Legal

Privacy Policy

We collect the minimum needed to run Linkly. Here's exactly what and why.

Last updated: April 24, 2026

1. Who we are

Linkly ("Linkly", "we", "us") is the legal seller and operator of the Linkly QR code generator and mini-page hosting service. This policy explains what personal data we collect and how we use it. Linkly is the data controller of your personal data under the GDPR and similar laws. Contact: privacy@linklyqr.app.

2. What we collect

2.1 If you only use the QR generator (no account)

We do not collect or store any personal data. QR codes are generated entirely in your browser and never sent to our servers.

2.2 If you create an account

  • Account info: email address, display name and Google ID (via Google Sign-In).
  • Mini-page content: the text, links and images you upload to your bio pages or menus.
  • Usage data: basic logs (IP address, browser, timestamps) for security and debugging — typically retained for 30 days.

2.3 If you subscribe to Pro

Payments are processed by Paddle.com Inc., our merchant of record. Paddle collects your billing details (name, address, payment card or method, country for tax purposes). We receive only a masked record (last 4 digits, country, transaction ID) — we never see or store full payment card data.

3. How we use your data

  • To provide the Service (host your pages, authenticate you, process payments).
  • To send essential service emails (receipts, security alerts, policy changes).
  • To debug, secure and improve the Service.
  • To comply with legal obligations (tax, accounting).

We do not sell your data, and we do not use it for advertising or profile-building.

4. Public content

Mini-pages you publish are intentionally public — anyone with the URL or QR code can view them. Images you upload to use on those pages are stored in a public bucket so they can be displayed to visitors. Do not upload anything you wouldn't want publicly visible.

5. Sub-processors we use

  • Lovable Cloud (Supabase) — hosting, database, file storage, authentication.
  • Google — sign-in (OAuth) when you choose Google login.
  • Paddle — payment processing, billing, tax compliance (merchant of record).
  • Cloudflare — content delivery and DDoS protection.

6. Cookies

We use only essential cookies/local storage to keep you signed in and remember your preferences (e.g. dark mode). We do not use advertising or tracking cookies.

7. Data retention

  • Account & page data: kept until you delete your account.
  • Billing records: kept for the period required by tax law (typically 7–10 years), held by Paddle on our behalf.
  • Server logs: ~30 days.

8. Your rights (GDPR / CCPA)

You have the right to:

  • access a copy of your personal data;
  • correct inaccurate data;
  • delete your account and associated data;
  • export your data in a portable format;
  • object to or restrict processing;
  • lodge a complaint with your local data protection authority.

To exercise any right, email privacy@linklyqr.app. We respond within 30 days.

9. International transfers

Our infrastructure may store data in the EU or US. When data is transferred outside your country, we rely on standard contractual clauses or other lawful safeguards.

10. Security

We use industry-standard encryption (HTTPS, encrypted storage), Row-Level Security on our database, and least-privilege access controls. No system is perfectly secure — please use a strong, unique password.

11. Children

Linkly is not directed at children under 13 (or the minimum age in your country). We do not knowingly collect data from minors. If you believe a child has registered, contact us and we will delete the account.

12. Changes to this policy

We will notify you of material changes by email or in-app at least 14 days in advance. Continued use after the effective date constitutes acceptance.

13. Contact

Privacy questions: privacy@linklyqr.app
General contact: hello@linklyqr.app