Lynkbee Logo Back to Home

Privacy Policy

Effective Date: December 1, 2025 | Last Updated: November 30, 2025

1. INTRODUCTION AND SCOPE

This Privacy Policy ("Policy") explains how Groupbox Ltd., operating as Lynkbee ("we," "us," "our," or "Company"), collects, uses, processes, and protects personal information in connection with our URL shortening and link intelligence platform (the "Service" or "Platform"). This Policy applies to two distinct groups of individuals:

  • Link Owners: Users who create an account and use Lynkbee to shorten, manage, and analyze links ("you" or "Users")
  • Link Consumers: Individuals who click on shortened links created through Lynkbee ("Visitors" or "End Users")

By using our Service, either as a Link Owner or Link Consumer, you acknowledge that you have read, understood, and agree to this Privacy Policy. This Policy is incorporated into and subject to our Terms of Service. If you do not agree with any provision of this Policy, you must not use the Service.

Quick Summary: We collect minimal data necessary to provide our service. For Link Owners, we collect account information. For Link Consumers, we collect anonymous analytics data (device type, location, browser). We never sell your data to third parties.

2. DATA CONTROLLER AND CONTACT INFORMATION

Groupbox Ltd. is the data controller responsible for processing personal data under this Policy. For privacy-related inquiries, data subject rights requests, or concerns, you may contact us through our website contact form or via email at the address provided on our website.

3. DATA COLLECTION FOR LINK OWNERS (USERS)

3.1 Account Information

When you register for a Lynkbee account, we collect:

  • Email Address: Required for account creation, authentication, password recovery, and service communications
  • Username: Derived from your email address or chosen by you during registration
  • Authentication Data: Encrypted passwords and authentication tokens when using email/password login
  • OAuth Data: If you sign in via Google, we receive your name, email address, and profile information as permitted by the OAuth provider

Legal Basis: Contract performance (GDPR Art. 6(1)(b)) — necessary to create and manage your account and provide the Service.

3.2 Link and Campaign Data

When you create and manage links, we collect:

  • Original destination URLs you wish to shorten
  • Custom short link slugs, branded domain preferences, and link metadata
  • Campaign names, tags, descriptions, and organizational structures
  • Password protection settings and access control rules you configure
  • QR code preferences and customization settings

Legal Basis: Contract performance (GDPR Art. 6(1)(b)) — necessary to provide the core Service functionality.

3.3 Billing and Payment Information

For paid subscriptions and token purchases, we collect:

  • Billing name, email address, and country
  • Transaction history, invoice records, and token usage logs

We do not directly store credit card numbers or payment details. All payment processing is handled by third-party PCI-compliant payment processors (e.g., Stripe, PayPal). These processors collect and store payment card information according to their own privacy policies.

Legal Basis: Contract performance (GDPR Art. 6(1)(b)) and legal obligation (GDPR Art. 6(1)(c)) for tax and accounting compliance.

3.4 Usage and Analytics Data

To improve the Service and provide you with insights, we collect:

  • Dashboard activity, feature usage patterns, and interaction logs
  • Browser type, operating system, device information
  • IP address (for security, fraud prevention, and account access monitoring)
  • Login timestamps, session duration, and access logs

Legal Basis: Legitimate interests (GDPR Art. 6(1)(f)) — to improve service quality, detect fraud, and ensure platform security.

4. DATA COLLECTION FOR LINK CONSUMERS (VISITORS)

4.1 Anonymous Analytics Data

When you click on a Lynkbee shortened link, we collect the following anonymized, non-personally identifiable information:

  • IP Address (Anonymized): Used solely to derive approximate geographic location (country/city level). We do not store full IP addresses; they are hashed and anonymized immediately after geolocation lookup.
  • Country and City: Determined via third-party geolocation APIs (ipapi.co, ipinfo.io) to provide geographic analytics to Link Owners
  • Device Type: Mobile, tablet, or desktop (derived from user agent string)
  • Operating System: E.g., Windows, macOS, Android, iOS
  • Browser Type: E.g., Chrome, Safari, Firefox, Edge
  • Referrer URL: The webpage from which you clicked the link (if available and not blocked by browser privacy settings)
  • Timestamp: Date and time of the click event
  • Bot Detection Status: Whether the click was identified as non-human traffic using fingerprinting and user-agent analysis

We do NOT collect: Names, email addresses, phone numbers, precise GPS coordinates, or any directly identifiable personal information from Link Consumers.

Legal Basis: Legitimate interests (GDPR Art. 6(1)(f)) — to provide analytics services to Link Owners, detect fraud and abuse, and improve service quality.

4.2 Cookies and Local Storage

Lynkbee uses minimal cookies and browser local storage for the following purposes:

  • Functional Cookies: To remember your consent preferences for cookie usage
  • Session Cookies (Link Owners Only): To keep you logged in to your account
  • Bot Detection: We use the BotD library which may set temporary browser fingerprints to detect non-human traffic

We do NOT use: Advertising cookies, cross-site tracking cookies, or any third-party marketing cookies.

You can control cookie settings through your browser preferences. Note that disabling cookies may affect Service functionality for Link Owners.

5. HOW WE USE COLLECTED DATA

5.1 For Link Owners

  • Provide, operate, and maintain your account and the Service
  • Process billing transactions and manage subscription plans
  • Send service-related communications (account notifications, billing updates, security alerts)
  • Provide customer support and respond to inquiries
  • Generate analytics dashboards showing click data, geographic distributions, and campaign performance
  • Detect and prevent fraud, abuse, and security threats
  • Enforce our Terms of Service and comply with legal obligations
  • Improve and develop new features for the Platform

5.2 For Link Consumers

  • Redirect you to the intended destination URL
  • Apply geotargeting, device targeting, and smart redirect rules configured by the Link Owner
  • Protect against malicious links, phishing attempts, and spam (via AbuseIPDB integration and internal threat intelligence)
  • Generate anonymized aggregate statistics for Link Owners (e.g., "500 clicks from United Kingdom," "60% mobile traffic")
  • Detect and block bot traffic to ensure data accuracy

6. DATA SHARING AND THIRD-PARTY SERVICES

We do NOT sell, rent, or trade your personal data to third parties for marketing purposes.

We may share data with the following categories of third parties:

6.1 Essential Service Providers

  • Cloud Infrastructure: Hosting providers for data storage and server operations (e.g., AWS, Azure, DigitalOcean)
  • Payment Processors: Stripe, PayPal, or similar services for subscription and transaction processing
  • Email Service Providers: For transactional emails (account verification, password resets, billing notifications)
  • Geolocation APIs: ipapi.co and ipinfo.io for converting IP addresses to geographic locations
  • Threat Intelligence: AbuseIPDB for IP reputation checking and malicious link detection

These providers are contractually bound to process data only as instructed by us and to implement appropriate security measures.

6.2 Legal and Compliance Obligations

We may disclose personal data if required by law, legal process, or government request, including to:

  • Comply with court orders, subpoenas, or legal proceedings
  • Enforce our Terms of Service or investigate violations
  • Protect the rights, property, or safety of Lynkbee, our users, or the public
  • Detect, prevent, or address fraud, security, or technical issues
  • Respond to reports of abuse (see Section 12 below)

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this Policy.

7. DATA RETENTION

7.1 Link Owner Data

  • Account Data: Retained for the duration of your active account plus 90 days after account deletion (for legal and fraud prevention purposes)
  • Billing Records: Retained for 7 years to comply with tax and accounting laws
  • Link and Campaign Data: Retained until you delete them or 90 days after account termination

7.2 Link Consumer Data

  • Click Analytics: Anonymous click data is retained for up to 24 months to provide historical analytics to Link Owners
  • IP Addresses: Anonymized immediately after geolocation lookup; full IP addresses are not stored beyond rate-limiting and abuse prevention caches (typically 24-72 hours)

8. SECURITY MEASURES

We implement industry-standard security measures to protect personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Regular security audits, vulnerability assessments, and penetration testing
  • Role-based access controls and principle of least privilege for employees
  • DDoS protection, rate limiting, and Proof-of-Work challenges to prevent abuse
  • Integration with CrowdSec and AbuseIPDB for threat intelligence and malicious IP blocking
  • Bot detection and filtering to ensure data integrity

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. YOUR RIGHTS UNDER GDPR (EEA/UK RESIDENTS)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention obligations
  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Data Portability: Receive your data in a machine-readable format and transfer it to another controller
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time
  • Right to Lodge a Complaint: File a complaint with your national data protection authority (e.g., ICO in the UK)

To exercise any of these rights, please contact us through our website contact form or email. We will respond within 30 days as required by GDPR.

10. INTERNATIONAL DATA TRANSFERS

Lynkbee is operated from the United Kingdom. If you are accessing the Service from outside the UK, your data may be transferred to, stored, and processed in the UK or other jurisdictions where our service providers operate.

For data transfers outside the EEA/UK, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with third-party providers that include adequate data protection commitments
  • Reliance on adequacy decisions where applicable (e.g., UK-EU adequacy bridge)

11. CHILDREN'S PRIVACY

Lynkbee is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete such data promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

12. REPORTING ABUSIVE OR MALICIOUS LINKS

See Something Suspicious?

If you encounter a Lynkbee shortened link that you believe is being used for phishing, malware distribution, spam, fraud, or any other malicious or illegal purpose, please report it immediately.

How to Report:

  • Visit our Report Abuse page
  • Provide the suspicious link URL and a description of the issue
  • Include any evidence (screenshots, email headers, etc.) if possible

Our security team reviews all reports within 24 hours. If a link is confirmed to be malicious, we will:

  • Immediately suspend the link and redirect it to a warning page
  • Suspend or terminate the account of the Link Owner
  • Report the incident to relevant authorities if legally required
  • Share threat intelligence with AbuseIPDB and CrowdSec to protect the broader internet community

Zero Tolerance Policy: Lynkbee has a strict zero-tolerance policy for abuse. Any account found to be creating malicious, fraudulent, or illegal links will be permanently banned, and we reserve the right to cooperate with law enforcement agencies.

13. DO NOT TRACK (DNT) SIGNALS

Some browsers support "Do Not Track" (DNT) signals. At this time, Lynkbee does not respond to DNT signals due to the lack of industry-wide standards. However, we minimize data collection and do not engage in cross-site tracking or behavioral advertising.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. We will notify you of material changes by:

  • Posting the updated Policy on this page with a revised "Last Updated" date
  • Sending an email notification to Link Owners (if you have an account)
  • Displaying a prominent notice on the Platform

Your continued use of the Service after any changes indicates your acceptance of the updated Policy. We encourage you to review this Policy periodically.

15. CONTACT US

For questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

END OF PRIVACY POLICY

By using Lynkbee, you acknowledge that you have read, understood, and agree to this Privacy Policy.