role-based access control (RBAC)
- Multi-factor authentication for staff
- Principle of least privilege
Monitoring
- 24/7 security monitoring
- Intrusion detection systems
- Regular security audits
Infrastructure
- SOC 2 compliant data centers
- Regular backups and disaster recovery
- Network segmentation and firewalls
Security Incident Response
In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.
6. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
| Right | Description |
|---|---|
| Access | Request a copy of the personal information we hold about you |
| Correction | Request correction of inaccurate or incomplete information |
| Deletion | Request deletion of your personal information (subject to legal retention requirements) |
| Portability | Request your data in a structured, machine-readable format |
| Restriction | Request that we limit how we use your information |
| Objection | Object to processing based on legitimate interests |
| Withdraw Consent | Withdraw consent for processing where consent was the legal basis |
How to Exercise Your Rights
To exercise these rights, you can:
- Update your account settings directly in your dashboard
- Email us at support@link-lytics.com
- Use our Contact Form
We will respond to your request within 30 days (or sooner if required by law). We may need to verify your identity before processing your request.
Communication Preferences
- Marketing Emails: Unsubscribe via the link in any marketing email or update your preferences in account settings
- Service Notifications: These cannot be disabled while your account is active (required for Service operation)
7. Cookies and Tracking Technologies
7.1 Types of Cookies We Use
| Category | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, session management | Session / 30 days |
| Functional | Remember preferences, language, theme settings | 1 year |
| Analytics | Understand how users interact with the Service | 2 years |
| Performance | Monitor Service performance and errors | 1 year |
7.2 Managing Cookies
You can control cookies through:
- Browser Settings: Most browsers allow you to block or delete cookies
- Cookie Preferences: Use our cookie consent banner to manage preferences
- Do Not Track: We honor Do Not Track signals where technically feasible
Note: Disabling essential cookies may prevent you from using certain features of the Service.
7.3 Link Click Tracking
When someone clicks on a shortened link you create, we collect analytics data as described in Section 1.2. This tracking is essential to provide you with link analytics and cannot be disabled. Link visitors are not tracked across different links or websites.
8. Third-Party Services
Our Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to:
- Websites or services linked to through shortened URLs you or others create
- Third-party authentication providers (Google, Microsoft)
- Third-party analytics or advertising services
- Payment processors
We encourage you to review the privacy policies of any third-party services you access. We are not responsible for the privacy practices of third parties.
9. International Data Transfers
Link-Lytics is based in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our servers or service providers are located.
We ensure appropriate safeguards for international transfers through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all service providers
- Compliance with the EU-U.S. Data Privacy Framework (where applicable)
- Adequate security measures regardless of data location
10. Children's Privacy
Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@link-lytics.com.
If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.
11. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Your California Privacy Rights
- Right to Know: Request disclosure of the categories and specific pieces of personal information we collected
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising
- Right to Limit Use of Sensitive Information: We only use sensitive information for purposes permitted by law
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Categories of Information Collected
In the past 12 months, we have collected the following categories of personal information:
- Identifiers (name, email, IP address)
- Commercial information (transaction history, subscription details)
- Internet activity (browsing history, click data, Service usage)
- Geolocation data (derived from IP address)
- Professional information (company name, job title)
Exercising Your Rights
California residents can submit requests by:
- Emailing support@link-lytics.com
- Using our Contact Form
We will verify your identity before processing your request. You may designate an authorized agent to make requests on your behalf.
12. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
Your GDPR Rights
- All rights listed in Section 6 (Access, Correction, Deletion, Portability, Restriction, Objection)
- Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time
Data Controller
Link-Lytics is the data controller responsible for your personal information. For GDPR-related inquiries, contact our Data Protection team at support@link-lytics.com.
Legal Bases for Processing
We process your personal data based on:
- Contract: Processing necessary to provide the Service you requested
- Legitimate Interests: Security, fraud prevention, service improvement, and analytics
- Consent: Marketing communications and optional features
- Legal Obligation: Compliance with applicable laws
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top of this page
- For material changes, we will notify you via email and/or prominent notice on the Service
- We will obtain your consent where required by law
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: