Last updated: May 18, 2026 (added Fanvue App Store data handling)
linksby.me ("we", "us", "our") takes your privacy seriously. This policy explains what information we collect, how we use it, and what choices you have. By using the Service you agree to the practices described here.
Account information: When you sign up we collect your email address and a hashed (bcrypt) version of your password. We never store your password in plain text.
Profile content: Any content you add to your linksby.me profile — display name, bio, avatar image, background image, links, and theme settings — is stored on our servers so we can display it publicly.
Payment information: We do not store your credit card details. Payments are processed by Stripe, Inc. (for direct subscriptions) or by Fanvue (for App Store subscriptions). The applicable processor may store payment method data under their own privacy policy. We receive and store only your processor customer ID (where applicable), subscription plan, status, and renewal dates.
Password reset tokens: When you request a password reset we generate a short-lived (60 minute) random token tied to your account. Tokens are deleted after use or expiry.
Fanvue identity and OAuth tokens (Fanvue users only): If you sign in through the Fanvue App Store or link your Fanvue account, we receive your Fanvue user identifier, email address, and — where available and only with the read:creator scope you grant — your Fanvue display name, profile photo URL, and short bio. We use this data only to create or auto-fill your linksby.me profile. We also store the OAuth access token and refresh token Fanvue issues so we can verify on subsequent requests that your subscription to our app is still active. These tokens are stored in our database tied to your account and are rotated automatically by Fanvue. Tokens are deleted if you delete your linksby.me account.
Fanvue subscription status cache (Fanvue users only): We periodically (approximately every 5 minutes during active sessions) call Fanvue's API to confirm your subscription to linksby.me is still active. We cache the boolean active/inactive result and the timestamp of the last check on your account row. We do not store invoice details, prices paid, or payment methods from Fanvue.
Usage data: We track aggregate view counts (how many times your public profile is loaded) and link click counts. These are tied to your profile, not to individual visitors. We do not use third-party analytics trackers, advertising pixels, or behavioral tracking services.
Session data: We use a server-side session cookie to keep you logged in. This cookie is HTTP-only and expires after 24 hours of inactivity.
Server logs (visitors and account holders): Our web server records standard access logs — IP address, user agent, requested URL, timestamp, and HTTP status code — for every request, including visits to public profile pages. These logs are retained for up to 30 days and are used for security, debugging, and abuse prevention. We do not link these logs to individual profile visitors except where necessary to investigate abuse or comply with legal requests.
We share data with the following third parties only to the extent necessary to operate the Service:
We do not sell your data to any third party. We do not use advertising networks or behavioral tracking services.
Information you add to your linksby.me profile (display name, bio, avatar, background image, links) is publicly visible by design — that is the core purpose of the Service. Do not add information to your profile that you would not want to be public. Public profile pages may be indexed by search engines such as Google and Bing and may be cached, archived, or quoted by third parties outside our control. Once content has been publicly shared we cannot guarantee its removal from external caches or archives even after you delete it. Deleted profiles are removed from linksby.me immediately; residual data may remain in server backups for up to 30 days.
We retain your account data for as long as your account is active. If you cancel your subscription your account and profile data is retained for 30 days before deletion, giving you a window to reactivate. You may request earlier deletion by contacting us. Server access logs are retained for up to 30 days. Payment records (transaction IDs, amounts, dates) are retained for as long as required by tax and accounting law in our operating jurisdiction.
We use industry-standard security practices: passwords are stored as bcrypt hashes (cost factor 12), sessions use HTTP-only cookies with strict SameSite handling, CSRF tokens protect all forms, all connections use HTTPS in production, and we never directly process or store payment card numbers (handled entirely by Stripe, which is PCI-DSS Level 1 certified). No system is perfectly secure; in the event of a data breach affecting your personal information we will notify you and the appropriate regulators where required by law.
Our servers and our third-party processors (Stripe, SendGrid, Google) may be located in countries different from your own, including the United States. By using the Service you understand that your personal information may be transferred to and processed in those countries, which may have different data protection laws than your country of residence. Where required by law, we rely on appropriate safeguards (such as Standard Contractual Clauses) for these transfers.
Depending on where you live, you may have rights under laws such as the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), or similar legislation. These rights may include:
To exercise any of these rights, email us at privacy@linksby.me. We will respond within 30 days. We do not sell or share your personal information for cross-context behavioral advertising as those terms are defined under the CCPA.
If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases: (a) performance of a contract with you (operating your account and providing the Service); (b) legitimate interests (security, abuse prevention, debugging, improving the Service) where these are not overridden by your rights; (c) legal obligation (tax, accounting, responding to lawful requests); and (d) consent where required, which you can withdraw at any time.
We use a single first-party HTTP-only session cookie to keep you logged in. We do not use tracking cookies, advertising cookies, third-party analytics, or behavioral profiling. We do not respond to Do Not Track browser signals because we do not track users across sites in the first place. You can disable cookies in your browser settings, but the Service requires the session cookie to function. Embedded resources such as Google Fonts may make network requests to Google's servers when our pages load, allowing Google to log standard request metadata (IP address, user agent, requested font).
linksby.me is not intended for and is not directed to anyone under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account or that we have inadvertently collected information from a minor, contact us at privacy@linksby.me and we will delete the information promptly.
We may update this Privacy Policy from time to time. Material changes will be communicated by email or by a notice within the Service at least 14 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance. The "Last updated" date at the top of this page indicates when this policy was most recently revised.
Privacy questions, requests, or complaints? Email us at privacy@linksby.me. General support questions go to support@linksby.me.