Privacy Policy
Last updated: 1 July 2026
This policy explains how Permalink, operated by Michael Berger, Friedhofstraße 38, 73650 Winterbach, Germany (the data controller), handles personal data. Contact: contact@permalinks.app.
1. Data we collect
- Account data — email address and authentication data you provide at sign-up.
- Link data — the short links you create and their destinations.
- Click analytics — for each redirect we record a timestamp, a coarse country derived from your IP address (we do not store the IP itself), the referring URL, and the browser user-agent string. This powers the aggregate click statistics shown to link owners.
- Billing data — handled by our payment processor (Stripe); we do not store card details.
2. How we use it
To provide and secure the Service, perform redirects, show link owners their analytics, process payments, send transactional email (e.g. verification codes), and comply with legal obligations.
3. Legal bases (GDPR)
Performance of our contract with you (providing the Service), our legitimate interests (security and aggregate analytics), consent where required, and compliance with legal obligations.
4. Sharing & processors
We share data only with processors that run the Service on our behalf. We do not sell personal data. Our processors are:
- Convex — backend & database hosting.
- Vercel — website hosting & edge network.
- Stripe — payment processing.
- Resend — transactional email delivery.
- Google — optional "Sign in with Google" authentication.
5. Retention
Account and link data are kept while your account is active. Anonymous links and their data expire automatically (within 24 hours). Click analytics are retained for up to 24 months, after which they are deleted or anonymised. You can delete your account to remove your data, subject to any legal retention requirements (e.g. invoicing records).
6. Your rights
Subject to applicable law, you may access, correct, export, or delete your data, object to or restrict processing, withdraw consent, and lodge a complaint with a supervisory authority (in Germany, your state data protection authority). Contact us to exercise these rights.
7. International transfers
Where a processor handles data outside the EU/EEA, it does so under appropriate safeguards (e.g. EU Standard Contractual Clauses).
8. Cookies
We use only the essential cookies/storage needed to keep you signed in. We do not use advertising or third-party tracking cookies.
9. Changes
We will post updates here and adjust the “last updated” date.
← Back to home