Privacy Policy

This Privacy Policy explains what personal data linkrypt processes, why, for how long, and what rights you have. Last updated: 2026-05-23-v2.

1. Who we are

linkrypt is operated by IZZY.Agency ("we", "us"). We are the data controller for the processing described below.

2. What we collect

We collect the minimum data necessary to operate the service:

• Email address — used for magic-link authentication and transactional emails (account-delete confirmations, abuse-report acknowledgements). Legal basis: performance of the contract.
• Browser metadata — IP address and User-Agent, both HMAC-hashed before storage (we never store either in plaintext). Used for rate-limiting and abuse-prevention. Legal basis: legitimate interest (service security).
• Share metadata — opaque values such as ciphertext size, expiry timestamp, recipient-email HMAC. We never see the plaintext content of a share. Legal basis: performance of the contract.
• Billing metadata (Pro plan) — Stripe customer ID and subscription state. Stripe holds card-payment data; we do not. Legal basis: performance of the contract.
• Audit events — your own actions and any admin actions taken on your account, viewable at /app/audit. Legal basis: legitimate interest (security audit trail) and legal obligation (where required).
• Strictly-necessary cookies — session cookie and CSRF protection, always set. Optional analytics and marketing cookies (Google Analytics 4 via Google Tag Manager) are loaded only after you accept them in the Cookiebot banner. See §7 for the full cookie inventory and how to change your choice at any time.

3. What we don't collect

• Plaintext share content — content is encrypted in your browser before it reaches us; we cannot read it.
• Recipient identities — we know a recipient opened a share (audit timestamp) but not who they are; the decryption key lives only in the URL fragment, which never reaches our servers.
• Phone number, postal address — never asked.
• Card data — held by Stripe under their PCI-DSS environment, not by us.

4. Sub-processors

• Cloudflare Inc. (Workers, D1, KV, R2) — compute + storage. EU jurisdiction selected. Privacy policy.
• Resend Inc. — transactional email delivery. Privacy policy.
• Stripe Inc. — payment processing for Pro plan subscribers only. Privacy policy.

5. Retention

• Shares — deleted automatically per your plan's expiry window (7 days on Free, 90 days on Pro). You may delete a share earlier via the dashboard.
• Audit events — retained 365 days, then purged by an automated sweep.
• Account data — retained while your account is active; erased within 30 days of account deletion (the slight delay is the R2 lifecycle policy applied to ciphertext objects).
• Stripe data — retained by Stripe under their own retention policy; we do not control it.

6. Your rights under GDPR

• Right of access (Art. 15) — request a JSON export of your data via the dashboard (GET /api/account/export).
• Right to erasure (Art. 17) — delete your account at /account/delete. This cancels any active Stripe subscription, deletes your D1 records, and purges your ciphertext from R2.
• Right to rectification (Art. 16) — contact us at the address in §11.
• Right to restriction, portability, objection (Art. 18, 20, 21) — contact us at the address in §11.
• Right to lodge a complaint — with your national data-protection authority (in France: CNIL).

7. Cookies

Strictly necessary cookies (always loaded): session token, CSRF protection. Without these the service cannot function.

Analytics & marketing cookies (require your consent): Google Analytics 4 (GA4) via Google Tag Manager (GTM). Consent is managed by Cookiebot — the bottom-of-page banner you saw on first visit. You can change your choice at any time via the Cookiebot consent badge that appears at the bottom-left corner of every page once you've responded to the banner. If you need to reach our data protection contact for any cookie-related question, contact us at the address in §11.

If you reject analytics cookies, we still count aggregate conversion events (account created, plan upgraded, account deleted) from our servers — without cookies, without identifying you. These aggregate counts have no link to your individual account, so per-account opt-out is unnecessary (you cannot be identified in our analytics regardless). If you want to verify or query the data we hold about you, exercise your GDPR rights via the data export endpoint or contact the address listed in §11.

8. International data transfers

Cloudflare, Resend, and Stripe may process data in both the European Union and the United States. International transfers to the United States rely on the EU-US Data Privacy Framework (where applicable) and on the Standard Contractual Clauses adopted by the European Commission.

9. Children

linkrypt is not directed at children under 15 years of age. If we become aware that we have collected personal data from a child under this age without parental consent, we will delete the account.

10. Changes to this policy

We may update this Privacy Policy. Material changes (adding a sub-processor, expanding what we collect, changing retention windows) result in a new version identifier and a re-acceptance prompt on your next sign-in. The current version identifier is shown at the bottom of this page.

11. Contact

Privacy questions and GDPR rights requests: privacy@linkrypt.sh. General inquiries: hello@linkrypt.sh. Legal entity: IZZY.Agency.

Last updated 2026-05-23-v2. Operated by IZZY.Agency. See also: Terms · Pricing · Status · Delete account · Report abuse.