Privacy

Privacy policy

Last updated · April 18, 2026

LinkHQ is a link-routing platform for paid advertising. This page explains what we collect, why, and what we do with it. It's written to be readable — the legalese lives at the bottom if you want it.

What we collect

When you visit linkhq.app

Standard server logs — IP address, user-agent, requested path, timestamp. Retained for 30 days, then discarded. We don't run third-party marketing trackers on this site.

When you submit the waitlist form

The email address you enter. It goes into our Supabase database and is used only to reply to you about access. We don't add it to a newsletter list.

When you use LinkHQ as a customer

Your account email, the organizations you belong to, the links and campaigns you create, and metadata about edits you make. All of it is tenant-isolated with row-level security — we never share data across organizations.

When someone clicks a LinkHQ short link

  • User-agent string (to detect iOS / Android / desktop and in-app browsers)
  • Country (supplied by Cloudflare, derived from IP — we don't store raw IP)
  • Referrer hostname (not full URL)
  • Timestamp
  • A first-party random cookie called linkhq_visitor, used for approximate unique-click counting. It's a random 128-bit ID — no personal data is encoded in it.

We do not collect names, email addresses, precise location, or device fingerprints from link visitors.

Third parties

LinkHQ runs on three vendors, and no others:

  • Cloudflare — edge delivery, click-event storage (Analytics Engine), custom-hostname SSL.
  • Supabase — Postgres database and authentication.
  • Vercel — dashboard hosting.

If a LinkHQ customer configures a Facebook, Google Analytics, or TikTok pixel on one of their links, those pixels fire when the link is clicked. The IDs are set by the customer; we validate the format but not the destination. Disabling a pixel on a link stops it immediately.

Amazon Attribution tags pass through untouched from the destination URL. We don't send data to Amazon directly.

Data retention

  • Click events: 90 days in Cloudflare Analytics Engine; daily aggregates retained indefinitely in Postgres.
  • Account and link data: retained until the organization is deleted. Org deletion is a 30-day soft-delete — data is hard-deleted after the window closes.
  • Waitlist emails: retained until you ask us to remove them, or the invite is declined and 90 days have passed.

Your rights

You can request a copy of your data, correct inaccuracies, or ask us to delete it. Email legal@linkhq.appand we'll respond within 30 days. GDPR and CCPA requests are honored the same way.

Contact

Questions: legal@linkhq.app. This policy can change; material updates trigger an email to active customers.