Privacy Policy

1. Introduction

Linksy ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Services. Your use of our Services signifies your acceptance of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Email address, password, name (optional)
• Payment Information: Billing email, payment method details (processed securely by Stripe)
• Content Information: Files uploaded, titles, descriptions, preview materials
• Communication: Messages, feedback, support requests you send us

2.2 Information Collected Automatically

• Device Information: Browser type, operating system, device type
• Usage Data: Pages visited, time spent, clicks, downloads
• Log Data: IP address, access timestamps, error logs
• Cookies: Session and analytics cookies (with your consent)

3. How We Use Your Information

We process your personal data only for specific, documented purposes. Where applicable under the General Data Protection Regulation (GDPR), each processing activity is tied to a lawful basis under Article 6.

3.1 Performance of a Contract (GDPR Art. 6(1)(b))

Processing necessary to provide the services you signed up for or purchased:

• Creating and managing your account
• Processing payments and sending transaction confirmations
• Delivering purchased content to buyers (download tokens, access management)
• Responding to support requests and resolving disputes
• Sending service-related notifications (purchase receipts, payout confirmations)

3.2 Legitimate Interests (GDPR Art. 6(1)(f))

Processing we carry out to operate and improve our platform, where our interests do not override your rights:

• Detecting, preventing, and investigating fraud, abuse, and security incidents
• Maintaining audit logs for security and compliance purposes
• Improving and personalizing our Services based on aggregated usage patterns
• Sending transactional communications about significant platform changes

3.3 Consent (GDPR Art. 6(1)(a))

Processing that relies on your freely given, specific, and withdrawable consent:

• Analytics cookies that track how you navigate our website
• Marketing cookies used for advertising purposes
• Promotional emails and newsletters (opt-in only)

You may withdraw consent at any time by updating your cookie preferences or unsubscribing from marketing emails. Withdrawal does not affect processing already carried out.

3.4 Legal Obligation (GDPR Art. 6(1)(c))

Processing required to comply with applicable law:

• Retaining transaction records for tax and accounting compliance (7 years)
• Responding to valid legal requests, court orders, or regulatory obligations

4. Data Sharing & Disclosure

We do not sell your personal information. We share data only in these cases:

• Service Providers: Stripe (payment processing), AWS/Cloudflare (file storage)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In case of merger or acquisition

5. Data Security

We implement industry-standard security measures including encryption, secure authentication, and regular security audits. However, no method of transmission over the Internet is 100% secure.

6. Your Privacy Rights

• Right to Access: Request a copy of the personal data we hold about you
• Right to Data Portability (GDPR Art. 20): Receive your personal data in a structured, commonly used, and machine-readable format (CSV or JSON), and where technically feasible, have it transmitted directly to another controller
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data, subject to legal retention obligations
• Right to Object / Opt-Out: Opt-out of marketing communications or object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, email [email protected]. We will respond within 30 days. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

7. Cookies & Tracking

We use essential cookies for authentication and analytics cookies to understand usage patterns. You can manage your cookie preferences through our cookie consent banner (shown on first visit) or reset them in your account settings.

Cookie Categories

• Necessary Cookies: Required for authentication, security, and basic functionality (cannot be disabled)
• Analytics Cookies: Help us understand how visitors use our website to improve user experience (optional, requires consent)
• Marketing Cookies: Used to track visitor behavior for advertising purposes (optional, requires consent)

Cookieless Analytics (Cloudflare Web Analytics)

We use Cloudflare Web Analytics to measure aggregate page views and traffic patterns. This service operates without cookies and without setting or reading any persistent identifiers on your device. It works by loading a lightweight beacon script (static.cloudflareinsights.com/beacon.min.js) that sends anonymized telemetry data — such as page URL, referrer, approximate country, and browser type — to Cloudflare servers in the United States.

Because no cookies or persistent identifiers are used, this service does not require cookie consent under most interpretations of the ePrivacy Directive. Cloudflare, Inc. participates in the EU–US Data Privacy Framework (DPF) and processes data under Standard Contractual Clauses (SCCs) for transfers outside the EEA. See the Cloudflare Privacy Policy for full details.

8. Third-Party Service Providers (Subprocessors)

We work with trusted third-party service providers to deliver our services. These providers only access your data as necessary to perform their functions and are obligated to protect your information:

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and comply with legal obligations.

Retention Periods

• Account Data: Retained for the duration of your account plus 30 days after deletion request
• Content Files: Deleted immediately upon account deletion or individual content deletion
• Transaction Records: Retained for 7 years for tax, accounting, and legal compliance purposes
• Audit Logs: Retained for 7 years for security and fraud prevention
• Marketing Data: Retained until consent is withdrawn
• Cookies: Session cookies expire when you close your browser; analytics cookies expire after 1 year

After the retention period expires, we will securely delete or anonymize your personal data in accordance with applicable data protection laws.

10. Children's Privacy

Our Services are not directed to children and are intended for users who are at least 13 years of age (or 16 years of age where required by the GDPR, such as in the European Economic Area). We do not knowingly collect personal information from children under these age thresholds.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at [email protected]. We will investigate and, if confirmed, delete that information promptly from our systems in accordance with applicable law, including the Children's Online Privacy Protection Act (COPPA) and GDPR.

If we become aware that we have inadvertently collected personal data from a child below the applicable age threshold, we will take immediate steps to delete the data and, where required, notify the relevant parties.

11. California Residents (CCPA/CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). This section supplements the rest of this Privacy Policy and applies solely to California residents.

11.1 Categories of Personal Information Collected (12-Month Lookback)

In the preceding 12 months, we have collected the following categories of personal information, as defined by the CCPA:

• Identifiers: Name (optional), email address, IP address, device identifiers
• Commercial Information: Transaction history, content purchased or sold, payment amounts
• Internet/Electronic Activity: Pages visited, clicks, download events, session data, browser type
• Financial Information: Billing email and payment method details (processed by Stripe; we do not store full card numbers)
• Geolocation Data: General location inferred from IP address (city/country level only)
• Inferences: Usage patterns derived from the above categories for service improvement

We do not collect sensitive personal information as defined by the CPRA (e.g., Social Security numbers, precise geolocation, health data, racial or ethnic origin) beyond what is necessary for payment processing, which is handled entirely by Stripe.

11.2 Your California Privacy Rights

As a California resident, you have the following rights:

• Right to Know (CCPA § 1798.110): You may request that we disclose the specific pieces and categories of personal information we have collected about you, the sources of that information, our business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete (CCPA § 1798.105): You may request that we delete personal information we have collected from you, subject to certain exceptions (e.g., completing a transaction, legal compliance, security).
• Right to Correct (CPRA § 1798.106): You may request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing (CCPA § 1798.120): We do not sell your personal information for monetary consideration. We also do not share your personal information with third parties for cross-context behavioral advertising. No opt-out action is required, but you may confirm this by contacting us.
• Right to Limit Use of Sensitive Personal Information (CPRA § 1798.121): We do not use or disclose sensitive personal information for purposes beyond those necessary to provide the Services. No further limitation request is required.
• Right to Non-Discrimination (CCPA § 1798.125): We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, provide a different level of service, or suggest you will receive a different quality of service because you exercised your rights.

11.3 How to Submit a Request

To exercise any of the rights above, submit a verifiable consumer request by emailing [email protected] with the subject line "California Privacy Request." We will respond within 45 days. You may designate an authorized agent to submit requests on your behalf; we may require proof of authorization.

12. Contact Us

For privacy-related questions or to exercise your rights, contact us at: [email protected]