Privacy & Compliance

GDPR Compliance & Data Protection

Linkzly is committed to protecting your privacy and ensuring full compliance with the General Data Protection Regulation (GDPR) and other data protection laws.

Your GDPR Rights

Right to Access

Request a copy of all personal data we hold about you, including link analytics, user profiles, and activity logs.

Right to Rectification

Request correction of inaccurate or incomplete personal data in your account settings or organization details.

Right to Erasure

Request deletion of your personal data, including all links, analytics data, and account information.

Right to Restriction

Request limitation of processing your personal data while we verify accuracy or process your objections.

Right to Portability

Receive your personal data in a structured, machine-readable format (JSON/CSV) for transfer to another service.

Right to Object

Object to processing of your personal data for direct marketing, analytics, or other legitimate interests.

Data We Collect & Process

Account Data

  • Email address, name, and profile information
  • Organization details and team membership
  • Authentication credentials (hashed passwords, 2FA settings)
  • API keys and webhook configurations

Link & Analytics Data

  • Short links, QR codes, and destination URLs
  • Click data: timestamps, IP addresses (anonymized after 90 days), user agents
  • Geo-location data (city/country level, derived from IP)
  • Device and browser information for attribution
  • Mobile app attribution data (SDK events, install tracking)

Technical Data

  • Activity logs and audit trails (retained for 90 days)
  • Integration configurations (webhooks, third-party services)
  • Payment and subscription information (via Stripe)

Legal Basis for Processing

Contract Performance

Processing necessary to provide our link management and attribution services as outlined in our Terms of Service.

Legitimate Interests

Analytics processing to improve service quality, prevent fraud, and ensure platform security.

Consent

Marketing communications and optional features (which you can opt out of at any time).

Legal Obligation

Compliance with applicable laws, regulations, and legal processes.

Data Retention Policy

Account Data: Retained while your account is active and for 30 days after deletion request
Analytics Data: Click data retained for 24 months; IP addresses anonymized after 90 days
Activity Logs: Audit trails retained for 90 days for security purposes
Backup Data: Encrypted backups retained for 30 days, then permanently deleted
Legal Holds: Data may be retained longer if required by law or legal proceedings

Security & Protection Measures

Encryption

  • TLS 1.3 for data in transit
  • AES-256 encryption at rest
  • Encrypted database backups

Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication (2FA)
  • API key authentication

Infrastructure

  • SOC 2 compliant hosting
  • Regular security audits
  • DDoS protection

Monitoring

  • 24/7 security monitoring
  • Automated threat detection
  • Incident response procedures

International Data Transfers

Linkzly operates globally and may transfer your personal data to countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs):

EU-approved data transfer agreements with all third-party processors

Adequacy Decisions:

Data transfers to countries with EU-recognized adequate protection levels

Data Processing Agreements:

Binding agreements with all sub-processors ensuring GDPR compliance

Third-Party Data Processors

We work with the following categories of third-party processors:

Cloud Infrastructure

AWS, DigitalOcean

Hosting and data storage

Payment Processing

Stripe

Subscription and billing

Email Services

SendGrid, AWS SES

Transactional emails

Analytics

Internal systems only

Service improvement

CDN

AWS CloudFront

Content delivery

Monitoring

Sentry, DataDog

Error tracking and performance

Exercise Your Rights

To exercise any of your GDPR rights or if you have questions about how we process your data, please contact our Data Protection Officer.

Email: dpo@linkzly.com
Response time: Within 30 days

Right to Lodge a Complaint

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, you can find your authority at edpb.europa.eu.

Last updated: January 2025

This GDPR compliance page is regularly reviewed and updated to reflect our current practices.

Privacy-First Link Management

Experience GDPR-compliant link tracking with full data control. Manage your data rights, export analytics, and maintain compliance effortlessly.