Privacy Policy

1. Scope

This Privacy Policy explains how lynko.my collects, uses, and shares information when you use our website and services. If you do not agree with this policy, please do not use the service.

2. Data we collect

• Account identifiers: email (OTP login) or Telegram account data (ID/username), login timestamps, session/auth tokens.
• Content you create: page settings, links, design settings, social profiles, custom domains, uploaded media.
• Usage analytics: page views and link clicks (timestamps, referrers, device/browser info). Some data (e.g., country) may be derived from IP.
• Payments: subscription status and billing metadata. Card/crypto processing is handled by third-party processors; we do not store full card details or wallet private keys.
• Security/technical logs: IP address (for rate limiting/abuse prevention), errors, audit events, domain verification/SSL events.
• Cookies/local storage: session cookies, CSRF tokens, and dashboard preferences.

3. How we use data

• Provide the service: render pages, route custom domains, host media, redirect short links.
• Security: authentication, fraud/abuse detection, rate limiting, incident investigation.
• Analytics: show stats in your dashboard and improve product performance.
• Billing/support: manage subscriptions, respond to requests, troubleshoot issues.
• Legal: comply with applicable laws and respond to valid legal requests.

4. Sharing

We do not sell your personal information.

We may share limited data with service providers needed to run lynko.my, such as:

• Payment processors: (e.g., Stripe, NOWPayments) to process payments and prevent fraud.
• Email provider: to send OTP codes (email + one-time code).
• Telegram: if you log in via Telegram.
• Hosting/CDN/SSL: infrastructure providers that may process server logs.

Public content: your lynko.my page is public by default. Do not publish sensitive information.

Legal requests: we may disclose information if required by law; when allowed, we will notify you.

Business transfers: if lynko.my is acquired or merged, data may be transferred under this policy.

5. Retention

• Active accounts: retained while your account is active.
• Deleted accounts: we remove personal data from production systems within 30 days; backups may persist up to 90 days.
• Security logs: typically retained up to 90 days (unless needed for security/legal reasons).
• Billing records: retained up to 7 years where required for accounting/tax.

6. Your rights

• Access/export: request a copy/export of your data.
• Correction: you can update most data in the dashboard.
• Deletion: you can delete your account; some records may be retained where legally required.
• GDPR/CCPA: additional rights may apply depending on your region (access, deletion, portability, objection, complaint).

7. Security

• HTTPS/TLS, OTP-based authentication (no passwords stored), CSRF protection, rate limiting.
• Restricted database/file permissions and access controls.
• Regular backups for disaster recovery.

No system is 100% secure. If you find a vulnerability, report it to hello@lynko.my.

8. International transfers

We may process data in different countries depending on infrastructure providers. Where required, we use appropriate safeguards.

9. Children's privacy

lynko.my is not intended for children under 13 (or under 16 in the EU). If you believe a child created an account, contact us and we will take appropriate action.

10. Changes

We may update this policy. The “Last updated” date will change, and material changes may be announced via the dashboard and/or email.

11. Contact

For privacy questions or data requests, contact:

Response time: we aim to respond within 30 days (GDPR) or 45 days (CCPA), where applicable.