Privacy Policy

Last updated: November 19, 2024

LinkyStore respects your privacy. Here, in plain language, is how we handle your data.

1. Who are we?

LinkyStore is a bio-link page service with free and paid plans, available via the mobile app and the website linkystore.app. The data controller is LinkyStore — contact: [email protected].

2. What data do we collect?

Data you provide

  • Firebase identifier (UID) and email address when signing in via Google or Apple.
  • Public profile: name, username, bio, profile picture, and links you choose to add.

Data collected automatically

  • Anonymised statistics: views and clicks on your published pages, with the IP anonymised (last octet zeroed out for GDPR compliance).
  • Device type (mobile, tablet, desktop) and traffic source (Instagram, TikTok, Google, etc.) — aggregated and not tied to any identity.
  • Purchase identifiers supplied by Stripe, Apple App Store, or Google Play when you buy a paid plan.

3. How is your data used?

  • To let you sign in and manage your page (Firebase authentication).
  • To host and serve your public bio page.
  • To provide aggregated statistics in the Analytics tab.
  • To process paid plans, renewals, trials, refunds, and purchase support.
  • To detect and prevent abuse (spam, illegal content).

4. Legal basis for processing

Under the GDPR, we process your data on the following bases:

  • Contract performance: creating and hosting your page.
  • Legitimate interest: anonymised statistics, fraud prevention.
  • Consent: optional marketing communications or non-essential analytics where enabled.

5. Who do we share your data with?

We never sell your data. It is shared only with the following technical sub-processors:

  • Microsoft Azure (hosting, France Central) — pages, statistics, photos.
  • Firebase / Google (authentication, account management).
  • Stripe, Apple App Store, and Google Play (payments, subscriptions, trials, and refund handling).

Each sub-processor meets GDPR-compliant security standards (standard contractual clauses, ISO 27001 / SOC 2 certifications).

6. How long do we keep your data?

  • Active account (profile, bio, links): for as long as you use the service. Deleted within 30 days of account closure.
  • Click / view statistics: rolling 90 days, then automatic deletion.
  • Purchase & subscription records: 10 years from the transaction date (French commercial law, Art. L. 123-22 C.com. — accounting obligation). Personal identifiers are anonymised after account deletion; financial amounts and Stripe, App Store, or Google Play references are retained by the relevant payment processor under their own policy.
  • Technical security logs: 12 months (Art. L. 34-1 CPCE), then automatic deletion.
  • Account deletion: profile, links, and analytics are erased within 30 days. You can trigger deletion directly from the app (Settings → Delete account) or by writing to [email protected].

7. Your rights

As a user, you have the following rights (GDPR, Art. 15–22):

  • Access: obtain a copy of your data.
  • Rectification: correct inaccurate data.
  • Erasure ("right to be forgotten"): delete your account and all your data.
  • Restriction: temporarily suspend processing.
  • Portability: retrieve your data in a structured format.
  • Objection: opt out of processing for marketing purposes.

To exercise these rights, write to [email protected] from your account email address. We respond within 30 days.

If you believe your rights have not been respected, you may lodge a complaint with the relevant supervisory authority (in France: CNIL).

8. Mobile app and store billing

The mobile app does not display third-party advertising. If you buy Pro or Creator from the mobile app, the transaction is processed by Apple App Store or Google Play according to your device platform.

9. Cookies and local storage

On the website, we use only essential cookies (Firebase authentication session). On the mobile app, we use local storage to remember your session and preferences (for example your page template and language).

No third-party advertising cookies are placed on your public bio pages.

10. Security

All communications are encrypted over HTTPS. Passwords are managed by Firebase (never stored in plain text). Azure service access keys are stored in a secure vault.

11. Minors

LinkyStore is not intended for persons under 13. If you are under 16, parental consent is required (depending on local law).

12. Changes

This policy may be updated. In the event of a substantial change, you will be notified by email and/or via the app at least 30 days before it takes effect.

A question? Write to [email protected].