Privacy Policy

This Privacy Policy explains what personal data Linkfor (operated by [Operator name]) collects when you visit our marketing site, sign up, manage sites, or visit a site published on the platform — and what we do with that data. We aim to collect as little as we can, keep it only as long as we need it, and never sell it.

This policy is written with the EU General Data Protection Regulation (GDPR) in mind. It extends equivalent treatment to visitors in other jurisdictions (UK GDPR, California CPRA, Turkey KVKK). Where local law grants additional rights, we honour those too.

The controller of personal data processed through the Service is [Operator name], [Registered address]. For privacy questions, data-subject requests, or to raise a concern, email privacy@linkfor.xyz.

Account data. When you sign up we store your email, your display name, a hashed password (if you choose the email + password flow), and — if you sign in with an OAuth provider — the identifiers that provider returns to us (a stable user id and the verified email). We never see your provider password.

Site configuration. For every site you publish we store the Notion page id you linked, your chosen subdomain, metadata (title, description, social image), navigation links, custom domains you attached, and feature toggles. This lives in our Postgres database and a Redis mirror for read performance.

Billing data. If you upgrade to a paid plan, Polar — acting as our Merchant of Record — collects your payment and billing details directly; we only receive a subscription identifier, your plan, status, renewal timestamp, and the masked identifiers Polar shares with us. We do not see or store card numbers.

Operational telemetry. Our servers log requests for security and debugging (timestamp, IP address, user agent, path, status code). If you enable error reporting, we send anonymised exception traces to Sentry. Logs are rotated and retained for a limited period (see “Retention”).

Tenant-site analytics. If pageview counting is enabled for a site, we record aggregate counts per day (and, in some configurations, per page). We do not place a cookie on visitors for counting and we do not build per-visitor fingerprints. See the Cookie Policy for details.

Reports of abuse. When someone submits a report through /report, we keep the reported host, the description, and — if provided — the reporter's email so we can follow up. Reports are visible only to platform administrators.

• To operate the Service — create accounts, render your Notion pages on your chosen domains, send you transactional email (sign-up confirmation, password reset, subscription receipts). Legal basis: performance of a contract with you (GDPR Art. 6(1)(b)).
• To secure the Service — detect fraud, stop abuse, respond to incidents, keep audit trails. Legal basis: our legitimate interest in running a safe platform (Art. 6(1)(f)).
• To comply with law — retain invoicing records, respond to lawful access requests, honour data-subject rights. Legal basis: legal obligation (Art. 6(1)(c)).
• To improve the Service — aggregate, non-identifying analytics on dashboard usage. Legal basis: legitimate interest, with the ability to opt out.
• Marketing — we do not send unsolicited marketing email. Product updates sent to paying customers ride on legitimate interest; you can opt out at any time.

We rely on a small set of service providers (“sub-processors”) to run the Service. They only process personal data on our instructions and under written agreements that meet GDPR Art. 28 requirements.

• Hosting & CDN — for serving the application, terminating TLS, and attaching custom domains.
• Database (Neon or equivalent Postgres) — primary datastore for accounts and site configuration.
• Cache / KV (Upstash Redis) — hot-path site lookup, rate limiting, pageview counters.
• Object storage (Cloudflare R2 or equivalent) — favicon and social-image uploads.
• Transactional email (Resend or Mailgun) — sign-up, password reset, domain-verified notifications.
• Billing (Polar, Merchant of Record) — checkout, invoicing, tax collection and remittance.
• OAuth identity (Google, GitHub — optional) — if you choose social sign-in.
• Error monitoring (Sentry — optional) — anonymised exception traces.
• Source content (Notion) — you explicitly link public Notion pages; Notion remains the controller of the underlying page content.

A current list with jurisdictions is available on request from privacy@linkfor.xyz.

Some of the processors listed above operate in, or transfer data to, countries outside [Country] and the European Economic Area. Where they do, we rely on the European Commission's Standard Contractual Clauses and, where relevant, additional technical safeguards (encryption in transit and at rest). You may contact us for a copy of the transfer mechanisms in place.

• Account + site configuration — for as long as your account exists. When you delete your account we delete the associated user row; owned sites are either transferred to another admin or deleted, depending on the option you select.
• Billing records — Polar retains invoices per its own policy; we keep subscription metadata for as long as required by local tax law (typically up to 10 years).
• Server + error logs — rotated within 30 days by default; longer where needed to investigate a security incident.
• Tenant analytics counters — daily buckets expire after 35 days.
• Abuse reports — retained while the account exists and for a reasonable follow-up period thereafter.

We protect personal data with reasonable and industry-standard measures: TLS in transit, encryption at rest with our storage providers, scoped access credentials, bcrypt password hashing via Better Auth, audit-logged administrative actions, and minimum-privilege access for operators. No system is perfectly secure; if we learn of an incident that affects your data, we will notify you without undue delay in line with applicable law.

Subject to applicable law, you have the right to:

• Access — a copy of the personal data we hold about you;
• Rectification — correct inaccurate or incomplete data;
• Erasure — delete your account and associated data, subject to legal retention duties;
• Restriction — ask us to pause processing while a dispute or request is resolved;
• Portability — receive your data in a machine-readable format;
• Objection — object to processing grounded on legitimate interest;
• Withdraw consent — where we relied on consent, you can withdraw it at any time without affecting prior processing;
• Complaint — lodge a complaint with your local supervisory authority (for EU residents, the DPA in your Member State).

To exercise any of these rights, email privacy@linkfor.xyz. We respond within 30 days.

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. Risk signals (e.g. rate limiting, abuse detection) may block a request automatically, but a human reviews any account-level suspension before it is final.

We update this policy when our processing changes. The updated version is posted at this URL with a new “Last updated” date. For material changes we give notice before they take effect, for example by email to the address associated with your account.

Privacy questions, data-subject requests, or concerns: privacy@linkfor.xyz. Postal address: [Registered address].