Privacy Policy
Last updated: 26 April 2026
1. Overview
BERTlinker ("we", "us", "our") respects your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.
2. Data We Collect
Data you provide
- Crawl files: CSV files you upload containing URLs, page titles, headings, and other crawl metadata from your website.
- Email address: If you create an account via magic link sign-in, or if you opt in to receive a notification when your results are ready.
Data collected automatically
- Browser fingerprint: A hash derived from your user agent and IP address, used solely for free tier rate limiting. This is not a tracking identifier.
- IP address: Used for rate limiting and abuse prevention. Not stored long-term.
- Cookies: We use a single essential session cookie (
session_token) for authentication. We do not use analytics, advertising, or tracking cookies.
3. How We Use Your Data
- Crawl files are processed solely to generate internal linking recommendations. They are not read by humans, shared with third parties, or used for model training.
- Email addresses are used for account authentication (magic link sign-in) and transactional emails (job completion notifications, payment receipts). If you separately opt in via the "Send me occasional product updates" checkbox, we may also send infrequent marketing emails about new features. You can unsubscribe from marketing emails at any time via the one-click link in each email.
- Browser fingerprints are used only to enforce free tier limits (3 runs per day, 1 domain per day).
4. Data Retention
| Data | Retention |
|---|---|
| Uploaded crawl files | Deleted immediately after processing |
| Job results (recommendations, heatmaps) | 30 days (Free), 30 days (Small/Medium/Large), or 90 days (Extra Large) from completion, then deleted |
| Account email address | Until account deletion |
| Job notification email (non-account) | Deleted when the job expires |
| Marketing subscriber email | Until unsubscribe or deletion request |
| Payment records | As required by tax/accounting law |
| Browser fingerprints | 24 hours (rolling window for rate limiting) |
5. Third-Party Services
We use the following third-party services:
- Stripe for payment processing. Stripe handles all card details directly; we never see or store your card number. See Stripe's Privacy Policy.
- Resend for transactional email delivery. See Resend's Privacy Policy.
- Hetzner for server hosting (EU/Germany). See Hetzner's Privacy Policy.
We do not use Google Analytics, Facebook Pixel, or any advertising trackers.
6. Cookies
We use only essential cookies required for the Service to function:
| Cookie | Purpose | Duration |
|---|---|---|
session_token |
Account authentication | 30 days |
fp |
Browser fingerprint for rate limiting | Session |
Because we only use essential cookies, no cookie consent banner is required under GDPR/ePrivacy.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Request correction or deletion of your data.
- Export your data in a portable format.
- Object to or restrict processing of your data.
- Withdraw consent for marketing emails at any time by clicking the unsubscribe link in any email, or by contacting us.
To exercise any of these rights, contact us. We will respond within 30 days.
8. Data Security
We protect your data with:
- HTTPS encryption for all data in transit (enforced by Caddy reverse proxy).
- Encrypted storage on Hetzner's infrastructure.
- Parameterized SQL queries to prevent injection attacks.
- Automatic file deletion after processing.
9. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page. Continued use of the Service constitutes acceptance of the updated policy.
11. Contact
For privacy-related questions or requests, contact us.