Privacy Policy

Last updated: April 1, 2026

Linkycat ("we", "us", "our") is operated by Umisto. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use Linkycat (available at linkycat.me) and related services (collectively, the "Service"). By using the Service, you agree to this policy. If you do not agree, please stop using the Service.

1. Who We Are

Umisto is the data controller responsible for your personal data collected through Linkycat. For questions about this policy or your data, contact us at [email protected].

2. Information We Collect

2.1 Information You Provide Directly

  • Account data: username, email address, and password.
  • Profile data: display name, bio, and profile photo that you optionally add to your public page.
  • Link data: titles and URLs you add to your Linkycat page.
  • Billing data: when you subscribe to Pro, payment details are collected and processed by Paddle (our payment processor) — we do not store raw card numbers. We receive a customer ID and subscription ID from Paddle.
  • Communications: messages you send us (e.g. support requests, waitlist sign-ups).

2.2 Information Collected Automatically

  • Log data: IP address, browser type and version, operating system, pages visited, timestamps, and referring URL.
  • Cookies. These are strictly necessary for the Service to function and cannot be opted out of while using a logged-in account.

2.3 Information from Third Parties

If you pay for Pro, Paddle sends us subscription lifecycle events (created, updated, canceled) via webhook so we can grant or revoke access. No payment card data is included in these events.

3. How We Use Your Information

  • To create and maintain your account and public page.
  • To process subscription payments and manage your plan.
  • To send transactional communications (e.g., account verification codes, receipt emails via Paddle, billing notifications).
  • To respond to support requests and improve the Service.
  • To detect, investigate, and prevent fraudulent or illegal activity.
  • To comply with legal obligations we are subject to.

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Legal Basis for Processing (EEA / UK Users)

Where GDPR or UK GDPR applies, we process your data on the following bases:

  • Contract: processing necessary to provide the Service you signed up for (account management, link hosting, subscription billing).
  • Legitimate interests: fraud prevention, security, and service improvement, where our interests do not override your rights.
  • Legal obligation: retaining certain data to comply with applicable law.
  • Consent: where we ask for and you provide consent for optional communications (e.g., product update emails).

5. How We Share Your Information

  • Paddle: our payment processor. When you subscribe, your email and payment details are shared with Paddle to complete the transaction. Paddle's privacy policy is available at paddle.com/legal/privacy.
  • Legal requirements: we may disclose data when required by law, court order, or to protect the rights and safety of our users or the public.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we must retain it to comply with legal obligations (e.g., financial records related to paid subscriptions, which we retain for 7 years for tax purposes).

7. International Transfers

We operate globally and your data may be processed in countries outside your own. Where we transfer data from the EEA or UK to a third country, we use Standard Contractual Clauses or rely on the adequacy decision of the European Commission.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate data.
  • Erasure: request deletion of your data ("right to be forgotten").
  • Restriction: request that we limit how we process your data.
  • Portability: receive your data in a machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. If you are unhappy with our response, you have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us personal data, please contact us and we will delete it promptly.

10. Security

We implement industry-standard security measures including encrypted data in transit (TLS).

11. Changes to This Policy

We may update this policy periodically. For material changes, we will notify you by email or via a prominent notice on the Service at least 14 days before the change takes effect. Continued use after the effective date constitutes acceptance.

12. Contact Us

Umisto
Email: [email protected]