LinkSilo is a privacy-respecting link in bio. Your page, your links, your tip jar — encrypted on your device before transmission, stored as ciphertext we cannot read, served from the European Union under role-restricted access. This page describes what LinkSilo is, why it exists, who builds it, and the state it is in.
Last reviewed 2026-05-17
LinkSilo is a single-page link aggregator — the category Linktree popularized. A creator points their social bio at a LinkSilo page; that page holds their writing, their shop, their tip jar, their newsletter signup, and whatever else they want one click away from a visitor. The functional surface is unsurprising and deliberately so; the difference lives below it.
Most products in this category quietly load tracking pixels on every visit. The visitor's click on a creator's bio becomes a tracking event consumed by ad networks, data brokers, and third-party analytics. LinkSilo offers the same functional product without that mechanism. Page content is encrypted in the user's browser before transmission. Visitor pages render without third-party scripts. Analytics is k-anonymized at the ingress edge and never includes a visitor identifier.
The decision to build LinkSilo came out of a longer thesis about consumer internet services. The dominant products in many everyday categories — email aliasing, link aggregators, password storage, messaging — quietly extract data as part of their normal operation. Each individual extraction is small; the cumulative effect across categories is significant. The user generally cannot tell, and even when they can tell, they often cannot meaningfully opt out without giving up the category entirely.
LinkSilo is the first response. It exists to make a privacy-respecting default available in a category most creators will interact with publicly — their bio link. The design constraints follow from that: encrypted on the device, stored as ciphertext, served from a jurisdiction with strong data protection law, role-separated at the database, open source. The same constraints will apply to subsequent products in the same family as they ship.
Your password unlocks your page in your browser, not on our server. Your links, labels, and themes are encrypted before they leave your phone. We store them and we genuinely cannot read them.
LinkSilo runs from Geneva, Switzerland. Stripe payment processing is the only United States touchpoint, and what reaches Stripe is documented per-flow on the transparency page.
Every line of LinkSilo's server and client code is public. The cryptographic choices are documented on the security page; the privacy-relevant code paths are publicly readable and auditable.
LinkSilo is funded by subscription tiers, not by visitor data. The free tier is free because the paid tiers are paid; no tier sells visitor information to a third party.
LinkSilo is built by a small, Finland-based team with a privacy-tech background. The team's day-to-day work spans the cryptographic primitives, the Rust and Go services that host them, the SvelteKit frontend you are reading this page on, and the operational discipline of running a hardened EU SaaS. The team is small by design — small enough that the privacy claims on the security and transparency pages reflect choices a specific group of people made and can defend, rather than aspirations inherited from a marketing department.
The legal entity behind LinkSilo is incorporated in Helsinki, registered in the standard Finnish company-registry, and named in the legal footer at the bottom of every page. The company exists to operate LinkSilo and to develop the subsequent products in the same privacy-respecting family. There is no third-party shareholder structure pulling the product toward visitor-data monetization.
LinkSilo has not yet opened to public traffic. The functional product is built and the privacy-relevant code paths are in place; the period leading up to public launch covers the security and operational review described on the security page, the staging soak, and the cryptographic consultant review. This page, and the rest of the marketing surface, exists during pre-launch as the structural framework that public-launch traffic will arrive into.
Once public traffic begins, the changelog will track shipping changes against the v1 baseline, the transparency report will publish its first operational period twelve months after launch, and the status page will track operational state. The pre-launch state of each of those surfaces is marked accordingly today; nothing on those pages is back-dated to look like post-launch state.