Privacy Policy

Effective date: July 12, 2026

This policy explains what Link True World, Inc. ("we", "us") collects when you use Link True World (the "Service"), how we use it, and the choices you have. The short version: we collect what is needed to run the Service, we do not run ads, we do not sell your data, and we do not send your content to third-party AI services.

1. What we collect

  • Account data. When you sign in with an identity provider (Google or GitHub) we receive your email address and basic profile information (name, avatar). We never see your password.
  • Content you create. Notes, replies, folders, bookmarks, your profile (display name, avatar), and media you upload — images and videos, including technical metadata needed to store and play them (file size, format, duration, dimensions).
  • Technical data. IP addresses and request logs generated by our hosting infrastructure for security and reliability, and privacy-focused, cookie-less page analytics (aggregate page views and web-vitals timings).

We do not collect advertising identifiers, run tracking pixels, or buy data about you from third parties.

2. What is public and what is private

  • Public: your profile, published notes and their edit history, replies, public folders, and media embedded in published notes (including video watch pages). Anyone can view, and other users may reuse notes according to the license you chose.
  • Private: who you follow, your bookmarks, your private and followers-only folders, drafts (stored locally in your browser), and your email address. These are never shown to other users.

3. How we use data

  • to provide the Service: hosting, search, playback, sync;
  • to keep the Service safe: abuse prevention, rate limiting, handling reports, enforcing our Community Guidelines;
  • to comply with legal obligations.

Where GDPR applies, our legal bases are performance of a contract (providing the Service), legitimate interests (security, abuse prevention), and legal obligation. We do not use your data for automated decision-making with legal effects, and we do not send your content to external AI services.

4. Who processes data for us

We share data only with the infrastructure providers required to run the Service ("subprocessors"), under their standard data processing agreements:

  • Supabase — database and authentication (account data, content).
  • Vercel — application hosting, request logs, and cookie-less analytics.
  • Cloudflare (R2) — storage and delivery of uploaded media (images, videos).
  • Google / GitHub — sign-in (OAuth) only; they act as your identity provider under their own privacy policies.

We do not sell or rent personal data, and we do not share it with advertisers or data brokers. Data is processed in the United States. If we are legally compelled to disclose data, we will notify you unless prohibited from doing so.

5. Cookies and local storage

We use only strictly necessary cookies (keeping you signed in). We use your browser's local storage for drafts and preferences (such as theme or player quality); this data stays on your device. We set no advertising or cross-site tracking cookies, which is why the Service shows no cookie banner.

6. Retention and deletion

  • Content is kept until you delete it. Deleting a note is a physical delete that also removes its edit history, replies, and media bindings.
  • Deleting your account removes your profile, notes, replies, folders, bookmarks, and uploaded media files.
  • Residual copies may persist in encrypted backups for a limited period before being rotated out.
  • Infrastructure request logs are retained short-term.

7. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA and similar laws), you have rights to access, correct, delete, export, and object to processing of your personal data. Most of these are self-serve:

  • Delete: delete individual content anytime, or your entire account in Settings → Account.
  • Export: download an archive of your data in Settings → Account.
  • Everything else: email privacy@linktw.com. We respond within 30 days. You may also lodge a complaint with your local supervisory authority.

8. Security

All traffic is encrypted in transit (HTTPS/HSTS). Database access is enforced with row-level security. Sign-in is delegated to your identity provider, including any two-factor authentication you have enabled there. If a breach affects your personal data, we will notify you and the relevant authorities as required by law (within 72 hours where GDPR applies).

9. Children

The Service is not directed to children under 13 (or under 16 in the EEA/UK without parental consent), and we do not knowingly collect their data. If you believe a child is using the Service, contact privacy@linktw.com.

10. Changes

We will post any changes to this policy here and, for material changes, give notice on the Service before they take effect.

11. Contact

Link True World, Inc. — privacy@linktw.com