Privacy Policy
At Linkwy, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this policy carefully. By using our service, you consent to the practices described in this Privacy Policy.
1. Information We Collect
We may collect personal information that you voluntarily provide when using our service, including:
Contact information (such as name and email address)
Account credentials
Payment information
User Content (such as the links, notes, tags, and other documents you save and organize within the platform). This includes metadata fetched from saved links (e.g., page titles, headers, descriptions, or thumbnail images) which we process to enrich your bookmarks. We do not collect or process data from the content of linked pages beyond metadata, and we anonymize where possible to minimize personal data risks. Note: We rely on the 'disproportionate effort' exclusion regarding potential incidental collection of special category data from public metadata.
Any other information you choose to provide
When you access our service, we may automatically collect certain information, including:
Device information (such as IP address, browser type, and operating system)
Usage data (such as pages visited, time spent on pages, and click patterns)
Cookies and similar tracking technologies
For operation and maintenance purposes, Linkwy and its third-party infrastructure providers may collect files that record interaction with Linkwy (system logs). These logs may contain Personal Data (such as IP Address) to help us diagnose errors and secure the platform. These logs are rotated and deleted regularly.
2. Browser Extension Privacy and Permissions
The Linkwy browser extensions (for Chrome and Firefox) are designed solely to save your current page to your Linkwy account. They do not monitor your browsing activity, read page content, capture keystrokes, or scan your browsing history. We only access the active tab's URL when you explicitly click “Save this page”, and this URL is securely transmitted to our servers over HTTPS to be added to your account.
We request the minimum permissions necessary for the extensions to function:
activeTab: Accesses the current tab’s URL only when you trigger the save action.
storage: Securely stores your session token locally to keep you logged in.
notifications: Displays a confirmation upon successful login.
Host Permissions (https://linkwy.com/*): Communicates with Linkwy servers for authentication and saving data.
All communication uses industry-standard TLS encryption. The extensions do not execute remotely hosted code. Authentication is handled via the Linkwy web app, where a content script is injected solely on the authentication callback page to complete the sign-in; no scripts are injected into any other websites. Your session token is stored in the browser's local storage (e.g., `chrome.storage.local` or `browser.storage.local`) and respects your browser's Incognito/Private mode settings.
We strictly adhere to the Chrome Web Store User Data Policy and Mozilla Add-on Policies, including Limited Use restrictions. We do not sell personal information, share data for cross-context behavioral advertising, or use extension data for targeted advertising. Data collected by the extensions is used exclusively to provide the saving functionality and is not transferred to third parties except as required for service provision (e.g., hosting), legal compliance, or fraud prevention. We align with modern privacy-focused standards (such as Chrome's 2025 changes and Firefox's data minimization principles) and comply with transparency requirements under the EU AI Act where automated processing is involved.
3. How We Use Your Information
We may use the information we collect for various purposes, including to:
Provide, maintain, and improve our service
Process transactions and send related information
Respond to your comments, questions, and requests
Send you technical notices, updates, security alerts, and administrative messages
Monitor and analyze trends, usage, and activities in connection with our service
Detect, prevent, and address technical issues
Protect against and prevent fraud, unauthorized transactions, claims, and other liabilities
We treat the data you store within your account as confidential. We do not access, view, or analyze the specific content of the data you create, upload, or store (such as links, notes, files, tags, or other materials), except where required by law or to provide specific support assistance requested by you
For GDPR compliance, we conduct legitimate interest assessments to ensure our processing does not override your fundamental rights and freedoms
4. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
Contractual Necessity: To provide the service, manage your account, and process payments.
Legitimate Interest: To improve our platform, conduct product development, ensure security, and prevent fraud, based on our legitimate interest in innovating and enhancing our services, subject to a balancing test against your rights and freedoms.
Consent: For optional features like newsletters or non-essential cookies.
Legal Obligation: To comply with tax, accounting, and other legal requirements.
5. Information Sharing and Disclosure
We may share your information in the following circumstances:
With service providers, consultants, and other third parties who require access to perform work on our behalf
In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process
If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property, and safety of ourselves or others
In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company
With your consent or at your direction
If you use the Service's sharing features (e.g., creating a public link for a collection of bookmarks), the information contained within that shared collection will be accessible to anyone who has the link. Please be aware that:
We cannot control how recipients use the information you share with them.
Shared links may be forwarded to others without your knowledge.
If you make a collection public, it may be indexed by search engines.
6. US State Privacy Disclosures (Sale/Sharing and Targeted Advertising)
We do not “sell” personal information, we do not “share” personal information for cross‑context behavioral advertising as defined under California law, and we do not process personal information for targeted advertising under other U.S. state privacy laws.
Our use of Google Analytics is restricted to measurement and product analytics. We have disabled Google Signals, advertising features (including remarketing and demographics), and any linking with Google Ads. We do not use analytics data to build profiles for advertising or to target ads across different websites or apps.
We disclose personal information only to service providers (for example, hosting, error monitoring, email delivery, payments via Stripe) under contracts that prohibit them from using personal information for their own purposes.
We honor Global Privacy Control (GPC) and other recognized universal opt‑out mechanisms where required by applicable law. We treat these signals as valid requests to opt out of “sale”/“sharing” and targeted advertising. Because we do not sell/share or engage in targeted advertising, we also apply such signals to disable non‑essential cookies (including analytics) for that browser.
We do not sell or share the personal information of consumers under 16 years of age.
7. Data Controller
The data controller responsible for your personal information is Wojciech Rzepka Software, Tax ID (NIP): 9721364903.
8. Data Security
We implement appropriate technical and organizational measures to protect the security of your personal information. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
The Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated. Access to data is restricted to authorized personnel who need it to operate the service.
9. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Account information is retained while your account is active
After account deletion, we may retain certain information as required by law or for legitimate business purposes
We take measures to delete your personal information or anonymize it when it is no longer necessary
You may request deletion of your data at any time by contacting us
10. Your Rights and Choices
Upon request, we will provide you with information about whether we hold any of your personal information. Depending on your location, you may have certain rights regarding your personal information, including:
Accessing, correcting, or updating your personal information through your account settings
Deleting your personal information by contacting our support team
Objecting to our processing of your personal information
Requesting restriction of processing your personal information
Right to Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format.
Opting out of marketing communications via the unsubscribe link in emails or your account settings
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law. In Poland, the relevant authority is the President of the Personal Data Protection Office (UODO).
To exercise these rights, please contact us using the information provided at the end of this policy.
11. Cookies and Third-Party Services
We use cookies and similar tracking technologies to track activity on our service and hold certain information. We categorize these cookies into two types:
Strictly Necessary Cookies: These are required for the operation of our service (e.g., to facilitate authentication, security, and session management). You cannot opt out of these cookies as they are essential for the application to function.
Non-Essential Cookies & Analytics: These are used for analytics and performance monitoring. Our service uses third-party services, such as Google Analytics, to collect information about your use of our service. These third parties may use cookies to help us analyze usage patterns and improve our platform. We do not control these third parties' tracking technologies.
You can manage your preferences for Non-Essential cookies through the Cookie Consent panel on our website. Refusing Non-Essential cookies will not prevent you from using the core features of our service, though it may limit our ability to analyze how the service is used.
For more information on how Google collects and uses your data, you can review Google's Privacy Policy.
12. Payment Information
Payments are processed by Stripe. Your payment details are submitted directly to Stripe and are not stored on Linkwy's servers. We do not collect or store sensitive payment instrument data (such as full card numbers or CVC codes). We receive from Stripe only limited billing information (for example, name, email, billing address) and payment method metadata (for example, card brand, last four digits, and expiration month/year) for invoicing, fraud prevention, and customer support. Stripe is a PCI DSS Level 1 certified service provider. For more information, please review Stripe's Privacy Policy.
13. Children's Privacy
Our service is not directed to individuals under the age of 18 years. We do not knowingly collect personal information from individuals under this age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.
14. International Data Transfers
Your information, including personal data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. Specifically, our servers are hosted by DigitalOcean, LLC in the United States.
When we transfer your personal data from the European Economic Area (EEA) to the United States, we ensure appropriate safeguards are in place. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and Data Processing Agreements to ensure your data remains protected in accordance with GDPR standards. By submitting your personal information, you agree to this transfer, storing, or processing.
15. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
If we make material changes to how we use or share personal information previously collected from you, we will notify you through our service, by email, or other prominent communication methods. You are advised to review this Privacy Policy periodically for any changes.
16. Contact Information
If you have any questions about this Privacy Policy, please contact us at [email protected].
Last Updated: 2 December 2025