Privacy Policy

Last updated: May 2, 2026

๐Ÿ”’ Hey there! Privacy is at the heart of everything we do at Lynko. This policy explains how we handle your data (spoiler: we collect as little as possible and never track you personally). Let's keep it simple and transparent!

1. What is This About?

This Privacy Policy explains how Lynko collects, uses, and protects your information when you use our URL shortening service. We believe in privacy by design โ€“ meaning we built Lynko to be private from the ground up.

๐ŸŽฏ TL;DR: We don't track you personally, we don't sell your data, and we collect only what's absolutely necessary to make the service work. That's it!

2. Who's Responsible?

Lynko is the data controller responsible for processing any data collected through this service. Lynko is operated from Italy ๐Ÿ‡ฎ๐Ÿ‡น and follows EU privacy standards (GDPR).

You can contact us at: privacy@lynko.it

3. What Data We Collect

We collect minimal data to make Lynko work properly:

๐Ÿ“Š Anonymous Statistics

  • Click counts โ€“ How many times a link was clicked
  • General location โ€“ Country/region (not your exact location)
  • Device type โ€“ Mobile, desktop, tablet (not specific device info)
  • Referrer domain โ€“ The domain name the click came from (e.g., example.com), not the full URL

๐Ÿ”— Technical Data

  • Original URLs โ€“ The links you want to shorten
  • Short codes โ€“ The random codes we generate
  • Creation timestamp โ€“ When the link was created

๐Ÿ“ฌ Early Access Email

If you sign up for early access, we collect your email address to let you know when registrations open.

โš ๏ธ What we don't collect:

  • Your raw IP address in our application data
  • Personal identifiers (like name, email, or ID numbers from usage)
  • Browsing history
  • Anything that could directly identify you through the use of the service

We do our best to keep this data anonymous, but some technical data (like referrers or URLs) could potentially be considered personal data under GDPR if combined with other sources. Just to be safe, we treat all data with care.

4. How We Use Your Data

We use the data we collect to:

  • ๐Ÿ”ง Make the service work โ€“ Redirect your short links to the right places
  • ๐Ÿ“ˆ Show anonymous stats โ€“ Help you understand how your links perform
  • ๐Ÿ›ก๏ธ Keep things secure โ€“ Detect and prevent abuse
  • ๐Ÿš€ Improve Lynko โ€“ Make the service better over time
  • ๐Ÿ“ฌ Notify you about registration โ€“ If you've joined the early access list

๐Ÿงพ Legal basis: We rely on our legitimate interest in providing and improving the service, and your consent where required (e.g., for cookies).

For each of these purposes, we only collect what's necessary, and we've conducted internal assessments to ensure our use is proportionate and respectful of your privacy rights.

We never sell your data, share it with advertisers, or use it for marketing purposes.

5. Link Reputation & Verification

To provide destination transparency, we check links using Google Safe Browsing. This means:

  • URLs are sent to Google for reputation analysis
  • This helps us block malicious or dangerous links
  • Google may log these requests according to their own privacy policy

When you use Lynko Verify, we may make controlled HTTP requests to the submitted link to reveal its redirect path and final destination. For public verification of external URLs, Lynko returns the result to you but does not store the submitted URL, final URL, or redirect chain.

To prevent abuse of this public tool, verification requests are rate-limited using a short-lived, one-way irreversible HMAC token derived from request metadata. This token cannot be used to re-identify any user or device. It is stored temporarily in a rate-limit bucket and expires automatically within a short time window. No raw IP address is ever stored or logged.

This is a trade-off we make to keep the service safe for everyone.

6. Cookies & Tracking

We use minimal cookies and tracking:

  • ๐Ÿช Essential cookies โ€“ Only what's needed for the site to work
  • ๐Ÿ“Š Simple Analytics โ€“ Privacy-first analytics (no personal tracking)
  • ๐Ÿ”’ Cookie consent โ€“ To comply with privacy laws

Simple Analytics may receive aggregate product events about public flows, such as link shortening attempts and failures, successful guest link creation, short-link copy actions, verify form submissions, completed checks, preview proceed actions, and failure categories. Event metadata is limited to categories, booleans, and buckets such as input type, validation result, failure reason, redirect type, result status, redirect-count bucket, and trace outcome. These events do not include the submitted URL, destination URL, domain, path, query string, fragment, redirect chain, short code, user ID, or API key.

No advertising cookies, no social media trackers, no creepy stuff. Promise! ๐Ÿค

7. Data Storage & Retention

Your data is stored securely using:

  • ๐Ÿ—๏ธ AWS Infrastructure โ€“ Industry-standard security
  • ๐Ÿ” Encryption โ€“ Data encrypted in transit and at rest
  • ๐ŸŒ EU-hosted servers โ€“ Data is stored in Ireland (AWS eu-west-1 region)

โฐ Retention

  • Shortened links are stored until they expire (via TTL) or are deleted by the user
  • Early access emails are stored until we notify you or you ask for deletion
  • In the future, if you create an account, your data will be stored until you delete your account

In some cases, data may be processed by third-party providers located outside the EU. When this happens, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and Transfer Impact Assessments (TIAs), in line with GDPR requirements post-Schrems II.

8. Your Rights (GDPR)

Even if we don't collect traditional personal data, the GDPR grants you certain rights over data that could potentially identify you. These include:

  • ๐Ÿ“„ Right to access โ€“ You can request to see what data we have (if any)
  • ๐Ÿ“ Right to rectification โ€“ You can request corrections to inaccurate data
  • ๐Ÿ—‘๏ธ Right to erasure โ€“ You can ask us to delete specific links or your early access email
  • โธ๏ธ Right to restrict processing โ€“ You can ask us to limit how we use your data
  • ๐Ÿ”„ Right to data portability โ€“ In applicable cases, receive data in a structured format
  • โŒ Right to object โ€“ You can object to our use of data under legitimate interest

To exercise any of these rights, just email privacy@lynko.it. We'll respond as soon as possible โ€“ usually within 30 days.

9. Accountability & Data Protection Practices

We take data protection seriously. We maintain internal records of our data processing activities, perform privacy impact assessments where needed, and have procedures in place for notifying users and authorities of data breaches within 72 hours, as required by GDPR.

We don't currently appoint a DPO, but you can always reach our privacy team at privacy@lynko.it for any questions.

10. Changes to This Policy

If we need to update this policy, we'll:

  • ๐Ÿ“ข Post a clear notice on the website
  • ๐Ÿ“… Update the "last modified" date
  • ๐Ÿ“ง Email registered users about major changes

We won't make sneaky changes or reduce your privacy protections without telling you.

11. Contact Us

Questions about privacy? We're here to help! ๐Ÿ’ฌ

Email: privacy@lynko.it
General: info@lynko.it