Privacy Policy

Last updated: 2026-04-02

1. Introduction

Smart Linker ("Service") is operated by a sole proprietor registered in the European Union ("Operator", "we", "us", "our").

This Privacy Policy explains how we collect, use, and protect personal data when you use https://smartlinker.info.

Contact: info@smartlinker.info

2. Data Controller

For the purposes of the General Data Protection Regulation (GDPR), the Operator acts as the data controller for personal data described in this Policy.

Contact email: info@smartlinker.info

3. Data We Collect

3.1 Account Information

When you create an account:

  • Email address
  • Encrypted password
  • Account timestamps

3.2 Subscription & Billing Information

Payments are processed exclusively by Stripe. We do not store full payment card details.

We may store:

  • Stripe customer ID
  • Stripe subscription ID
  • Subscription status
  • Billing-related timestamps

3.3 Link & Click Data

When a smart link is accessed, we may collect:

  • Timestamp of the click
  • Platform (iOS / Android / Web)
  • Target destination
  • Source (link / QR)
  • IP address
  • Referrer
  • User agent
  • Block reason (if applicable)

Click events are retained for up to 365 days by default.

3.4 Technical Data

  • Basic log data
  • Security event logs
  • Rate limit signals

We do not use behavioral advertising trackers.

4. Legal Basis for Processing

We process personal data under:

  • Contractual necessity (account creation, link routing, billing)
  • Legitimate interest (service security, abuse prevention)
  • Legal obligation (financial record retention where required)

5. How We Use Data

We use personal data to:

  • Provide smart link routing
  • Enforce usage limits
  • Process subscriptions via Stripe
  • Prevent abuse and fraud
  • Maintain service security
  • Improve reliability

We do not sell personal data.

6. Data Sharing

We share data only with:

Stripe - for payment processing and subscription management.

Stripe acts as an independent data controller for payment data.

We do not share personal data for advertising purposes.

7. Data Retention

  • Account data: retained while the account is active.
  • Click events: retained up to 365 days by default.
  • Billing records: retained as required by applicable law.

8. Security

We implement reasonable technical and organizational safeguards, including:

  • HTTPS encryption
  • Secure cookies
  • Webhook signature verification
  • Access controls
  • Rate limiting

No system is completely secure. We cannot guarantee absolute security.

9. Your GDPR Rights

If you are located in the European Union, you have the right to:

  • Access your data
  • Request correction
  • Request deletion
  • Restrict processing
  • Object to processing
  • Data portability

To exercise these rights, contact: info@smartlinker.info

We may need to verify your identity.

10. International Transfers

If data is transferred outside the European Economic Area, appropriate safeguards are applied (including standard contractual clauses where applicable).

11. Changes

We may update this Privacy Policy. The "Last updated" date will reflect changes.

12. Cookies and Analytics Consent

12.1 Categories

  • Necessary cookies/storage: required for operation of Smart Linker.
  • Analytics cookies/storage: used only when you provide consent.
  • Ads and conversion measurement (Google Ads gtag): when enabled in production, the site may load Google's tag script before you choose analytics cookies, using Google Consent Mode v2 with ad and analytics storage denied by default until you accept analytics (the same choice controls both product analytics and ad-related storage). Before acceptance, measurement uses Google's consent-aware / non-storage modes only.

12.2 Consent Baseline

Analytics is disabled by default and is enabled only after your explicit choice to accept analytics.

Consent preferences are stored in a first-party browser record under the key sl_cookie_consent with version and timestamp metadata.

12.3 Runtime Behavior

  • Product analytics (PostHog) does not initialize before analytics consent is granted.
  • When Google Ads tagging is enabled, Google's gtag loader may run before you accept analytics; Consent Mode defaults keep ad and analytics storage denied until you accept, and we apply an explicit consent update when you accept or withdraw.
  • Analytics queue/persistence is not written before analytics consent is granted.
  • If consent is rejected or withdrawn, analytics runtime is disabled and analytics persistence is cleared.

12.4 How to Change Your Choice

You can reopen Cookie settings from the public footer and choose Reject or Accept at any time.