Privacy Policy

Linkhiver is a link-in-bio platform that lets creators, musicians, businesses, and brands publish a single page of links and share it from a linkhiver.com/username URL. To make that work, we collect a limited amount of information about you and your visitors. This policy describes what we collect, why, and the choices you have.

If you are accessing the Service from the European Economic Area, the United Kingdom, or Switzerland, the GDPR applies to your data and the legal bases for processing are described in Section 11. If you are a California resident, your rights under the CCPA/CPRA are described in Section 12.

We collect information in three categories:

Information you provide directly. When you create a Linkhiver account, we collect your name, email address, and a hashed password (we never store passwords in plain text). If you build a profile, we store the bio, profile photo, links, and any other content you choose to publish.

Information we collect automatically. When you use the Service, we record device and browser information (user agent, screen size, language), approximate location derived from IP address (country and city, not street), the pages you visit on linkhiver.com, and basic engagement metrics on your published profile (link clicks, view counts, referrer domain). Public profiles also record aggregated visitor analytics, which the profile owner can see.

Information from third parties. If you sign in with Google or Apple, we receive your name and email address from that provider. We do not receive your password or social-graph data.

We use the information we collect to:

• Provide the Service — host your profile, serve it to your visitors, and make sure your links actually work.
• Send transactional emails (password resets, security alerts, important service notices) — you cannot opt out of these because they are part of the Service.
• Send product updates and tips — you can opt out of these at any time from the email footer or your account settings.
• Detect and prevent abuse, fraud, spam, and illegal content on the platform.
• Generate aggregated, non-identifying statistics that help us understand which features matter and which to retire.

We do not sell your personal information. We do not sell your visitors' data. We do not train AI models on the content you publish.

Linkhiver uses a small number of first-party cookies to keep you signed in, remember your dark-mode preference, and measure aggregate traffic. We do not use third-party advertising cookies or cross-site trackers on linkhiver.com or any published profile. You can refuse cookies in your browser; the Service will still function, but you will need to sign in again each visit.

For analytics on the Linkhiver marketing site, we use a privacy-respecting analytics provider that does not store cookies and does not collect IP addresses in identifiable form. For your published profile's visitor analytics, click and view counts are stored against an opaque session ID, not a personal identifier.

We share personal information only in the following situations:

• Sub-processors. We rely on a small number of vetted infrastructure providers to operate the Service. Each is contractually bound to protect your data and process it only on our instructions:
  • Supabase, Inc. — managed Postgres database, authentication, and file storage. Hosts profile content, account records, and analytics events.
  • Vercel Inc. — application hosting and edge delivery for linkhiver.com and app.linkhiver.com.
• Legal requirements. If a court order, subpoena, or law enforcement request compels disclosure, we will comply while pushing back against overbroad requests. We will notify you unless legally prohibited.
• Business transfers. If Linkhiver is acquired or merged, your data may transfer to the successor entity — but the new entity will be bound by this policy or one no less protective.
• With your consent. Anything outside the above happens only with your explicit permission.

We keep account information for as long as your account is active. If you delete your account, we permanently remove your profile content, links, and analytics within 30 days, and from our backups within 90 days. Anonymous, aggregated statistics may be retained indefinitely because they are no longer personal data.

We use industry-standard safeguards: TLS 1.2+ for all traffic in transit, AES-256 encryption at rest for the database, hashed passwords (Argon2id), least-privilege access controls, mandatory two-factor authentication for staff with production access, and quarterly access reviews. No system is perfectly secure, and we will notify affected users within 72 hours of confirming any breach that risks your rights.

Linkhiver is based in the United States and processes data on servers located in the US and the EU. If you are in the EEA, the UK, or Switzerland, your data is transferred to the US under Standard Contractual Clauses approved by the European Commission. You can request a copy of the SCCs by emailing privacy@linkhiver.com.

Linkhiver is not directed at children under 13, and we do not knowingly collect personal information from them. If you believe a child has created an account, please email privacy@linkhiver.com and we will delete it.

You have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your account and the data associated with it.
• Export your profile content and link analytics as a portable file.
• Object to specific uses or restrict processing.
• Withdraw consent at any time, where consent is the legal basis.
• Lodge a complaint with a supervisory authority — in the EU, that is your national data protection authority.

To exercise any of these rights, email privacy@linkhiver.com. We respond within 30 days, often the same week.

For users in the EEA, the UK, or Switzerland, we process personal data under one of the following legal bases: contract (we need it to provide the Service you signed up for), legitimate interests (security, abuse prevention, product analytics — balanced against your rights), legal obligation (tax records, lawful requests), or consent (marketing emails, optional cookies).

Linkhiver does not sell personal information as the CCPA defines sale. California residents have the right to know what categories of personal information we collect, request access to or deletion of that information, and not be discriminated against for exercising those rights. To exercise these rights, email privacy@linkhiver.com.

We may update this policy when we change products, providers, or the law changes. If a change is material — for example, a new category of data, a new processor, or a change in retention — we will notify you by email at least 14 days before it takes effect. The "Last updated" date at the top of this page always reflects the most recent revision.

Questions, complaints, or data requests: email privacy@linkhiver.com. Our Data Protection Officer responds to GDPR requests within 30 days. For everything else, we usually reply the same business day.