Privacy Policy

This Privacy Policy explains how linkbo.at ("we," "us," or "our") collects, uses, and protects your information when you use our Service. We built linkbo.at with privacy in mind. We collect only what we need to operate the Service, we never sell your data, and we give you meaningful control over what you share. By using linkbo.at, you agree to the practices described in this Policy.

Account information When you sign up, we collect your email address and, optionally, your name and profile photo. If you sign in via Google OAuth, we receive basic profile data from Google. Content you create Pages, widgets, uploaded images, text, and any other content you add to your linkbo.at page is stored on our servers to deliver the Service. Usage data We collect anonymized analytics about how you use the editor and dashboard — features used, session duration, errors encountered. This helps us improve the product. Page visitor analytics When someone visits your published page, we record the event at the edge (country via Cloudflare CF-IPCountry header, device type, referrer, UTM parameters). This data is stored in Cloudflare Workers Analytics Engine and is never written to our main database alongside personal data. Payment information Billing is handled entirely by Dodo Payments, our Merchant of Record. We do not store your card number, bank details, or full payment information. We receive only a transaction ID and subscription status from Dodo. Communications If you contact us by email, we retain that correspondence to respond and improve support.

We use the information we collect to: • Provide, operate, and maintain the Service • Authenticate your identity and keep your account secure • Process payments and manage your subscription • Send transactional emails (account confirmation, password reset, billing receipts) • Display analytics data on your dashboard • Power AI features when you request them (prompts are sent to Anthropic's API) • Respond to support requests • Detect and prevent abuse, spam, and security threats • Comply with legal obligations We do not use your content to train AI models without your explicit consent.

When you use AI features (page generation, bio rewrite, chat widget, etc.), your prompts and relevant page content are sent to Anthropic's Claude API for processing. Anthropic's privacy policy governs how they handle this data. We do not permanently store raw AI prompts beyond what is necessary to return a response and track credit usage. AI-generated outputs that you save to your page are stored as regular page content. For the AI chat widget on your public page, visitor messages are processed by Anthropic in real time and are not stored on our servers after the session ends.

We do not sell, rent, or trade your personal information. We share data only with: Service providers — Supabase (database and storage), Cloudflare (CDN, DNS, analytics), Dodo Payments (billing), Resend (transactional email), Anthropic (AI processing), Vercel (hosting). Each is contractually bound to protect your data. Legal requirements — We may disclose information if required by law, court order, or to protect the rights, property, or safety of linkbo.at, our users, or the public. Business transfers — If linkbo.at is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy. With your consent — For any other purpose with your explicit permission.

Content you publish on your linkbo.at page is publicly accessible by anyone on the internet, including search engines. This is a core feature of the Service — your page is server-rendered and SEO-indexed by design. You control what appears on your page. Do not publish sensitive personal information you do not want publicly visible. If you delete your page or account, the public URL will stop serving content within minutes and will be fully deindexed from search engines over time (we submit a removal request via sitemap update).

We use a minimal set of cookies: Authentication cookie — a secure, HTTP-only session cookie set by Supabase Auth to keep you logged in. This is strictly necessary and cannot be disabled without logging out. Preference cookie — stores your theme preference (light/dark). No tracking. Analytics — we do not use third-party advertising cookies or tracking pixels. Page view events are recorded at the edge without setting cookies on your visitors' browsers. You can manage cookie preferences in your browser settings. See our Cookies Policy for full details.

Account data — retained for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it by law (e.g., billing records for tax purposes — up to 7 years). Analytics data — Free tier: 7-day rolling window. Pro tier: 90-day rolling window. Aggregated, non-personal analytics may be retained indefinitely. AI usage logs — credit usage counters are retained for billing and quota purposes. Raw prompts are not retained. Backup copies — deleted data may persist in encrypted backups for up to 30 days before being purged.

We implement industry-standard security measures including: • Encryption in transit (TLS 1.2+) for all data • Encryption at rest for database and storage • Row-Level Security (RLS) on all database tables — you can only access your own data • The service-role key is never exposed to client-side code • Regular security audits of RLS policies, API routes, and widget sandboxes No system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@linkbo.at.

Depending on your location, you may have the following rights: Access — request a copy of the personal data we hold about you. Correction — request correction of inaccurate data. Deletion — request deletion of your personal data ("right to be forgotten"). Portability — request an export of your data in a machine-readable format. Objection — object to certain types of processing. Withdrawal of consent — withdraw consent where processing is based on consent. To exercise any of these rights, email privacy@linkbo.at. We will respond within 30 days. If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at hello@linkbo.at and we will delete it promptly.

linkbo.at operates globally. Your data may be stored and processed in countries outside your own, including the United States. We rely on standard contractual clauses and other appropriate transfer mechanisms to ensure your data is protected in accordance with this Policy regardless of where it is processed.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and update the "Last updated" date at the top of this page. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

Questions, requests, or concerns about this Privacy Policy: Email: privacy@linkbo.at General: hello@linkbo.at We aim to respond within 5 business days.