← Back to Link Hut

Privacy Policy

Last updated: April 8, 2026

Link Hut ("we", "our", or "us") operates linkhut.app. This Privacy Policy explains what data we collect, why we collect it, and how we handle it. By using Link Hut, you agree to the practices described here.

1. Data We Collect

Account information

When you create an account, we collect:

  • Email address (used to authenticate you via magic link or Google)
  • First and last name (optional)
  • Username (your public profile URL, e.g. linkhut.app/yourname)
  • Profile picture (uploaded and stored in Google Firebase)
  • Bio/headline
  • WhatsApp number (optional)
  • Links and social media profiles you choose to publish
  • Theme, font, and custom CSS preferences

Analytics on your public profile

We collect anonymous engagement data on your public profile page to show you statistics. This includes:

  • Page views (number of times your page was visited)
  • Link clicks and social icon clicks
  • HTTP referrer (the site that sent a visitor to your page)
  • Timestamps of visits

We do not collect or store visitor IP addresses, device identifiers, or any information that personally identifies visitors to your public profile.

Payment information

If you subscribe to the Pro plan, payments are processed by Stripe. We never see or store your full credit card details. Stripe shares with us only your customer ID, subscription status, and email.

Usage and error data

We use Google Analytics (via Google Tag Manager) and Vercel Analytics to understand how the app is used (page views, feature usage, conversions). We use Sentry to track errors and performance issues. These services may collect your IP address and browser information.

2. How We Use Your Data

  • To create and manage your account
  • To display your public profile page to visitors
  • To send authentication emails (magic links) and transactional emails (e.g., subscription confirmation, cancellation notice) via Resend
  • To process and manage your subscription via Stripe
  • To show you analytics about your profile's performance
  • To improve the service and fix bugs

We do not sell your data. We do not use your data for advertising targeting beyond the analytics services described above.

3. Third-Party Services

We rely on the following third-party providers. Each has its own privacy policy:

ServicePurposeData shared
StripePayment processingEmail, name, subscription
ResendTransactional emailsEmail, name
Google FirebaseProfile picture storageImage file, user ID
Google Analytics / GTMApp usage analyticsEvents, page views
Vercel AnalyticsPerformance monitoringPage load data
SentryError trackingError logs, stack traces
MongoDB Atlas / UpstashDatabase & cachingAll stored user data

4. Cookies

We use the following cookies:

  • Authentication cookie (next-auth.session-token) — required to keep you logged in. This is a session cookie that expires when you log out or after a period of inactivity.
  • Google Analytics cookies (_ga, _ga_*) — used by Google Analytics to distinguish users and sessions. These persist for up to 2 years.
  • Google Tag Manager — loads and manages the analytics tags described above.

You can disable cookies in your browser settings, but this may affect the functionality of the app (e.g., you will not be able to stay logged in).

For more details, see our Cookie Policy.

5. Data Retention

We retain your data for as long as your account is active. Analytics data (aggregated views and clicks on your profile) is retained indefinitely to provide you with historical statistics. If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial reasons (e.g., billing records required by Stripe).

6. Your Rights

You have the right to:

  • Access — request a copy of the data we hold about you
  • Correction — update inaccurate data in your account settings
  • Deletion — request deletion of your account and associated data
  • Portability — request your data in a structured, common format

To exercise any of these rights, email us at support@linkhut.app. Account settings allow you to update most personal information directly. Link and social icon deletion is available directly in the app.

7. Security

We implement security measures including HTTPS encryption, HTTP security headers (HSTS, X-Content-Type-Options, X-Frame-Options), input validation, rate limiting, and XSS/injection protection on user-provided CSS. Authentication is handled via NextAuth with signed JWT tokens.

No system is 100% secure. If you discover a security vulnerability, please report it to support@linkhut.app.

8. Children

Link Hut is not intended for children under 13. We do not knowingly collect data from children. If you believe we have inadvertently collected such data, please contact us immediately.

9. Changes to This Policy

We may update this policy from time to time. We will notify registered users by email of material changes. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions, contact us at support@linkhut.app.