Privacy Policy

Last updated: March 21, 2026

This legal document is available in English only. Translated versions are provided for convenience and are not legally binding.

1. Introduction

lnk24co Inc. ("lnk24co," "we," "us," or "our") operates a link management platform that provides link shortening, analytics, custom domains, bio pages, QR code generation, team collaboration, API access, webhooks, and free web tools (collectively, the "Services"). This Privacy Policy describes how we collect, use, disclose, and otherwise process your personal information when you access or use our website, applications, APIs, and Services.

By accessing or using any part of the Services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not access or use the Services. Your continued use of the Services following the posting of any changes to this Privacy Policy constitutes acceptance of those changes.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, password (stored in hashed form), profile photograph, and other profile details you choose to provide. If you sign up or log in through a third-party single sign-on (SSO) provider such as Google, GitHub, or an enterprise SAML/OIDC identity provider, we may receive your name, email address, and profile photograph from that provider.

2.2 Payment Information

When you subscribe to a paid plan, we collect your billing name, billing address, and payment method details. Payment card information is processed directly by our payment processor, Stripe, Inc., and is subject to Stripe's privacy policy. We do not store your full credit card number, CVV, or other sensitive payment card details on our servers. We retain only a truncated card number, expiration date, and billing address for record-keeping and invoicing purposes.

2.3 Content You Create

We collect and store the content you create through the Services, including shortened links and their destination URLs, bio pages and their associated content, QR codes and their configurations, custom domain settings, team workspace configurations, API keys, and webhook endpoint URLs.

2.4 Communications

When you contact our support team, respond to surveys, participate in promotions, or otherwise communicate with us, we collect the information you provide in those communications, including your name, email address, and the content of your messages.

2.5 Automatically Collected Information

When you use our Services, we automatically collect certain information, including:

• IP Address: Your Internet Protocol address, which may be used to approximate your geographic location.
• Device Information: Device type, operating system and version, unique device identifiers, and hardware model.
• Browser Information: Browser type and version, browser language, and screen resolution.
• Usage Data: Pages visited, features used, links created, actions taken, timestamps, session duration, and interaction patterns within the Services.
• Referral Data: The URL of the website or page that referred you to our Services and the URL you navigate to when leaving.
• Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your interactions with the Services. See Section 15 (Cookie Policy Reference) for more details.

2.6 Analytics Click Data

When someone clicks a link managed through our platform, we collect click analytics data including the visitor's IP address (which is anonymized and not stored in raw form), approximate geographic location (derived from IP and discarded after geolocation), browser and device type, referral source, and timestamp. This data is aggregated and presented to link owners in an anonymized, statistical format. We do not use click analytics data to build individual profiles of link visitors.

2.7 Free Web Tools Data

Our free web tools (such as URL validators, encoders/decoders, and similar utilities) are designed to process data entirely client-side within your browser. No data you input into these tools is transmitted to our servers, stored, logged, or otherwise collected by us. All processing occurs locally on your device using JavaScript executed in your browser environment. We have no access to, and do not retain any record of, the inputs you provide to or outputs generated by these tools.

3. How We Use Information

We use the information we collect for the following purposes:

• Provide and Maintain Services: To operate, deliver, and maintain the Services, including link shortening, analytics dashboards, bio pages, QR code generation, custom domains, team collaboration features, API access, and webhook delivery.
• Process Payments: To process your subscription payments, send purchase confirmations and invoices, and manage your billing account.
• Analytics: To monitor, analyze, and improve the Services, including tracking usage trends, measuring feature adoption, and understanding how users interact with the platform.
• Security: To detect, investigate, and prevent fraudulent transactions, unauthorized access, abuse, spam, and other illegal or malicious activities, and to protect the security and integrity of the Services.
• Communications: To send you technical notices, updates, security alerts, administrative messages, and, with your consent where required, marketing communications about products, services, and events we think may interest you.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests, and to enforce our terms, conditions, and policies.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

• Consent: Where you have given us explicit consent to process your personal data for specific purposes, such as receiving marketing communications or enabling optional analytics features. You may withdraw your consent at any time.
• Performance of a Contract: Where processing is necessary to perform our contract with you, including providing the Services, maintaining your account, and processing your payments.
• Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include operating and improving the Services, ensuring security, preventing fraud, and conducting analytics.
• Legal Obligation: Where processing is necessary to comply with a legal obligation to which we are subject, such as tax reporting, responding to lawful government requests, or complying with court orders.

5. Information Sharing

We do not sell your personal information. We may share your information in the following limited circumstances:

• Service Providers: We share information with third-party vendors who perform services on our behalf. These include:
  • Stripe, Inc.— for payment processing and subscription management
  • Cloud hosting providers— for infrastructure, data storage, and content delivery
  • Email service providers— for transactional emails, notifications, and, where you have opted in, marketing communications
  These providers are contractually obligated to process your data only as directed by us and in accordance with this Privacy Policy. They are prohibited from using your personal information for their own purposes.
• Legal Requirements: We may disclose your information if we are required to do so by law, regulation, legal process, subpoena, court order, or governmental request, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of lnk24co, our users, or the public.
• Business Transfers: In connection with, or during negotiations of, a merger, acquisition, reorganization, asset sale, bankruptcy, or similar corporate transaction, your information may be transferred, disclosed, or otherwise shared as part of that transaction. We will notify you via email and/or a prominent notice on the Services if your information becomes subject to a different privacy policy.
• With Your Consent: We may share your information with third parties when you have given us explicit, informed consent to do so.
• Aggregated and De-Identified Data: We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. Such data is not considered personal information under applicable law.

6. International Data Transfers

Your information may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country. Specifically, our servers and service providers may be located in the United States and other jurisdictions.

For transfers of personal data from the EEA, the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection by the European Commission, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission (and, for UK transfers, the UK International Data Transfer Addendum) as our primary transfer mechanism. Where applicable, we also implement supplementary technical and organizational measures to ensure an adequate level of protection.

We also recognize the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as valid mechanisms for international data transfers, and we rely on these frameworks where applicable. A copy of our Standard Contractual Clauses is available upon request by contacting us at [email protected].

7. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Our retention periods are determined based on the following criteria:

• Account Data: Retained for as long as your account is active. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
• Analytics Data: Click and visitor analytics are retained according to your subscription plan tier. Aggregated, anonymized analytics may be retained indefinitely.
• Server Logs: Access and error logs are retained for up to 90 days.
• Billing and Transaction Records: Retained for up to 7 years to comply with applicable tax, accounting, and financial reporting obligations.
• Communications: Support correspondence and related records may be retained for up to 3 years after resolution.

You may request deletion of your account and associated personal data at any time through your account settings or by contacting us at[email protected]. We will process deletion requests within 30 days, subject to any legal obligations that require us to retain certain information.

8. Your Rights Under the GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR (and equivalent UK and Swiss legislation):

• Right of Access: You have the right to request a copy of the personal data we hold about you, together with information about how we process it.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data we hold about you.
• Right to Erasure ("Right to Be Forgotten"): You have the right to request deletion of your personal data, subject to certain legal exceptions (e.g., where retention is required for compliance with a legal obligation).
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to our processing.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller without hindrance.
• Right to Object: You have the right to object to our processing of your personal data where we rely on legitimate interests as the legal basis, or where we process your data for direct marketing purposes.
• Right to Withdraw Consent: Where we process your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe that our processing of your personal data violates applicable data protection law.

To exercise any of these rights, please contact us at[email protected]. We will respond to your request within 30 days (or such shorter period as may be required by applicable law). We may need to verify your identity before processing your request.

9. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purpose for collecting or selling it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions provided by law.
• Right to Correct: You have the right to request correction of inaccurate personal information that we maintain about you.
• Right to Opt-Out of Sale or Sharing:You have the right to opt out of the "sale" or "sharing" of your personal information as those terms are defined under the CCPA/CPRA. We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights, including by denying you goods or services, charging you different prices, or providing a different level or quality of service.
• Shine the Light (Cal. Civ. Code § 1798.83): California residents may request information regarding the disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

To submit a verifiable consumer request, please email[email protected]or use the "Do Not Sell or Share My Personal Information" link in the footer of our website. We will verify your identity before processing your request and will respond within 45 days (which may be extended by an additional 45 days where reasonably necessary).

10. Other US State Privacy Laws

If you are a resident of Virginia, Colorado, Connecticut, or Utah, you may have additional privacy rights under your state's privacy law:

• Virginia Consumer Data Protection Act (VCDPA): Virginia residents have the right to access, correct, delete, and obtain a copy of their personal data, as well as the right to opt out of the processing of personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.
• Colorado Privacy Act (CPA): Colorado residents have similar rights to access, correct, delete, and obtain a portable copy of their personal data, as well as the right to opt out of targeted advertising, the sale of personal data, and certain profiling activities.
• Connecticut Data Privacy Act (CTDPA): Connecticut residents have the right to access, correct, delete, and obtain a copy of their personal data, and the right to opt out of the sale of personal data, targeted advertising, and profiling.
• Utah Consumer Privacy Act (UCPA): Utah residents have the right to access and delete their personal data, and the right to opt out of the sale of personal data and targeted advertising.

To exercise any of these rights, please contact us at[email protected]. If we decline your request, you may have the right to appeal our decision by contacting us at the same address.

11. Children's Privacy

The Services are not directed to, and are not intended for use by, children under the age of 16. We do not knowingly collect personal information from children under the age of 16. If we become aware that we have inadvertently collected personal information from a child under 16 without verified parental consent, we will take commercially reasonable steps to delete that information as quickly as possible. If you are a parent or guardian and believe that your child under 16 has provided us with personal information, please contact us immediately at[email protected] so that we can take appropriate action.

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from children under the age of 13. Our commitment to protecting children's privacy extends to all applicable jurisdictions and regulations.

12. Security

We implement commercially reasonable technical, administrative, and organizational security measures designed to protect your personal information from unauthorized access, disclosure, alteration, destruction, and misuse. These measures include, but are not limited to:

• Encryption of data in transit using TLS 1.3
• Encryption of data at rest using AES-256
• Regular security assessments, penetration testing, and audits
• Role-based access controls and principle of least privilege for internal systems
• Monitoring for suspicious activity and unauthorized access
• Incident response procedures and breach notification protocols

NOTWITHSTANDING THE FOREGOING, NO METHOD OF TRANSMISSION OVER THE INTERNET, METHOD OF ELECTRONIC STORAGE, OR OTHER SECURITY MEASURE IS COMPLETELY SECURE, AND WE CANNOT AND DO NOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR PERSONAL INFORMATION. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WE SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS TO, OR DISCLOSURE, ALTERATION, OR DESTRUCTION OF, YOUR PERSONAL INFORMATION RESULTING FROM CIRCUMSTANCES BEYOND OUR REASONABLE CONTROL, INCLUDING BUT NOT LIMITED TO HACKING, CYBERATTACKS, OR OTHER CRIMINAL ACTIVITIES BY THIRD PARTIES.

13. Third-Party Links

The Services may contain links to third-party websites, applications, and services that are not owned or controlled by lnk24co. This includes, without limitation, destination URLs of shortened links created by our users. We are not responsible for the privacy practices, content, or security of any third-party websites or services.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, LNKCO24 DISCLAIMS ALL LIABILITY ARISING OUT OF OR IN CONNECTION WITH YOUR ACCESS TO OR USE OF ANY THIRD-PARTY WEBSITES, SERVICES, OR CONTENT LINKED TO FROM OR THROUGH THE SERVICES. WE ENCOURAGE YOU TO REVIEW THE PRIVACY POLICY OF EVERY THIRD-PARTY WEBSITE OR SERVICE YOU VISIT OR INTERACT WITH.

14. Free Web Tools

lnk24co offers a suite of free web tools (including but not limited to URL validators, encoders/decoders, meta tag generators, UTM builders, and similar utilities) as part of the Services.

These tools are designed to process all data entirely locally within your web browser using client-side JavaScript. No data that you input into these tools is transmitted to, received by, stored on, or otherwise processed by our servers. We do not log, record, collect, or have any access to the inputs you provide to or the outputs generated by these tools.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, YOU ACKNOWLEDGE AND AGREE THAT YOUR USE OF THE FREE WEB TOOLS IS AT YOUR SOLE RISK. THE FREE WEB TOOLS ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR NON-INFRINGEMENT. YOU ARE SOLELY RESPONSIBLE FOR ANY DATA YOU INPUT INTO THE FREE WEB TOOLS, AND LNKCO24 SHALL HAVE NO LIABILITY WHATSOEVER FOR ANY LOSS, DAMAGE, OR HARM ARISING FROM YOUR USE OF THESE TOOLS OR RELIANCE ON THEIR OUTPUTS. YOU SHOULD NOT INPUT SENSITIVE, CONFIDENTIAL, OR REGULATED DATA INTO ANY TOOL WITHOUT INDEPENDENTLY VERIFYING THAT THE TOOL IS APPROPRIATE FOR SUCH DATA.

15. Cookies

We use cookies and similar tracking technologies (including web beacons, pixels, and local storage) to collect information, personalize your experience, and analyze usage of the Services. For comprehensive information about the types of cookies we use, their purposes, how to manage your cookie preferences, and your choices regarding cookies, please refer to our Cookie Policy.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page. For material changes that significantly affect your rights or our processing of your personal information, we will provide additional notice by sending an email to the address associated with your account and/or by displaying a prominent notice within the Services prior to the changes taking effect.

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy, our data practices, or if you wish to exercise any of your rights described herein, please contact us at:

• Email: [email protected]
• Mailing Address: lnk24co Inc., 123 Link Street, Suite 400, San Francisco, CA 94105, United States
• Data Protection Officer: [email protected]

If you are located in the EEA, the United Kingdom, or Switzerland and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

18. Disclaimer of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES AND ALL ASSOCIATED PRIVACY AND DATA PROTECTION MEASURES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. LNKCO24 MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THE SERVICES, THE ACCURACY OR COMPLETENESS OF ANY INFORMATION PROVIDED THROUGH THE SERVICES, OR THE SECURITY OF YOUR PERSONAL INFORMATION. TO THE FULLEST EXTENT PERMISSIBLE UNDER APPLICABLE LAW, LNKCO24 DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL LNKCO24, ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, AFFILIATES, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATED TO (A) ANY UNAUTHORIZED ACCESS TO OR USE OF YOUR PERSONAL INFORMATION, (B) ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE SERVICES, (C) ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE THAT MAY BE TRANSMITTED TO OR THROUGH THE SERVICES BY ANY THIRD PARTY, (D) ANY ERRORS OR OMISSIONS IN ANY CONTENT OR FOR ANY LOSS OR DAMAGE INCURRED AS A RESULT OF THE USE OF ANY CONTENT POSTED, EMAILED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE THROUGH THE SERVICES, OR (E) YOUR USE OF ANY FREE WEB TOOLS OR RELIANCE ON THEIR OUTPUTS, WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

YOU ACKNOWLEDGE AND AGREE THAT YOU ARE SOLELY RESPONSIBLE FOR ALL DATA, CONTENT, AND INFORMATION THAT YOU INPUT INTO, TRANSMIT THROUGH, OR GENERATE USING THE SERVICES, INCLUDING ANY FREE WEB TOOLS. LNKCO24 SHALL HAVE NO LIABILITY FOR ANY CONSEQUENCES ARISING FROM YOUR DECISION TO INPUT PERSONAL, SENSITIVE, CONFIDENTIAL, OR REGULATED DATA INTO ANY PART OF THE SERVICES.

Nothing in this Privacy Policy is intended to limit any rights you may have that may not be lawfully limited, or to exclude or limit our liability where it cannot be excluded or limited under applicable law.