Privacy Policy

Notelink / Linnky

Effective date: 16 Oct 2025

Contact: admin@notelink.ink

This notice explains what we collect, why, how we use it, and your rights. It's designed to meet GDPR "right to be informed"/Article 13 requirements (clear, concise, plain language) and CCPA/CPRA "notice at collection."

1) Who we are (Controller)

Notelink (Linnky). Contact: admin@notelink.ink

2) What we collect

Account & contact: Privy user identifier, email (through Privy), login metadata.

Profile data you add: display name, username, bio, avatar, social links, other links, publish state.

Payments: Stripe provides us with the outcome (paid/unpaid) and minimal transaction metadata—no full card data is ever stored on our servers.

Usage: basic logs (e.g., requests, device/approx. location from IP), cookies/LocalStorage required for auth session and basic analytics.

Under CCPA/CPRA, these map to identifiers, internet activity, and limited commercial info. We list categories and purposes at or before collection as required.

3) Why we collect it (Purposes)

  • Provide and secure sign-in, build your profile page, and show it publicly if you publish.
  • Process payments and manage access to paid features.
  • Improve reliability, prevent abuse, and comply with law.

4) Where data lives / processors

Privy (auth/email), Stripe (payments), Supabase (DB/storage), Google Cloud and Vercel (hosting). We have data-processing agreements with our vendors where applicable.

5) Legal bases (GDPR)

  • Contract (to provide the service you request).
  • Legitimate interests (security, service improvement).
  • Consent (where law requires, e.g., certain cookies/marketing).
  • Legal obligation (tax/financial recordkeeping).

6) Your rights

Depending on where you live, you can request access, correction, deletion, portability, restriction/objection, and to withdraw consent. We'll respond within applicable timelines. GDPR rights summary: access/rectification/erasure/restriction/portability/objection; CCPA rights include notice, access, deletion, and opting out of certain disclosures.

7) Do we sell personal information?

We do not sell personal information. If we ever offer optional sharing that counts as "selling" or "sharing" under CPRA, we'll provide a "Do Not Sell or Share" link as required.

8) Data retention

We keep data only as long as needed for the purposes above (e.g., while your account exists), or to meet legal/financial obligations. This aligns with GDPR's requirement to state retention periods or criteria.

9) Security

We use industry-standard technical and organizational measures. No method is 100% secure, but we work to protect your data.

10) International transfers

If data is transferred across borders, we use appropriate safeguards (e.g., standard contractual clauses) where required.

11) Children

Not intended for children under 16. If you believe a child has provided data, contact us to remove it.

12) Changes

We'll update this Policy as our service evolves and notify you of material changes.