Privacy Policy
Last updated: 5 May 2026
This Privacy Policy explains what personal data linkt.li (the “Service”) collects, how we use it, and the rights you have over it. We try to write this in plain language. If anything is unclear, send us a note via the contact form.
1. Who we are
The Service is operated by RACKSET LLC, a free-zone company registered in Sharjah Media City Free Zone (SHAMS), United Arab Emirates, license number 2535288.01. In this policy, “we,” “us,” and “our” refer to RACKSET LLC. “You” refers to anyone who creates an account, visits a page hosted on linkt.li, or otherwise uses the Service.
2. Data we collect
2.1 Account data
When you register an account, we collect your name, chosen username, email address, and a hashed copy of your password. We never store passwords in plain text.
2.2 Profile content you publish
Anything you add to your public bio page (display name, bio, links, lead-form fields, images you upload) is public by design and visible to anyone who visits your page URL.
2.3 Lead-form submissions
When a visitor submits a form on a page you own, we store the submitted fields (which may include name, email, phone, message, and any optional fields you've configured), the submitter's IP address, user-agent, and referring URL. You — the page owner — own this data. We process it on your behalf so we can show it to you and let you export it.
2.4 Analytics events
We record aggregate counts of profile views, link clicks, and form submissions per day, per page. We do not set tracking cookies or use third-party analytics like Google Analytics or Facebook Pixel. Tracking calls are signed with an HMAC token rendered on the page so they can't be impersonated.
2.5 Billing data
If you subscribe to a paid plan, payments are processed by Stripe. We never see or store your full card number — Stripe gives us a customer ID and the last four digits of your card for our records. Stripe's own privacy policy applies to anything you submit to them.
2.6 Communications
If you email us, we keep a copy of the message and your email address so we can reply and reference it later.
3. How we use data
- To provide the Service: render your page, store your blocks, deliver lead notifications.
- To bill you for paid plans (via Stripe).
- To send transactional email (lead notifications, password resets, billing receipts) via Postmark.
- To detect and prevent abuse, spam, and fraud.
- To improve the Service — for example, looking at aggregate analytics to decide what to build next.
We do not sell your personal data, and we do not share it with advertisers.
4. Cookies and similar technologies
We use a small number of cookies, all of them strictly necessary:
- A session cookie to keep you logged in.
- A CSRF cookie to protect form submissions.
localStorageon your device to remember your theme choice (light/dark). This stays on your device and isn't sent to us.
We do not use marketing or advertising cookies.
5. Service providers (sub-processors)
We share limited data with the following providers strictly for the purpose of running the Service:
- Stripe — payment processing
- Postmark — transactional email delivery
- Cloudflare — DNS, TLS, and basic DDoS protection
- Our hosting provider — server infrastructure
Each of these has its own privacy policy and data-protection commitments. We choose providers that offer EU/GDPR-compatible data-processing agreements.
6. Where data is stored
Servers hosting the Service are located in the European Union and the United Arab Emirates. By using the Service, you consent to your data being processed in those regions. Where data is transferred between jurisdictions, we rely on standard contractual clauses or equivalent safeguards.
7. How long we keep data
- Account data: kept while your account is active. After deletion, we keep a minimal record for up to 30 days for backup-restore purposes, then erase it.
- Lead submissions: kept for as long as your account is active, or until you delete them.
- Analytics events: we keep daily aggregates indefinitely; we do not store per-event raw data.
- Billing records: retained for 7 years for legal and tax compliance, regardless of account status.
8. Your rights
Subject to local law, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your account and personal data
- Export your data in a portable format (CSV for leads, JSON for blocks on request)
- Object to or restrict certain processing
- Lodge a complaint with a data protection authority
To exercise any of these, use the contact form from the email address registered on your account. We respond within 30 days.
9. Security
The Service is served exclusively over HTTPS. Passwords are hashed with bcrypt. Database backups are encrypted at rest. Tracking endpoints use HMAC signatures to prevent payload tampering. We can't promise zero risk — no online service can — but we work to keep that risk low.
10. Children
The Service is not intended for users under the age of 16. If you believe a minor has signed up, contact us and we'll remove the account.
11. Changes to this policy
If we make material changes, we'll update the “Last updated” date above and, where you have an account, notify you by email at least 14 days before the change takes effect. Continuing to use the Service after that date means you accept the updated policy.
12. Contact
Send privacy or legal questions via the contact form with the Privacy & data topic selected. For anything else, the same form has a General inquiry option.
RACKSET LLC
SHAMS Free Zone, Sharjah, United Arab Emirates
License No. 2535288.01