Comprehensive Privacy Policy

Last Updated: March 2, 2026

1. Introduction and Legal Basis

At Linkfie, we prioritize the privacy and security of your data. This Privacy Policy is prepared in accordance with international data protection standards, primarily the General Data Protection Regulation (GDPR), the Turkish Personal Data Protection Law (KVKK), and the California Consumer Privacy Act (CCPA).

We process your data only based on the following legitimate legal grounds:

  • Explicit Consent: Your consent is requested for marketing communications and non-essential cookie usage.
  • Performance of a Contract: Processing essential data is necessary to provide our services, create your account, and enable platform features (pursuant to our Terms of Use).
  • Legitimate Interest: To ensure platform security, prevent fraud, and improve our service quality (via analytics).
  • Legal Obligation: To comply with requests from authorized public authorities or applicable laws.

2. Data Collected and Processing Details

To provide our service, we collect the following data:

a) Account and Profile Data

When you register, your email address and password are collected. The links, social media handles, and profile pictures you add to your bio page are provided directly by you. This data is processed solely under the "Performance of a Contract".

b) Analytics and Visitor Data (IP and Device)

Linkfie provides you with statistics regarding the visitors on your profile (e.g., Which social network they came from, Click-Through Rates [CTR]). During this process, visitors' IP addresses and sensitive device data are automatically masked (anonymized). Raw IP addresses are not permanently logged in our database; they are only processed momentarily for session-based traffic source detection and bot prevention. Aggregated data (e.g., "10 people came from Instagram today") is displayed on your dashboard.

3. Data Retention

  • Active Accounts: Your account creation details and profile are kept in the system as long as you continue to use Linkfie or do not freeze your account.
  • Account Deletion: When you request account deletion via the dashboard or email, your personal email and identity data will be permanently and irreversibly deleted from our database within a maximum of 30 days. Copies in backup systems are destroyed after a maximum of 60 days due to the overwrite cycle.
  • Statistical Data: Even if your account is deleted, generalized traffic database statistics that are anonymized (de-identified) so as not to be directly associated with you may be retained for system performance measurement.

4. Cookies and e-Privacy Compliance

Linkfie categorizes its cookie usage in compliance with e-Privacy regulations:

  • Essential Cookies: Encrypted "session" tokens that keep you logged in when you sign in via Google or Email. They cannot be disabled for the core operation of the service.
  • Performance and Analytics Cookies: Temporary local cookies (assigned a temporary ID) may be created in the browser to understand how many different people visit your profile. No direct sales are made to large third-party tracking companies.

You can delete or restrict the use of cookies from your browser's "Settings" menu. An advanced Cookie Consent management panel will be added in upcoming updates.

5. Third-Party Processors and Data Transfer

Instead of setting up our own servers, we host your data on industry-standard, highly secure (ISO 27001 SOC2 certified), and GDPR-compliant 3rd party infrastructures:

  • Supabase: Our user database and authentication system. Only your registration details (Email, password hash) are kept encrypted (AES-256) on Supabase servers. Click here for Supabase's privacy policy.
  • Lemon Squeezy (Payment Processor): Paid (Pro) subscription payments are securely processed directly via the Lemon Squeezy infrastructure. We do not see or save your credit card or payment details in our database. Lemon Squeezy acts as both the payment processor and the Merchant of Record. Click here for Lemon Squeezy's privacy policy, and here for its terms of use.
  • Google OAuth: When you conveniently log in via Google, we only have read-only access to your email and name. We do not transfer this data to other platforms.

6. Data Breach Policy

Despite our current security layers (HTTPS, Row-Level-Security, Password Hashing), GDPR and KVKK protocols are applied in the event of a possible data leak or unauthorized access ("Data Breach"):

  • When a breach is detected, the situation is subjected to a risk analysis.
  • If a personal data leak such as email is detected, legal notification is made to both affected users and local data protection authorities (e.g., KVKK Board) within a maximum of 72 hours.
  • Sessions of accounts deemed at risk during a leak are forcibly terminated to prevent unauthorized transactions.

7. Your User Rights (KVKK, GDPR, CCPA)

Regardless of whatever geography you are in, we grant our users the following rights:

  • Right to Information and Access: Querying what data we hold about you.
  • Right to be Forgotten / Deletion: Requesting the permanent destruction of your account and all data belonging to you.
  • Right to Rectification: Updating incorrectly processed information.
  • Data Portability: (Under GDPR) Requesting your profile data in a computer-readable format.
  • Opt-out of Sale: (CCPA) We never sell your profile data to data-broker companies.

To exercise these rights, you can email hello@linkfie.com or use the "Delete Account" section in your Dashboard. Your requests are processed within the legal timeframe of 30 days (mostly within the first 48 hours).

Back to Dashboard