Last updated: [DATE] · Operated by [LEGAL ENTITY NAME], [ADDRESS]
When you create an account, we collect your name, public display name, chosen handle (your URL), and email address. Your password is stored only as a secure one-way hash — we never see or store it in plain text.
To prevent the same person from repeatedly claiming a new 14-day free trial, we store a one-way cryptographic hash of the email address used for a trial. This hash cannot be reversed back into your email address — we keep it solely to check whether an email has already been used for a trial. We do not retain the email address itself in this record.
We store the content you publish — your trees, pages, links, text, images, and other files you upload. Uploaded media is stored with our storage provider (Wasabi). Anything you publish to a public page is, by its nature, publicly visible.
When paid plans are available, payments are processed by our payment provider (Stripe). We do not store your full card number or security code; that information is handled directly by Stripe under their security standards. We retain limited billing records (such as plan, status, and transaction identifiers).
Like most websites, our servers automatically receive standard technical data such as IP address, browser type, and timestamps when you use the service.
LinkMagik includes a built-in analytics feature that records activity on published pages — such as page views and clicks on links — so that page owners can understand how their pages perform. Depending on plan, this may include aggregated information about traffic sources, approximate geographic region, and device type.
Important: this means that when a visitor interacts with a page published on LinkMagik, we process limited data about that interaction on behalf of the page owner. We use this data to produce analytics for the page owner and to operate and improve the service. [REVIEW: this visitor-tracking on public pages has specific GDPR/ePrivacy/CCPA implications — consent basis, the page owner's role as a data controller, and any required visitor notice all need legal review.]
We do not sell your personal information. We share information only with service providers who help us operate (such as our hosting, storage, and payment providers), and only as needed to run the service; or where required by law. Your published content is shared publicly because that is the purpose of a public page.
We use essential cookies required for the service to function (for example, to keep you logged in). We also use our own first-party analytics as described above. [REVIEW: a cookie/consent banner may be required for EU/UK visitors depending on how analytics cookies are classified.]
We keep your account information for as long as your account is active. If your account is closed, we retain data only as long as needed for legitimate business and legal purposes, after which it is deleted. The one-way trial-email hash is retained to enforce the one-trial-per-email policy. [REVIEW: specify exact retention periods.]
Depending on where you live, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing (for example, under the GDPR, UK GDPR, or CCPA). To exercise these rights, contact us using the details below. [REVIEW: this section must be expanded to meet the specific requirements of each applicable jurisdiction, including the legal bases for processing and any required disclosures.]
We take reasonable measures to protect your information, including hashing passwords and using reputable infrastructure providers. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Questions about this policy or your data can be sent to [PRIVACY CONTACT EMAIL], or by mail to [LEGAL ENTITY NAME], [ADDRESS].
This Privacy Policy works together with our Terms of Service.