Privacy Policy
Last updated: February 22, 2026
1. Introduction
Tolinku ("we," "us," or "our") operates the Tolinku deep linking platform, including the website at tolinku.com, the application at app.tolinku.com, our SDKs, APIs, and related services (collectively, the "Service").
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and being transparent about our data practices. Please read this policy carefully. If you do not agree with the terms of this policy, please do not access the Service.
2. Information We Collect
2.1 Account Information
When you register for a Tolinku account, we collect:
- Your name and email address
- Password (stored in hashed form only; we never store plaintext passwords)
- Company or organization name (if provided)
2.2 Payment Information
Payment processing is handled entirely by Stripe. We do not store your credit card numbers, bank account details, or other sensitive financial information on our servers. Stripe may collect and store payment information in accordance with their own privacy policy. We receive only a transaction reference, the last four digits of your card, and billing status from Stripe.
2.3 Usage Data
We automatically collect data about how the Service is used, including:
- Click events, install attributions, and page view counts for your deep links
- Device information such as operating system, browser type, and screen resolution
- IP addresses (used for geographic analytics and fraud detection)
- Timestamps and referral sources
2.4 Deep Link Data
When you create and manage deep links through the Service, we store:
- URL configurations and route definitions
- Landing page content and settings
- Banner and in-app message configurations
- A/B test variants and targeting rules
2.5 SDK Data
When end users interact with applications that integrate our SDKs, the following data may be collected:
- Device identifiers (advertising ID, vendor ID, as permitted by the device operating system)
- App events relevant to deep link attribution and referral tracking
- Referral codes and campaign parameters
If you integrate our SDK into your application, you are responsible for disclosing this data collection in your own privacy policy and obtaining any required consent from your end users.
2.6 Cookies
We use essential cookies for session management, authentication, and CSRF protection. See Section 8 for full details on our cookie practices.
2.7 Communications
When you contact us via email or through our support channels, we collect the content of your messages, your email address, and any attachments you send. We use this information solely to respond to your inquiries and improve our Service.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and maintain the Service: delivering deep linking, analytics, smart banners, and all platform features you use.
- Process billing and payments: managing subscriptions, invoicing, and usage-based billing through Stripe.
- Analytics and reporting: generating click, install, and conversion reports within your dashboard, powered by our analytics infrastructure.
- Fraud prevention and bot detection: identifying and blocking suspicious traffic, click fraud, and automated abuse of the platform.
- Customer support: responding to your requests, troubleshooting issues, and providing technical assistance.
- Service improvements: analyzing usage patterns to improve performance, reliability, and features.
- Legal compliance: meeting regulatory obligations, enforcing our terms, and protecting our rights.
4. Data Sharing
4.1 We Do Not Sell Personal Data
Tolinku does not sell, rent, or trade your personal information to third parties for marketing or advertising purposes. We never have, and we never will.
4.2 Third-Party Service Providers
We share data with trusted third-party processors who help us operate the Service. These providers are contractually bound to use your data only for the purposes we specify:
- Appwrite: database hosting and backend services for business data storage.
- Stripe: payment processing and subscription management.
- Amazon Web Services (AWS SES): transactional email delivery (account notifications, password resets).
- ClickHouse: analytics data processing and storage.
- MaxMind: IP-to-geographic-location mapping for analytics (GeoLite2 database).
4.3 Legal Requirements
We may disclose your information if required to do so by law, or in response to valid requests by public authorities (for example, a court order, subpoena, or government agency request).
4.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your information becomes subject to a different privacy policy.
5. Data Retention
- Account data: retained for as long as your account is active. Upon account deletion request, your data will be removed within 30 days.
- Analytics data: retained according to your subscription tier. Free plans retain 7 days of analytics. Standard plans retain 180 days (6 months). Growth plans retain 365 days (1 year). Scale and Enterprise plans retain up to 730 days (2 years).
- Billing records: retained as required by applicable tax and accounting laws (typically 7 years).
- Deleted data: when you request data deletion, all personal data is purged from our active systems within 30 days. Backups are purged on their regular rotation cycle.
6. Your Rights (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:
- Right to access: you may request a copy of the personal data we hold about you.
- Right to rectification: you may request that we correct inaccurate or incomplete data.
- Right to erasure: you may request that we delete your personal data (subject to legal retention requirements).
- Right to restrict processing: you may request that we limit how we use your data.
- Right to data portability: you may request your data in a structured, commonly used, machine-readable format.
- Right to object: you may object to our processing of your data in certain circumstances.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. If we need additional time, we will inform you of the reason and the expected timeframe.
7. Your Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act grants you the following rights:
- Right to know: you may request details about the categories and specific pieces of personal information we have collected about you.
- Right to delete: you may request that we delete the personal information we have collected from you.
- Right to opt-out of sale: we do not sell personal information, so this right is satisfied by default.
- Right to non-discrimination: we will not discriminate against you for exercising any of your CCPA rights.
To exercise these rights, please contact us at [email protected]. We will verify your identity before fulfilling your request and respond within 45 days as required by law.
9. International Data Transfers
Tolinku is based in the United States, and your data may be processed on servers located in the United States or other countries where our service providers operate.
If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. Where required by applicable law, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission.
10. Security
We take the security of your data seriously and implement appropriate technical and organizational measures, including:
- Encryption in transit: all data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
- Encryption at rest: sensitive data is encrypted at rest on our servers.
- Access controls: access to personal data is restricted to authorized personnel on a need-to-know basis.
- Regular security reviews: we conduct periodic security assessments and vulnerability testing.
- Incident response: we maintain an incident response plan and will notify affected users of any data breach as required by applicable law.
While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
11. Children's Privacy
The Service is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at [email protected], and we will take steps to delete that information.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (using the address associated with your account) and update the "Last updated" date at the top of this page.
Your continued use of the Service after any changes to this policy constitutes your acceptance of the updated terms. We encourage you to review this policy periodically.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: [email protected]
- Website: tolinku.com/contact
We will make every effort to respond to your inquiry within 30 days.