Privacy Policy
This policy explains what data LinkFern Cloud (linkfern.cloud, "we", "us") collects, why, and your choices. We built the Service to be privacy-respecting: your public page sets no cookies and sends no tracking scripts to your visitors.
What we collect
- Account data: your email address and a securely hashed password. If you enable two-factor authentication, a TOTP secret and hashed recovery codes.
- Page content: whatever you put on your page: name, bio, links, and any images you upload.
- Billing data: handled by our payment processor, Stripe. We store a Stripe customer and subscription identifier; we never see or store your card details.
- Analytics: if you enable click counting, we count clicks and page views on the server, and record the hostname of referring sites. We do not use cookies, store visitor IP addresses, or fingerprint or track visitors across sites. These numbers are visible only to you.
- Operational logs: our servers keep short-lived logs for reliability and abuse prevention; rate-limiting works from memory and isn't kept.
- Security events: unlike operational logs, we keep a record of security-relevant account activity (failed logins, password/email/two-factor changes, sign-outs) for 90 days, so we can investigate abuse or help you if your account is compromised. This never includes page content or passwords themselves.
- Abuse reports: if someone reports a page, we store the report to review it.
Cookies
We use a single, strictly-necessary cookie on the dashboard to keep you signed in. There are no advertising or analytics cookies, and none at all on customer pages.
How we use it
To provide and secure the Service: run your page, process payments, send you essential emails (verification, password reset, "your page is live", payment problems), enforce our terms, and prevent abuse. We do not sell your data or use it for advertising.
Third parties we rely on
- Stripe: payment processing (their privacy terms apply to card data).
- Our email provider: to deliver transactional email.
- Cloudflare Turnstile: optional bot protection on sign-in/sign-up, where enabled.
- Have I Been Pwned: to check new passwords against known breaches using k-anonymity, so your password is never sent (only a short, irreversible hash prefix).
Where your data lives
The Service runs on our servers, with encrypted backups to a second server for disaster recovery. Depending on where those servers are located, your data may be processed outside your country.
Retention
We keep your account and page data until you delete them. Deleting your account removes your pages and their files; some billing records are retained where required by law.
Your rights
You can view and edit your data from your dashboard, change or export your links, and delete your account at any time (which erases your pages). To request access to or deletion of other data we hold, or to exercise rights under laws such as the GDPR or CCPA, email us. We aim to respond within 30 days.
Children
The Service isn't directed to children under 13, and we don't knowingly collect their data.
Changes
We'll post updates here with a new date and, for material changes, notify you by email.
Contact
Privacy questions or requests: hello@linkfern.cloud.