Privacy Policy

Last updated: March 3, 2026

BL1NK ("we," "us," or "our") operates the BL1NK platform at https://my.bl1nk.co. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services.

By using BL1NK, you agree to the collection and use of information as described in this policy.

1. Data We Collect

Account Data

When you create an account, we collect:

  • Identity information: Name, email address, username, profile picture
  • Authentication data: Password (stored as a secure hash, never in plaintext), passkeys, two-factor authentication codes
  • Social sign-in data: If you sign in with Google, GitHub, or LinkedIn, we receive your name, email address, and profile picture from that provider. We do not receive or store your social account password.

Profile Data

When you build a BL1NK profile, you may provide:

  • First name, last name, job title, company, location, bio
  • Profile photo, cover photo, company logo
  • Links and contact information you choose to display
  • Theme and display preferences

All profile data you enter is voluntary.

Analytics Data

When someone views a public BL1NK profile, we may collect:

  • Device information: Browser type and version, operating system, screen dimensions, device type
  • Visit data: Page views, link clicks, time on page, scroll depth, referral source, UTM parameters
  • Network data: IP address, approximate geographic location (if the profile owner has enabled location tracking and the visitor grants browser permission)
  • Visitor identification: A device fingerprint for distinguishing unique visitors (if the profile owner has enabled this feature)

Profile owners control which analytics features are enabled on their profiles. Visitors are not tracked across different profiles or websites.

Lead Capture Data

When a visitor submits a contact form on a BL1NK profile, we collect whatever information the visitor provides (typically name, email, phone, company, and a message). This data is stored on behalf of the profile owner.

Payment Data

We do not directly process or store credit card numbers. Payments are handled by our payment processor, DodoPayments. We store subscription status, plan type, and a customer reference ID for billing purposes.

Usage and Security Data

  • Audit logs: Actions you take in the platform (login, settings changes, team management) with timestamps, IP address, and user agent
  • Security records: Failed login attempts, account lockout events, known device list (up to 10 devices per user)
  • Session data: Authentication tokens, IP address, and user agent for active sessions

2. How We Use Your Data

We use your data to:

  • Provide the service: Create and display your profiles, process lead submissions, manage your team and organization
  • Authenticate you: Verify your identity when you sign in, manage sessions, enforce two-factor authentication
  • Process payments: Manage subscriptions, handle billing through our payment processor
  • Send communications: Transactional emails (password resets, team invitations, lead notifications, billing alerts). We do not send marketing emails unless you explicitly opt in.
  • Provide analytics: Show profile owners how their profiles are performing (views, clicks, visitor demographics)
  • Maintain security: Detect and prevent unauthorized access, enforce rate limits, track suspicious login attempts
  • Improve the service: Understand usage patterns to fix bugs and improve features

We do not sell, rent, or share your personal data with third parties for advertising purposes.

3. Google User Data

If you sign in with Google, we access only:

  • Your name, email address, and profile picture (via openid, email, and profile scopes)

We use this data solely to create and maintain your BL1NK account. We do not use Google user data for advertising, do not transfer it to data brokers, and do not use it for purposes unrelated to the core functionality of BL1NK.

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

4. Third-Party Services

We use the following third-party services to operate BL1NK:

| Service | Purpose | Data Shared | |---------|---------|-------------| | DodoPayments | Payment processing | Email, name, subscription details | | Resend | Transactional email delivery | Email address, email content | | Cloudflare R2 | File storage (images) | Uploaded files (avatars, cover photos) | | Nango | Integration connections (CRM sync) | OAuth tokens, lead data when you initiate a sync |

When you connect third-party integrations (such as HubSpot, Salesforce, Google Sheets, or Slack), data is shared with those services according to their own privacy policies and only when you explicitly initiate the connection.

5. Cookies and Local Storage

We use the following:

  • Session cookie: An authentication token to keep you signed in (HTTP-only, secure)
  • Locale cookie: Your language preference
  • Local storage: Theme preference (light/dark mode), UI state
  • Session storage: Temporary analytics session ID for profile visitors (cleared when the browser tab closes)

We do not use third-party advertising or tracking cookies.

6. Data Retention

| Data Type | Retention Period | |-----------|-----------------| | Account data | Until you delete your account | | Profile data | Until you delete the profile or account | | Analytics events | 7 days (Free plan) or unlimited (Pro plan) | | Lead capture data | Until the profile owner deletes it or the account is deleted | | Audit logs | Retained for security and compliance purposes | | Sessions | 30 days from last activity | | Security logs (login attempts, lockouts) | Retained for security purposes |

7. Your Rights

You have the right to:

  • Access your data: Export all your personal data from Settings → Privacy at any time
  • Delete your account: Request account deletion from Settings → Privacy. There is a 30-day grace period during which you can cancel the deletion. After 30 days, all your data is permanently deleted, including profiles, leads, analytics, and audit logs. Active subscriptions are cancelled automatically.
  • Control analytics: Profile owners can enable or disable individual tracking features (page events, location, fingerprinting, link clicks, lead forms, vCard downloads) per profile
  • Control notifications: Configure which email and in-app notifications you receive from Settings → Notifications
  • Correct your data: Update your account information and profile data at any time
  • Withdraw consent: Disconnect social sign-in providers, disable two-factor authentication, or revoke integration connections at any time

If you are located in the European Economic Area (EEA), you also have the right to lodge a complaint with your local data protection authority.

8. Data Security

We protect your data with:

  • Encryption in transit: All connections use TLS (HTTPS)
  • Password security: Passwords are hashed using scrypt; we never store plaintext passwords
  • API key security: API keys are stored as hashes, not in plaintext
  • Access controls: Role-based permissions for team members within organizations
  • Account protection: Progressive delay on failed logins, automatic account lockout after repeated failures, optional two-factor authentication, new device login alerts
  • Infrastructure: Data is stored on servers within the European Union (Cloudflare R2 EU region, DigitalOcean EU)

9. Data About Profile Visitors and Leads

BL1NK profile owners may collect analytics data and lead information from people who visit their public profiles. If you are a visitor to a BL1NK profile:

  • The profile owner controls which analytics features are enabled
  • You may be asked to share your contact details via a lead capture form — this is voluntary
  • Geolocation is only collected if you grant permission through your browser
  • You can contact us at [email protected] to request removal of any data collected about you through a BL1NK profile

10. Children's Privacy

BL1NK is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. International Data Transfers

Your data may be processed in countries outside your own. We store data primarily within the European Union. Where data is transferred outside the EU, we ensure appropriate safeguards are in place through our service providers' data processing agreements.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice in the application. The "Last updated" date at the top of this page indicates when this policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Email: [email protected]