linkbuk

Privacy Policy

Last updated: April 2026

1. Data We Collect

Account data: first name, last name, email, password (bcrypt hash).

Profile data: bio, avatar, banner, slug, theme, address (optional), social links, link cards, services, products, availability.

Payment data: Stripe Account ID, Mercado Pago Access Token, Cash App Tag, Zelle info. We do not store credit card data.

Visitor data: name, email, phone (for bookings); email (for newsletter signups); order and payment data.

Usage data: profile views, link/service/product clicks, access dates.

2. Why We Process Data

  • Provide and maintain the platform
  • Process payments and transactions between parties
  • Send booking, payment and status notifications
  • Allow professionals to collect emails (newsletter)
  • Generate usage metrics (views, clicks) for professionals
  • Improve user experience
  • Comply with legal obligations

3. Legal Basis (GDPR / LGPD)

We process personal data based on:

  • Consent — when you create an account and accept the terms
  • Contractual necessity — to provide the service you signed up for
  • Legitimate interest — for analytics and product improvement
  • Legal obligation — when required by law

4. Sharing With Third Parties

We share data only with essential providers:

  • Stripe — credit card payment processing
  • Mercado Pago — payment processing (Pix, boleto, card)
  • Vercel — application hosting
  • Neon — PostgreSQL database
  • Resend — transactional email delivery
  • Upstash — rate limiting (Redis)
  • Vercel Blob — image storage

When configured, event data (bookings, payments) may be sent to webhooks set up by the professional.

5. Storage and Security

  • Data stored on secure servers (Neon, US-East)
  • Encryption in transit (HTTPS/TLS)
  • Passwords hashed with bcrypt (12 rounds)
  • JWT auth with secure secret
  • Rate limiting on sensitive endpoints
  • Input validation with Zod across all APIs
  • We do not store credit card data

6. Data Retention

We keep your data while your account is active. After account deletion, personal data is removed within 30 days, except where retention is legally required (e.g. tax obligations: 5 years). Transaction records may be kept for the legally required period.

7. Your Rights

Under GDPR, LGPD and similar regulations you have the right to:

  • Confirm whether your data is being processed
  • Access your personal data
  • Correct incomplete or outdated data
  • Request anonymization or blocking of unnecessary data
  • Request data deletion
  • Withdraw consent at any time
  • Request data portability to another service
  • Be informed about sharing with third parties

To exercise your rights, visit /compliance or email privacidade@linkbuk.com.

8. Cookies

We only use essential cookies for authentication (session token). We do not use tracking, advertising or third-party analytics cookies.

9. Minors

Linkbuk is not intended for users under 18. We do not knowingly collect data from minors. If we identify minor data, it will be deleted immediately.

10. Data Protection Officer

Data Protection Officer: privacidade@linkbuk.com

Brazilian Data Protection Authority (ANPD): www.gov.br/anpd

Terms of ServiceData & ComplianceBack to home