Privacy Policy

Last updated: December 11, 2025

1. Introduction

Monlink ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our link management service. Please read this policy carefully. If you do not agree with the terms of this privacy policy, please do not access the service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address - Required for account creation and authentication
  • Username - Your unique identifier on the platform
  • Display name - Optional public name shown on your profile
  • Bio - Optional description for your link-in-bio page
  • Avatar URL - Optional profile picture
  • Social media links - Optional links to your social profiles
  • Password - Encrypted and stored securely by Supabase Auth

2.2 OAuth Authentication

When you sign in with Google or GitHub, we receive basic profile information (name, email, profile picture) from these providers. We do not have access to your passwords for these services.

2.3 Link Data

When you create shortened links, we collect:

  • Original destination URLs
  • Custom short IDs or auto-generated identifiers
  • Link titles and descriptions
  • Tags and categories
  • Visibility settings (public/private)
  • Creation and modification timestamps

2.4 Analytics Data

When someone clicks on your shortened links, we automatically collect:

  • Timestamp - When the link was clicked
  • Referrer - Where the click came from (if available)
  • Device type - Desktop, mobile, tablet, bot
  • Country - General geographic location (country-level only, derived from IP address)
  • User agent - Browser and operating system information

Important: We do NOT collect or store IP addresses. Geographic data is derived transiently and only the country-level information is stored. We do not track individuals across clicks.

2.5 Usage Data

We may collect information about how you interact with the Service, including pages viewed, features used, and time spent on the platform. This helps us improve the Service.

2.6 Cookies and Tracking

We use session cookies to keep you logged in. We do not use third-party advertising cookies or cross-site tracking. Supabase (our authentication provider) may set cookies for authentication purposes.

3. How We Use Your Information

We use the collected information to:

  • Provide, operate, and maintain the Service
  • Create and manage your account
  • Process your link shortening and bio page requests
  • Provide analytics and insights on your links
  • Communicate with you about the Service (updates, security alerts)
  • Detect and prevent fraud, abuse, and security incidents
  • Improve and optimize the Service based on usage patterns
  • Comply with legal obligations

4. AI-Powered Features

Monlink offers optional AI features (title suggestions, tag generation) powered by OpenAI's GPT models. When you use these features:

  • Your destination URLs and titles may be sent to OpenAI's API for processing
  • OpenAI processes this data according to their Privacy Policy and API Data Usage Policies
  • As of March 1, 2023, OpenAI does not use API data to train their models
  • AI features are entirely optional - you can use Monlink without them

5. Information Sharing and Disclosure

We do NOT sell your personal information to third parties. We may share information in the following circumstances:

5.1 Public Information

Your username, display name, bio, avatar, social links, and public links are visible to anyone visiting your link-in-bio page at https://monlink.me/[username]. This is by design to enable the link-in-bio functionality.

5.2 Service Providers

We use the following third-party services:

  • Supabase - Database and authentication (hosted in US/EU regions)
  • Netlify - Application hosting and edge functions
  • OpenAI - Optional AI features (title/tag generation)
  • Sentry (if configured) - Error monitoring and debugging

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Security

We implement industry-standard security measures to protect your information:

  • All data transmitted over HTTPS (TLS encryption)
  • Passwords encrypted using bcrypt via Supabase Auth
  • Row-Level Security (RLS) policies on database tables
  • Rate limiting to prevent abuse
  • Regular security updates and monitoring

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your account information and link data for as long as your account is active or as needed to provide the Service. Analytics data is retained indefinitely to provide historical insights. If you delete your account, we will delete your account information and links within 30 days, though analytics data may be retained in anonymized form.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 Access and Portability

You can access and download your data through the dashboard. We will implement a formal data export feature in the future.

8.2 Correction

You can update your profile information, links, and settings at any time through the dashboard.

8.3 Deletion

You can delete your account through the profile settings. This will remove all your personal information and links. Analytics data may be retained in anonymized form for statistical purposes.

8.4 Object to Processing

You can opt out of optional features like AI suggestions by simply not using them. Analytics tracking is essential to the Service and cannot be disabled.

8.5 GDPR Rights (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR, including the right to lodge a complaint with a supervisory authority.

8.6 CCPA Rights (California Users)

California residents have the right to request disclosure of data collection and sharing practices. We do not sell personal information as defined by CCPA.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Our infrastructure providers (Supabase, Netlify) operate in multiple regions. We ensure appropriate safeguards are in place for international data transfers in accordance with applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page and, for significant changes, may provide additional notice (such as an email notification). Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us through:

  • The GitHub repository (see README for link)
  • Email (if provided in the application)

Beta Notice

Monlink is currently in beta. Our privacy practices may evolve as we add features and scale the service. We will update this policy accordingly and notify users of significant changes. Thank you for being an early adopter!

Terms of ServiceHome

© 2025 Monlink. All rights reserved.