This Privacy Policy describes how Linkryse ("Linkryse," "we," "us," and/or "our") collects, uses, stores, and discloses information when you use our link management platform, accessible at linkryse.com and related subdomains, including the dashboard at app.linkryse.com and short link domains such as lryse.xyz (collectively, the "Service").
This policy applies to all users of the Service, including registered account holders and individuals who interact with Linkryse-powered short links.
By accessing or using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the Service.
This Privacy Policy is incorporated into and subject to our Terms of Service.
Information We Collect
We collect different types of information depending on how you interact with the Service.
Account Data
When you create a Linkryse account, we collect the following information:
- Email address — used for authentication, notifications, and account recovery
- Username — your unique identifier on the platform
- Display name — visible in your workspace and to team members
- Password — stored as a one-way cryptographic hash; we never store your plaintext password
- Profile photo — if you choose to upload one
- Country — if provided in your profile
If you authenticate via Google OAuth, we receive your Google account ID, email address, and profile name. We do not receive or store your Google password.
If you enable two-factor authentication (2FA), your TOTP secret is stored in encrypted form using AES encryption. Recovery codes are stored as cryptographic hashes.
Click Analytics Data
When any person clicks a Linkryse short link — regardless of whether they hold a Linkryse account — our redirect infrastructure collects the following data to provide analytics to the link owner:
- IP address — used to determine geographic location
- Country, city, and region — derived from the IP address at the network edge
- Browser name — parsed from the user agent string
- Operating system — e.g., Windows, macOS, iOS, Android
- Device type — desktop, mobile, or tablet
- Referrer URL — the page the visitor navigated from
- Browser language — the preferred language set in the visitor's browser
- Visitor identifier — a random UUID stored as a first-party cookie (see "Cookies" section)
- Bot detection flag — whether the click appears to originate from automated software
- A/B test variant — if the link participates in a split test, which variant was served
This data is accessible only to the workspace owner and authorized team members. It is not sold, shared publicly, or used for advertising purposes.
Security and Login Data
To protect user accounts, we collect the following data upon each login attempt:
- IP address — stored as a cryptographic hash (not in plaintext)
- User agent string — browser and device identifier
- Geographic location — city, region, and country, derived from the IP address
- Login status — whether the attempt succeeded or failed
- Timestamp — date and time of the attempt
This data is used to populate the security events log in your account settings.
Cookies and Tracking Technologies
We use a minimal set of first-party technologies to operate the Service. We do not use any third-party cookies, tracking pixels, or advertising scripts.
Cookies We Set
| Cookie | Domain | Purpose | Lifetime | Contents |
|---|---|---|---|---|
lr_uvid | Short link domains (e.g., lryse.xyz, your custom domains) | Unique visitor identification for analytics | 1 year | A randomly generated UUID containing no personal information |
The lr_uvid cookie is set when a user clicks a Linkryse short link for the first time. Its sole purpose is to distinguish unique visitors from repeat visits in analytics reporting. The cookie contains only a randomly generated identifier — no name, email, or other personal data.
Browser Storage (Dashboard Only)
On the dashboard at app.linkryse.com, we use browser localStorage for:
- Authentication tokens — JWT access and refresh tokens for session management
- Client-side cache — cached API responses for improved page load performance
This data is stored locally in the user's browser and is cleared upon logout.
How We Use Your Data
We use the information we collect for the following purposes:
- Service delivery — creating short links, rendering analytics, processing QR codes, and managing workspaces
- Analytics — providing link owners with aggregated performance data
- Authentication — verifying identity, managing sessions, and processing password resets
- Security — detecting suspicious login attempts, enforcing rate limits, and maintaining audit logs
- Payment processing — handling subscription billing through third-party payment processors
- Transactional communications — sending verification codes, password reset links, and security notifications
- Plan enforcement — tracking usage against subscription plan limits
- Service improvement — analyzing aggregated, anonymized usage patterns
- Legal compliance — responding to lawful requests from authorities
- Service notices — communicating plan changes, policy updates, and material service modifications
We do not use your data for advertising, behavioral profiling, or sale to third parties.
Data Retention
Click Analytics Data
Analytics data is retained based on the workspace's subscription plan:
| Plan | Retention Period |
|---|---|
| Starter (Free) | 30 days |
| Hobby | 90 days |
| Pro | 365 days |
| Business | 730 days (2 years) |
After the applicable retention period, click analytics data is automatically purged.
Account Data
Account information (email, username, profile, workspace settings) is retained for the duration of the account's existence. Upon account deletion, personal data is removed from our systems.
Security Log Data
Login attempt records are retained for security monitoring purposes. IP addresses in security logs are stored as cryptographic hashes.
Cookies
The lr_uvid cookie expires automatically after 1 year. Users may delete it at any time through their browser settings.
Data Sharing and Disclosure
We do not sell, rent, or trade personal information to third parties.
We disclose data only in the following circumstances:
Service Providers (Subprocessors)
We engage a limited number of third-party service providers to operate the Service. These providers process data solely on our behalf and are bound by contractual obligations to protect it. The complete list is provided in the "Third-Party Services" section below.
Legal Requirements
We may disclose information if required by applicable law, regulation, or valid legal process, including court orders or subpoenas.
Protection of Rights
We may disclose information where we reasonably believe it is necessary to protect the rights, property, or safety of Linkryse, our users, or the public.
Business Transfers
In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will provide notice before personal data becomes subject to a different privacy policy.
Third-Party Services
The following third-party services are used to operate Linkryse. Each provider receives only the data necessary to perform its designated function:
| Service | Purpose | Data Processed |
|---|---|---|
| Cloudflare | Infrastructure — hosting, database, storage, edge computing, CDN | All platform data is processed on Cloudflare's network |
| Brevo (formerly Sendinblue) | Transactional email delivery | Email address |
| Stripe | Payment processing (USD) | Payment method details, billing email, billing address |
| Razorpay | Payment processing (INR) | Payment method details, billing email, UPI ID |
| Paddle | Payment processing (Global) | Payment method details, billing email, country |
| OAuth authentication (optional) | Google account ID, email, profile name |
Data Security
We implement the following technical measures to protect user data:
- Passwords are stored as one-way cryptographic hashes
- Two-factor authentication secrets are encrypted with AES encryption at rest
- Login IP addresses are stored as cryptographic hashes in security logs
- All data in transit is encrypted via HTTPS/TLS
- Password-protected links use SHA-256 hashing
- Infrastructure operates on Cloudflare's network, which maintains ISO 27001, SOC 2 Type II, and PCI DSS certifications
No method of transmission or electronic storage is completely secure. While we implement commercially reasonable safeguards, we cannot guarantee absolute security of your data.
Your Rights Under GDPR
If you are located in the European Union (EU) or European Economic Area (EEA), the General Data Protection Regulation (GDPR) grants you the following rights:
- Right of access — obtain a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data
- Right to restriction — request limitation of processing
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing in certain circumstances
- Right to withdraw consent — withdraw consent at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at privacy@linkryse.com. We will respond within 30 days.
Controller and Processor Roles
For conversion tracking features where users install our tracking script on their websites:
- The user is the data controller — responsible for determining the purposes and means of processing visitor data and for obtaining appropriate consent
- Linkryse acts as a data processor — processing data on the user's behalf in accordance with their instructions
You may file a complaint with your local Data Protection Authority if you believe your data rights are not being respected.
Your Rights Under CCPA
If you are a California resident, the California Consumer Privacy Act (CCPA) provides the following rights:
- Right to know — request disclosure of what personal information we collect, use, and share
- Right to delete — request deletion of your personal information
- Right to opt-out of sale — we do not sell personal information to third parties
- Right to non-discrimination — exercise of privacy rights will not result in discriminatory treatment
To exercise these rights, contact us at privacy@linkryse.com.
We honor Do Not Track browser signals.
International Data Transfers
The Service operates on Cloudflare's global edge network. Your data may be processed in data centers located in various countries.
If you are located outside the jurisdictions where our infrastructure operates, your information may be transferred to and processed in countries where data protection laws may differ from those in your country of residence.
By using the Service, you consent to such transfers. We maintain appropriate safeguards to protect your data regardless of where it is processed.
Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.
If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information. If you believe a child has provided us with personal data, please contact us at privacy@linkryse.com.
Links to Other Sites
The Service facilitates redirection to third-party websites via short links. We have no control over and assume no responsibility for the content, privacy policies, or practices of third-party sites. We recommend reviewing the privacy policy of each website you visit.
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements.
When changes are made, we will update the "Last updated" date at the top of this page. For material changes that significantly affect how we handle personal data, we will provide notice via email or through the Service prior to the changes taking effect.
Continued use of the Service after changes are posted constitutes acceptance of the updated policy.
Contact Us
For questions, concerns, or requests regarding this Privacy Policy or our data practices:
- Privacy inquiries: privacy@linkryse.com
- General support: support@linkryse.com
- Website: linkryse.com