Privacy Policy

Last Updated: April 21, 2026

1. Who We Are

Linkly ("Linkly," "we," "us," or "our") provides software for creating, managing, and tracking branded campaign links, custom domains, and client reporting workflows. Our product is built around link management, click tracking, custom domains, campaign attribution, client workspaces, billing, basic analytics, and we may add integrations over time.

This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

Contact: privacy@uselinkly.com

2. Information We Collect

Account Information

When you create an account, we may collect:

  • Name
  • Email address
  • Password (stored securely in hashed form), or authentication via a third-party provider if you choose that option (for example, Sign in with Google through our auth provider)
  • Company or agency name
  • Billing and subscription details (see below)

If you use Google or another supported identity provider, that provider processes login according to its own terms and privacy policy; we receive the profile details needed to create and maintain your account (such as email and name) through our authentication service. Optional security features (such as multi-factor authentication) are also handled through that authentication service.

Billing. Subscriptions and checkout are handled by our payment partner. We do not store full payment card numbers on our servers. We may store limited billing metadata needed to administer your account—for example billing name, billing address fields, card brand, and last four digits of the card—when our provider makes that information available after a successful purchase.

Workspace Data

When you use Linkly, we may collect data you create inside the platform, including:

  • Short links and destination URLs
  • UTM parameters
  • Campaign names
  • Client workspaces
  • Custom domain settings
  • Redirect rules
  • Team member permissions
  • Email addresses you invite to join a workspace, and related invitation status
  • Audit-style records of certain workspace actions (for example membership or access changes), which may include who acted and when

Analytics and Usage Data

When someone visits a tracked short link, our systems may record a click event to power analytics, including:

  • Referrer (when the browser sends it)
  • Browser or app user-agent string (used to infer device or client type)
  • Country or region code when supplied by our CDN or hosting edge (for example from CF-IPCountry or similar headers)—not a precise street address
  • Timestamp of the visit
  • Aggregated click counts and reporting you see in the product

We use this data to operate link analytics, reporting, and reliability. We do not attach a full IP address to each stored click record; IP addresses may still be processed separately for security and rate limiting (see Technical Information).

Link visitors may be subject to tracking and analytics configured by Linkly customers, and those customers may have separate privacy obligations regarding their use of tracked links.

Product analytics in the Linkly application

When you use our marketing site or signed-in web application, we may use analytics providers to collect usage and event data—which can include identifiers such as a user or account ID, profile or contact details when we configure them, URLs or paths you visit, clicks and interactions, and device or browser metadata—to measure usage, improve features, deliver feature flags, and understand product performance. Depending on our configuration, we may use session replay or similar interaction analytics to help diagnose usability issues and improve the product; we configure such tools to avoid collecting sensitive information where reasonably possible.

Technical Information

We may automatically collect or process:

  • IP address (for example for abuse prevention, rate limiting, and protecting the API), including via short-lived processing with infrastructure partners
  • Browser and device information
  • Log data
  • Error reports and crash diagnostics
  • Performance telemetry
  • Technical events related to product reliability and debugging
  • Authentication events

3. How We Use Information

We use information to:

  • Provide and operate Linkly
  • Manage links, domains, and redirects
  • Deliver analytics and reporting
  • Process subscriptions and billing
  • Detect fraud, abuse, or unauthorized activity
  • Improve product performance and reliability
  • Communicate service updates or security notices
  • Send transactional messages such as team invitations and account emails
  • Comply with legal obligations

We do not sell personal information.

We do not use your data to train AI models.

4. Third Party Services

Some providers may process information on our behalf as data processors, subject to their own privacy terms and security practices.

We may use providers such as:

Infrastructure

  • Vercel for hosting the application and API
  • Cloudflare for security, DNS, and delivery (including country/region signals used for click analytics where available)
  • Supabase for authentication, database, and related infrastructure

Payments

  • Polar for subscriptions, checkout, and billing events (underlying card processing may be handled by Polar and its payment processors)

Communications

  • Resend (or similar providers) for transactional email

Security and reliability

  • Upstash (or similar) for caching and rate limiting, which may involve processing IP addresses or request identifiers for short periods
  • Sentry for application monitoring, error logging, crash diagnostics, and debugging; depending on configuration we may collect limited session replay or similar interaction data only in connection with errors (not broad always-on replay), configured to reduce sensitive data where reasonably possible

Analytics

  • PostHog for product analytics, usage measurement, session analysis, feature flags, event analytics, and feature improvement; depending on our configuration this may include session replay or similar capabilities

Social login

  • Google (or other providers), when you choose social login—subject to that provider’s policies

Dedicated redirect infrastructure (servers that perform the HTTP redirect when a short link is opened) writes click events to our database and reads link and domain configuration.

These providers process data only as needed to provide their services.

We may update or replace service providers from time to time as our infrastructure evolves.

5. Data Sharing

We do not sell or rent your data.

We may share data only:

  • With service providers described above
  • If required by law
  • To protect the security of the service
  • In connection with a merger, acquisition, or business transfer

6. Custom Domains

If you connect a custom domain to Linkly, we may process DNS and configuration data necessary to:

  • Verify domain ownership
  • Configure redirects
  • Maintain domain functionality
  • Monitor domain health

You remain responsible for domains you connect to the platform.

7. Security

We use reasonable safeguards to protect data, including:

  • Encryption in transit (HTTPS/TLS)
  • Access controls
  • Secure authentication
  • Infrastructure monitoring
  • Fraud and abuse protections

No system can guarantee absolute security.

If we become aware of a material security incident affecting personal information, we may notify affected users and relevant authorities where required by law.

8. Data Retention

We retain data only as long as needed to provide the service or comply with legal obligations.

Examples:

  • Account data: while your account is active
  • Link and campaign data: while retained in your workspace
  • Billing records: as required by law
  • Security logs and rate-limiting data: limited retention for abuse prevention
  • Audit log entries: while your workspace exists or as needed for security

9. Your Rights

You may have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Export your data
  • Close your account

Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA, including rights to object to processing, restrict processing, or appeal certain decisions.

Requests may be submitted to:

privacy@uselinkly.com

10. Cookies and Similar Technologies

We use cookies and similar browser technologies (such as local storage) for:

  • Authentication
  • Security
  • Session management
  • Product analytics
  • Performance monitoring

Analytics and monitoring tools may use cookies or similar storage to recognize sessions, attribute events, or persist preferences. We do not use advertising cookies for cross-site tracking.

Do Not Track

Some browsers offer a Do Not Track signal. Because there is not yet a universal standard for responding to these signals, Linkly does not currently respond to them.

11. Children

Linkly is not intended for children under 16.

We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will update the effective date and provide notice where appropriate.

13. Contact

Questions about this Privacy Policy:

privacy@uselinkly.com