Last updated: —
LinkSilo Oy (in formation), Helsinki, Finland. Contact: [privacy contact email] — [registered address after PRH registration].
LinkSilo is built so that we technically cannot read your page content or your visitors' submissions, and so that visitors to your page are not tracked. This policy describes the small amount of data we do process, why, and your rights.
Account data. Your email address and authentication credentials. Encryption keys for your content are derived in your browser; credentials are protected with modern password hashing (Argon2id). Because those keys remain under your control, some data cannot be recovered by support staff if your access credentials and recovery material are lost. Legal basis: performance of contract.
Your page content. Stored as encrypted data that our servers cannot decrypt. We process it only as ciphertext to store and serve it. Legal basis: performance of contract.
Visitor submissions to your page (contact form, newsletter signups, bookings). Encrypted in the visitor's browser to your public key before they reach us. We only ever hold ciphertext; we cannot read who contacted you or what they wrote. Legal basis: performance of contract (with you, the creator).
Aggregated page analytics. We count page views and clicks in anonymized, aggregated form. We do not build visitor profiles. Specifically: visitor IP addresses are never stored — an IP is used transiently for rate limiting and to compute a visitor hash that is keyed by a salt rotating every 24 hours, making cross-day tracking impossible by design; the visitor's country is read from a network-edge header, not resolved by us from the IP; and statistics with fewer than 5 distinct contributors in a bucket are suppressed (k-anonymity, k >= 5). Legal basis: legitimate interest (providing creators with privacy-preserving statistics that cannot identify visitors).
Billing data. Payments are processed by Stripe; we never see full card numbers. We keep records of invoices and an internal ledger of account balance movements as required to operate paid tiers and the tip jar. [PENDING-L1] The retention period of the internal ledger after account deletion, and its interaction with Finnish bookkeeping law, is under legal review; this section will state the confirmed retention rule.
Country determination for VAT. To apply the correct VAT, we determine a buyer's country from connection geolocation and browser language signals. Where these disagree, we record the geolocation country and flag the mismatch. [PENDING-L1] Whether you are shown a notice of the recorded country or offered an interactive confirm-and-correct step is under legal review; this section will describe the final mechanism.
Transactional email. We send service email only (verification, receipts, security notices). No marketing email without separate consent.
Operational metadata. Basic operational metadata, such as request timestamps and error diagnostics, processed to operate and secure the service.
Information may also be processed to investigate abuse, to protect the security and integrity of the service, and to comply with legal obligations. It is not used for advertising or sold to third parties.
No advertising, no sale of data, no data brokers.
No third-party trackers, pixels, or fingerprinting — on your dashboard or on creator pages.
No per-visitor profiles; no cross-day visitor tracking (impossible by design).
No reading of your content or your visitors' submissions (impossible by design).
Stripe — payment processing.
[Planned] Infomaniak, Switzerland — hosting; Switzerland holds an EU adequacy decision.
[Planned] Postmark — transactional email delivery.
A current list of processors is available on request.
Beyond these processors, information is disclosed only to parties to whom you direct us to send it, and where disclosure is required by law or necessary to protect the rights and safety of users and the service.
LinkSilo uses only strictly necessary cookies and similar storage — no advertising, analytics, or third-party tracking cookies. The full inventory and rationale are described in the Cookie Notice.
Account and content data. For the life of the account; deleted on account deletion (see below).
Aggregated analytics. Aggregates only; contain no personal data by design.
Invoice and bookkeeping records. Retained as required by Finnish law [PENDING-L1: confirmed periods to be inserted].
Deleting your account removes your content, keys, visitor submissions, and analytics associations. [PENDING-L1] Records we are legally required to retain (invoices, bookkeeping) are kept only for the mandated period and only to the mandated extent; the confirmed scope will be stated here.
Under the GDPR you have the rights of access, rectification, erasure, restriction, portability, and objection. Contact [privacy contact email]. You may lodge a complaint with the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), Finland.
Because parts of LinkSilo are designed so that only you hold the keys to your data, your own security practices directly affect the protection of that data. Choosing a strong, unique password and keeping your recovery materials safe are important.
LinkSilo is not directed to children and is not intended for use by individuals below the age required to consent to processing of their personal information in their jurisdiction.
We will announce material changes on the service and update the date below. The date at the top of this page indicates when the policy was last updated.
This policy, and any matters arising from it, is governed by the law of the jurisdiction in which the service operator is established, without prejudice to mandatory protections available to you under the law of your place of residence.
Questions about this policy, or requests to exercise your rights, can be directed to [privacy contact email].
Version: draft for legal review. Date: [date].